© 2014 IBM Corporation
Data Security in a Big Data Environment
David Valovcin
Worldwide Guardium
dvalovcin@us.ibm.com
May ...
2 © 2014 IBM Corporation
Data Breaches are in the News Every Week
A “Fear Factor” is causing some orgs to hold back on new...
3 © 2014 IBM Corporation
Target – first the CIO, now the CEO fired
4 © 2014 IBM Corporation
Data Breaches Happen Close to Home
5 © 2014 IBM Corporation
Not Only For Financial Gain
6 © 2014 IBM Corporationhttp://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.p...
7 © 2014 IBM Corporation
Can	
  you	
  prove	
  that	
  
privileged	
  users	
  have	
  
not	
  inappropriately	
  
access...
8 © 2014 IBM Corporation
Sensitive Data Is at Risk
70%
of organizations surveyed use live
customer data in non-production
...
9 © 2014 IBM Corporation
$3.5MYearly average cost of
compliance
Company Data
Security approach
Audit events/
year
Average ...
10 © 2014 IBM Corporation
A Key Driver: Maintaining Brand Reputation
• 66%of US Adults would not return to
a business if p...
11 © 2014 IBM Corporation
Big Data Toolset: what is missing?
§  Authentication
–  Interface
–  Interprocess
§  Authoriza...
12 © 2014 IBM Corporation
IBM InfoSphere Data Security and Privacy Solutions
InfoSphere Data Privacy for
Hadoop
InfoSphere...
13 © 2014 IBM Corporation
Applying IBM’s Data Security Approach to Big Data
SOURCE SYSTEMS,
DATA MARTS, SILOS	

BIG DATA
P...
14 © 2014 IBM Corporation
Where is the
sensitive data?
How to prevent
unauthorized
activities?
How to protect
sensitive da...
15 © 2014 IBM Corporation
Discovery
Classification
Identity & Access
Management
Activity
Monitoring
Blocking
Quarantine
Ma...
16 © 2014 IBM Corporation
InfoSphere
BigInsights
DATABASES
FTP
ExadataDATABASE
HANA
Optim
Archival
Siebel,
PeopleSoft,
E-B...
17 © 2014 IBM Corporation
Scalable Multi-Tier Architecture
Integration with LDAP,
IAM, SIEM, IBM TSM,
BMC Remedy, …
18 © 2014 IBM Corporation
Link to the case study
http://public.dhe.ibm.com/
common/ssi/ecm/en/
imc14573usen/
IMC14573USEN....
19 © 2014 IBM Corporation
Upcoming SlideShare
Loading in …5
×

Data security in a big data environment sweden

1,046 views

Published on

Data Security in bid data environment - Dave Valovcins

Published in: Data & Analytics, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,046
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
25
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Data security in a big data environment sweden

