Insurance companies of all sizes are challenged to keep up with emerging technologies that deliver a competitive advantage. Recording: https://www.brighttalk.com/webcast/9573/192877
Big data holds the key to greater customer insight and stronger customer relationships. But risk of sensitive data exposure — and compliance violations — keeps many insurers from pursuing big data initiatives and reaping the rewards of business-driven analytics. Join Dataguise and Hortonworks for this live webinar to learn how you can free your organization from traditional information security constraints and unlock the power of your most valuable business assets.
• What do you need to know about PII/PHI privacy before embarking on big data initiatives?
• Why do so many big data initiatives fail before they’ve even begun—and what can you do about it?
• How can IT security organizations help data scientists extract more business value from their data?
• How are leading insurance companies leveraging big data to gain competitive advantage?
16. PHI: Guidance for Data De-Identification
Sensitive/Privacy Data
16
• Name
• Address
• Dates – Birth, Death, ..
• Telephone Numbers
• Device Identifiers and serial numbers
• Email addresses
• SSN
• Medical record numbers
• Account Numbers
…..
17. Secure Environment
Perimeter Security, Volume/File encryption
17
• I have strong perimeter security
Physical Security, Firewall, IDS/IPS…
Isn’t that enough?
• I
have
turned
on
volume/file-‐level
encryp>on
Control
data
access
Mee>ng
regulatory
compliance
Isn’t
this
enough?
Need
BOTH
and
*more!
18. What Should We Do?
18
1. Precisely locate sensitive content across ALL repositories
2. Protect those assets appropriately – masking, encryption
3. Open up ‘controlled’ access to data now that sensitive elements are
protected
4. Enable employees, trusted partners and customers to make data-driven
decisions
RISKS
BREACH
SECURITY
COMPLIANCE
VALUE
REVENUE
DATA
DRIVEN
DECISIONS
BUSINESS
INTELLIGENCE
At the cell-level…
20. Complex Sensitive Data Discovery
20
Sensitive Data Type Sample Data
Address 50920 April Blvd. Apt. 181, Lalana ME 83271
1000 Coney Island Ave. Brooklyn NY 11230
Name George Smith
Smith, A. George
Credit Card Number 3710 664089 10315
345039502030507
3780-331072-30547
Telephone Number (510) 824-1036
510-824-1036
510.814.1036
5108141036
21. Sensitive Data Protection
Masking & Encryption in Hadoop
21
• MASKING
– Obfuscation, one-way operation
– Multiple options in DgSecure – fictitious but realistic values, X’ing out part of the
content….
– Consistent masking to retain statistical distribution of data
• ENCRYPTION
– Encrypted cell/row
– Accessible by authorized users only – Hive, bulk, via App
– Granular protection
• REDACTION
– X’ing out entire sensitive data cell
– Nullifying
29. Encryption or Masking in Hadoop
Analy3c
Transac3onal
Trading
System
Perf.
Customer
reten3on
Payments
Risk
Mgmt.
IT
Security
Intelligence
IP
Addresses
Name
Personal
Health
Info
Credit
Card
Number
Dynamic
pricing
Process
efficiency
Log
analysis
Insurance
Premiums
Clinical
trial
analysis
Smart
metering
Risk
Modeling
Supply
chain
op3miza3on
Brand
sen3ment
Real-‐3me
upsell
Monitoring
Sensors
Social
Security
Number
Date
of
Birth
(DOB)
IP
Address
URL
Email
Address
Telephone
Number
Credit
limit
Purchase
amount
Customer
life3me
value
Address
Device
ID
Transac3on
Date
VIN
Person
of
Interest
Discovery
Session
Op3miza3on
30. Encryption or Masking in Hadoop
Analy3c
Transac3onal
Trading
System
Perf.
Customer
reten3on
Payments
Risk
Mgmt.
IT
Security
Intelligence
Medical
test
results
Name
Personal
Health
Info
Credit
Card
Number
Dynamic
pricing
Process
efficiency
Log
analysis
Insurance
Premiums
Clinical
trial
analysis
Smart
metering
Risk
Modeling
Supply
chain
op3miza3on
Brand
sen3ment
Real-‐3me
upsell
Monitoring
Sensors
Social
Security
Number
Date
of
Birth
(DOB)
IP
Address
URL
Email
Address
Telephone
Number
Credit
limit
Purchase
amount
Customer
life3me
value
Address
Mask
Encrypt
Device
ID
Transac3on
Date
VIN
Person
of
Interest
Discovery
Session
Op3miza3on
31. Encryption or Masking in Hadoop
Analy3c
Transac3onal
Trading
System
Perf.
Customer
reten3on
Payments
Risk
Mgmt.
IT
Security
Intelligence
Biometric
IDs
Name
Personal
Health
Info
Credit
Card
Number
Dynamic
pricing
Process
efficiency
Log
analysis
Insurance
Premiums
Clinical
trial
analysis
Smart
metering
Risk
Modeling
Supply
chain
op3miza3on
Brand
sen3ment
Real-‐3me
upsell
Monitoring
Sensors
Social
Security
Number
Date
of
Birth
(DOB)
IP
Address
URL
Email
Address
Telephone
Number
Credit
limit
Purchase
amount
Customer
life3me
value
Address
Mask
Encrypt
Device
ID
Transac3on
Date
VIN
Person
of
Interest
Discovery
Session
Op3miza3on
32. Encryption or Masking in Hadoop
Analy3c
Transac3onal
Trading
System
Perf.
Customer
reten3on
Payments
Risk
Mgmt.
IT
Security
Intelligence
Dynamic
pricing
Process
efficiency
Log
analysis
Insurance
Premiums
Clinical
trial
analysis
Smart
metering
Risk
Modeling
Supply
chain
op3miza3on
Brand
sen3ment
Real-‐3me
upsell
Monitoring
Sensors
Person
of
Interest
Discovery
Session
Op3miza3on
Medical
test
results
Name
Personal
Health
Info
Credit
Card
Number
Social
Security
Number
Date
of
Birth
(DOB)
IP
Address
URL
Email
Address
Telephone
Number
Credit
limit
Purchase
amount
Customer
life3me
value
Address
Mask
Device
ID
Transac3on
Date
VIN
Number
Encrypt
33. Encryption or Masking in Hadoop
Analy3c
Transac3onal
Trading
System
Perf.
Customer
reten3on
Payments
Risk
Mgmt.
IT
Security
Intelligence
Medical
test
results
Name
Personal
Health
Info
Credit
Card
Number
Dynamic
pricing
Process
efficiency
Log
analysis
Insurance
Premiums
Clinical
trial
analysis
Smart
metering
Risk
Modeling
Supply
chain
op3miza3on
Brand
sen3ment
Real-‐3me
upsell
Monitoring
Sensors
Social
Security
Number
Date
of
Birth
(DOB)
IP
Address
URL
Email
Address
Telephone
Number
Credit
limit
Purchase
amount
Customer
life3me
value
Address
Mask
Encrypt
Device
ID
Transac3on
Date
VIN
Person
of
Interest
Discovery
Session
Op3miza3on