Winning the war on data breaches in a changing data landscape
1. Body Level One
• Body Level Two
• Body Level Three
• Body Level Four
• Body Level Five
powered by
Winning the War on Data Breaches in a Changing Data Landscape
Avinash Ramineni
Lenin Aboagye
4. App Developer Magazine reports that more data was created in 2017 than in the previous
5,000 years of humanity, and Gartner estimates that nearly 80 percent of this data is
unstructured, meaning it lives in formats like PDFs, images and videos. The process of
managing, structuring and deriving value from this growing cache of information is
challenging, time-consuming and expensive — if it happens at all
Increase in DATA Breaches01
5. Data is being generated and
processed in multiple ways and being
stored in multiple places
Keeping track of Data has almost
become impossible
WHERE, AND
WHO?
01
CODE
DATA
SMS
DOB
Email
Credit
Card
LOG
Chat
Reports
Documents
DATA is Harder to Track Now
LOG
6. Location of Sensitive Data Storage
Keeps Changing
Today?
Tomorrow?
01
CODE
DATA
SMS
DOB
Email
Credit Card
LOG
Chat
Reports
Documents
SENSITIVE DATA LOCATION
LOG
7. TodayLegacy
CHANGING DATA LANDSCAPE
90% Structured Data 80% Unstructured Data
Structured
Unstructured
Unstructured
MB GB
Volume
Deployment: On-Premise
TB PB
Volume
Deployment: On-Premise, Cloud
(Sass, PaaS, laaS)
Megabytes Gigabytes Terabytes Petabytes
Structured
10% Unstructured Data 20% Structured Data
01
8. Knowledge of sensitive data storage is
tribal - not institutional.
THE WHY | DATA SECURITY02
9. Threat centric security that relies
on network, app, server controls
can no longer be sufficient to
mitigate the exploding data
landscape
You cannot protect what you cannot see
02 PARADIGM SHIFT | Data Security
DATA CENTRIC
SECURITY IS REQUIRED
10. ● Current security tools are still focused on solving legacy
data security problems
● Fewer security people have the experience to secure the
current unstructured data landscape
● Most security people are not involved in their
organization’s big data security initiatives
● Industry lagging behind controls for modern security
landscape
Legacy tools not built to address modern data challenges
DATA CENTRIC SECURITY GAPS02
11. MONITOR
Continuously monitor data sources, and
alert in case of policy violations.
DISCOVER
Build a Sensitive Data Catalog by scanning
enterprise data sources for sensitive data
stored in text, images.
SECURE
Secure sensitive data as data gets ingested,
using techniques like Masking, Encryption,
Tokenization of data
02 DATA CENTRIC SECURITY
Data-centric security is an approach
to security that emphasizes the security
of the data itself rather than the
security of networks, servers, or
applications
12. RDBMS
HADOOP
NOSQL
CLOUD/S3
Chat Logs Emails ImagesStructured
Data
Unstructured
Data
TEXT
Connects to Hadoop, S3, NoSql, RDBMS
Supports file formats like parquet, avro, json, csv, and more
Scans both text and images
THE HOW | DISCOVER0303
13. Discover and build Sensitive Data
Catalog
THE HOW | DISCOVER
Leverage pattern matching, checksums,
advanced NLP, context, lineage, data
dictionary, and manual flagging
Classifiers for a wide variety of sensitive data like
credit card numbers, SSNs, and more
User defined classifiers to identify sensitive data
unique to your organization
Incremental scanning with minimal load on
source systems
03
Co-occurrence analysis and bloom filters
Classifiers for Biometric Identifiers - fingerprints,
facial images
Identifying Sensitive Data in scanned
documents
02
14. Secure data as it is createdProtect data using
Masking, Redaction,
Encryption, Tokenization
Leverage Sensitive
Data Catalog
Protect
THE HOW | SECURE0302
15. Sensitive Data Catalog
Alerts for sensitive data volume and location using Anomaly Detection
Monitoring for policy violations and data governance support.
Data Security | Monitoring03
User Activity Monitoring
Continuous monitoring of sensitive data
Suspicious Activity Monitoring
02