  1. 1. © 2014 IBM Corporation Data Security in a Big Data Environment David Valovcin Worldwide Guardium dvalovcin@us.ibm.com May 2014
  2. 2. 2 © 2014 IBM Corporation Data Breaches are in the News Every Week A “Fear Factor” is causing some orgs to hold back on new mobile, cloud, and big data initiatives Data-breach costs take toll on Target profit … its profit in the fourth quarter fell 46 percent on a revenue decline of 5.3 percent as the breach scared off customers worried about the security of their private data. Account Takeover: Bank Faces Two Suits Health Breach Tally: 30 Million Victims More than 30.6 million individuals have been affected by major healthcare data breaches since September 2009 Canadian Breach: Sorting Out the Cause Gaps in carrying out security policies led to the exposure of 583,000 records last year at Employment and Social Development Canada,totaling $1.5 million in allegedly fraudulent wires
  3. 3. 3 © 2014 IBM Corporation Target – first the CIO, now the CEO fired
  4. 4. 4 © 2014 IBM Corporation Data Breaches Happen Close to Home
  5. 5. 5 © 2014 IBM Corporation Not Only For Financial Gain
  6. 6. 6 © 2014 IBM Corporationhttp://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf?CMP=DMC-SMB_Z_ZZ_ZZ_Z_TV_N_Z038 Time span of events by percent of breaches Guardium Discovery Guardium DAM Guardium VA Guardium DAM Adv. (block/mask) Guardium Encryption Minutes To Compromise, Months To Discover & Remediate Time span of events by percent of breaches
  7. 7. 7 © 2014 IBM Corporation Can  you  prove  that   privileged  users  have   not  inappropriately   accessed  or   jeopardized  the   integrity  of  your   sensi7ve  Big  Data?  
  8. 8. 8 © 2014 IBM Corporation Sensitive Data Is at Risk 70% of organizations surveyed use live customer data in non-production environments (testing, Q/A, development) Database Trends and Applications. Ensuring Protection for Sensitive Test Data The Ponemon Institute. The Insecurity of Test Data: The Unseen Crisis 52% of surveyed organizations outsource development 50% of organizations surveyed have no way of knowing if data used in test was compromised The Ponemon Institute. The Insecurity of Test Data: The Unseen Crisis $188 per record cost of a data breach The Ponemon Institute. 2013 Cost of Data Beach Study $5.4M Average cost of a data breach $3M cost of losing customer loyalty (lost business) following a data breach The True Cost of Compliance, The Cost of a Data Breach, Ponemon Institute, 2011 The Ponemon Institute. 2013 Cost of Data Beach Study 62% of organizations surveyed are not tracking their privileged users IBM CISO SUrvey 2012 Data Breach Report from Verizon Business RISK Team 90+% Breaches go after data in servers
  9. 9. 9 © 2014 IBM Corporation $3.5MYearly average cost of compliance Company Data Security approach Audit events/ year Average cost/ audit Data loss events/year Average cost/ data loss Total cost (adjusted per TB) w/o data security 6.3 $24K 2.3 $130K $449K/TB w/ data security 1.7 1.4 $223K/TB Annual Cost of not implementing data security $226K/TB Total annual cost of doing nothing in BIG DATA compliance: (for average Big Data organization with 180 TB of business data) $40+ M Source: Aberdeen Group. Why Information Governance Must be Addressed Right Now. 2012 Doing Nothing Is Expensive Source: The True Cost of Compliance, The Cost of a Data Breach, Ponemon Institute, 2011 $5.4MAverage cost of a data breach
  10. 10. 10 © 2014 IBM Corporation A Key Driver: Maintaining Brand Reputation • 66%of US Adults would not return to a business if personal data was stolen • 76%of Survey respondents indicated that a data breach had a moderate to significant impact on their business • $184M - $330Mbrand value lost each victim of a data breach
  11. 11. 11 © 2014 IBM Corporation Big Data Toolset: what is missing? §  Authentication –  Interface –  Interprocess §  Authorization –  Coarse –  Fine grained –  Role based §  Encryption –  Interprocess –  At-rest –  Real-time §  Privacy protection –  At rest –  Real-time §  Auditing §  Monitoring §  Governance –  Discovery –  Entitlements
  12. 12. 12 © 2014 IBM Corporation IBM InfoSphere Data Security and Privacy Solutions InfoSphere Data Privacy for Hadoop InfoSphere Data Privacy and Security for Data Warehousing Exadata InfoSphere Data Security and Privacy Define and Share Discover and Classify Mask and Redact Monitor Data Activity Purpose-Built Capabilities • Secure and Protect Sensitive big data • Extend Compliance Controls • Promote Information Sharing • Employ across diverse environments • Achieve and enforce compliance • Secure and Protect sensitive data in data warehouses • Reduce costs of attaining enterprise security
  13. 13. 13 © 2014 IBM Corporation Applying IBM’s Data Security Approach to Big Data SOURCE SYSTEMS, DATA MARTS, SILOS BIG DATA PLATFORM USER ACCESS REQUESTS 3) Mitigating Risks with Data Protection 1) Understanding the Risks 2) Uncovering the Exposure 4) Maintaining a Tolerant Risk Level 5) Expansion to the Enterprise 1 2 3 4 5
  14. 14. 14 © 2014 IBM Corporation Where is the sensitive data? How to prevent unauthorized activities? How to protect sensitive data to reduce risk? How to secure the repository? Discovery Classification Identity & Access Management Activity Monitoring Blocking Quarantine Masking/ EncryptionAssessment Who should have access? What is actually happening? Discover   Harden   Mask   Monitor   Block   Security     Policies   Dormant     En9tlements   Dormant  Data   Compliance  Repor9ng   &   Security  Alerts   Data  Protec9on   &   Enforcement   Key Questions . . .
  15. 15. 15 © 2014 IBM Corporation Discovery Classification Identity & Access Management Activity Monitoring Blocking Quarantine Masking/ EncryptionAssessment Discover   Harden   Mask   Monitor   Block   Guardium VA ü Assessment  reports   ü Subscrip7on   ü Configura7on  Changes   ü En7tlement  Repor7ng   Guardium Standard   ü   Discovery  &    Classifica7on   ü   Queries  &  Reports   ü   Compliance  Workflow   ü   Group  Management   ü   Integra7ons   ü   Incident  Management   ü   Self  Monitoring   Guardium Data Redaction ü   Redact  sensi7ve  documents   Optim Data Privacy ü   Mask  sensi7ve  data   in  test,  publishing  in   databases  and  Big  Data   environments   Guardium DAM ü Ac7vity  Monitoring   ü Real-­‐7me  alerts   ü Compliance  Repor7ng   ü   Blocking   ü   Dynamic  Masking   ü   Users  Quaran7ne     ü Federate  large  deployment   ü Central  control   ü Central  audit  collec7on   Guardium Data Encryption ü File-­‐level  encryp7on   ü Policy-­‐based  Access   control   IBM Can Help With the Answers Guardium DAM ü Ac7vity  Monitoring   ü Real-­‐7me  alerts   ü Compliance  Repor7ng   ü   Blocking   ü   Dynamic  Masking   ü   Users  Quaran7ne     ü Federate  large  deployment   ü Central  control   ü Central  audit  collec7on   InfoSphere Data Privacy and Security for Hadoop
  16. 16. 16 © 2014 IBM Corporation InfoSphere BigInsights DATABASES FTP ExadataDATABASE HANA Optim Archival Siebel, PeopleSoft, E-Business Master Data Management Data Stage CIC S One Technology to Control it All DAM Encryption Masking VA Redaction 1 6
  17. 17. 17 © 2014 IBM Corporation Scalable Multi-Tier Architecture Integration with LDAP, IAM, SIEM, IBM TSM, BMC Remedy, …
  18. 18. 18 © 2014 IBM Corporation Link to the case study http://public.dhe.ibm.com/ common/ssi/ecm/en/ imc14573usen/ IMC14573USEN.PDF A Private Bank in the UAE automates security compliance reporting in a big data environment Need •  The bank processes several terabytes of data daily and required a solution which addressed the new security risks evolving around the world, especially with respect to protecting big data environments. Benefits •  Achieves ROI in 8 months •  A scalable security monitoring solution that supports diverse database environment and does not impact application performance •  The time required to produce audit and compliance reports has gone from two months to near real-time
  19. 19. 19 © 2014 IBM Corporation

×