08448380779 Call Girls In Civil Lines Women Seeking Men
Isc(2) eastbay-lenin aboagye
1. Title Text
Body Level One
• Body Level Two
• Body Level Three
• Body Level Four
• Body Level Five
Big Data : The Forgotten Security Landmine
By:
Lenin Aboagye, Security Executive
lenin@kogni.io
3. Traditionally Data has been stored in File systems, Databases, Network Shares, Emails etc..
Most of the Data generated was structured data and stored in Databases
01
Where did we start from - and fast forward to today?
Today , App Developer Magazine reports that more data was created in 2017 than in the
previous 5,000 years of humanity, and Gartner estimates that nearly 80 percent of this data is
unstructured, meaning it lives in formats like PDFs, images and videos. The process of
managing, structuring and deriving value from this growing cache of information is challenging,
time-consuming and expensive — if it happens at all
4. • Paperless: Every organization is going Digital..
Grocery Chains, Digital Notary, Digital Banking,
Digital Lending Processes(scanning everything),
Esign(DocuSign)
• Ease of Content Creation : Social Media, Business
Apps
• Mobile Capture : Every second we capture and
send Data
• IOT: Connected anywhere and
everywhere(Thermostat, TV, Cars, Planes, Product
tracking etc..), Data Center Sensors
01
How and where is this Data coming from?
Media
Web
Cloud
IOT
Databases
6. • Rapidly adopted technology, Capability
before Security
• Multiple sources of data, different Varieties
of data, Volume, Velocity
• No one really knows what data is being put
into big data lakes
• Security Governance Gaps..bulk of your
data is no longer in your databases
• There are not many security Data Scientist
and Data Scientist do not want to deal with
security
01 Why Important for business but security Forgotten?
Source: CA Study on big data
8. • No Natively Defined Security:
Encryption, Policy Management,
Compliance & Risk Management
• Anonymity and Privacy: User
identity, behaviors etc..
• Varied and Complex:
Data structure: Structured, Semi-
Structured and Unstructured Data
Sources: Server data, email data,
cloud apps and mobile device data
Data consumers: High-level
executive, B2B, B2C
01
What is the GAP and how do we bridge it?
• Goldmine for PII
Reams of data all flowing into
centralized system
• Few security people have big data
experience
• Data Brokers-e.g Cambridge
Analytica
• Current Security Solutions simply do
not work..DLP, Data Activity
Monitoring Tools, Database
Encryption
• Lack of products on market
10. • Extend best practices in structured Data to Big Data
• Know your Data: Data Discovery, Data Cataloging, reduce number of sensitive data locations
• Protect your Data: Encryption, Redaction, Tokenization, Authorization
• Monitor, Monitor, Monitor
• Watch out for Anomalies, User and System activity monitoring, Policy violations and build
predictive models with Big Data
• Build a data centric security and risk model
01 Solve the Big Data Conundrum
Databases: Traditional and modern databases(MSSQL, NOSQL)
IOT: Data from Interconnected devices
Web: Data publicly available on web, social media ,etc..
Cloud: Public, Private
Media: Images, Videos, Social Media, Audio, podcasts
Databases: Traditional and modern databases(MSSQL, NOSQL)
IOT: Data from Interconnected devices
Web: Data publicly available on web, social media ,etc..
Cloud: Public, Private
Media: Images, Videos, Social Media, Audio, podcasts
https://www.privacyrights.org/data-breaches?title=&taxonomy_vocabulary_11_tid%5B%5D=2436&taxonomy_vocabulary_11_tid%5B%5D=2434\
https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-static/
GDPR regulation is a way government is forcing the organizations to do the right thing
Very soon we will be seeing similar regulations coming up in US
Cambridge Analytica..23 million, 83 million
Databases: Traditional and modern databases(MSSQL, NOSQL)
IOT: Data from Interconnected devices
Web: Data publicly available on web, social media ,etc..
Cloud: Public, Private
Media: Images, Videos, Social Media, Audio, podcasts
there is no insitituinal kbowkedge of what data is stored in a datastore…equifax and scotttrade breach example…
you do not not where your sensitive data is stored [notes, image, chat text, app logs]
the answer keeps changing
you do not not who has access to your sensitive data [temp tables with wide-open access, text data with wide-open access]
the answer keeps changing
since the answer keeps changing
you need an alerting system, not merely a reporting system
As big data gets bigger and cloud usage increases,
governing sensitive data and managing digital risk at an enterprise level are daunting challenges.
Non-production databases are a goldmine of sensitive data and are regularly used in application development and testing.
Too many data sources [prod, dev, qa] [on-premises, cloud] [file serves, nosql, hadoop, rdbms] [image, text, csv]
can get overwhelmed by the sheer number of data sources that need to be monitored
examples
text
doctor's notes has patient's sensitive data (PHI) [Healthcare]
counselor notes has student's sensitive data (FERPA) [Education]
rep's notes has customer's credit card number (PCI) [E-Commerce and Retail]
chat text has customer's sensitive data
developer is writing SSN, credit card, to a log file. How do you know he is not?
a temporary table containing sensitive data gets created [dev forgets to delete it] [wide-open access]