비용절감 및 클라우드를 통한 각종 효율성을 위해 기존의 인프라에서 구축된 데이터베이스들이 클라우드 환경으로 이관되거나 신규 구축될 때, 데이터베이스 보안 구축도 기존 고객이 직접 운영하는 인프라가 아닌 클라우드 서비스 사업자의 인프라로 이관되며 이에 따른 인프라 환경의 변화와 침해 사고 시 발생할 수 있는 책임소재의 분쟁, 법규의 변화 등 고민할 부분이 많아지게 된다. 따라서, 클라우드 환경에서의 데이터베이스 보안 구축은 클라우드로 데이터를 이관하기 전, 이관하는 단계 그리고 이관 이후에 데이터를 어떻게 보호할 것인가를 다양한 기술적인 측면으로 살펴볼 필요가 있다.
Microsoft® SQL Azure™ Database is a cloud-based relational database service built for Windows® Azure platform. It provides a highly available, scalable, multi-tenant database service hosted by Microsoft in the cloud. SQL Azure Database enables easy provisioning and deployment of multiple databases. Developers do not have to install, setup, patch or manage any software. High Availability and fault tolerance is built-in and no physical administration is required. SQL Azure supports Transact-SQL (T-SQL). Customers can leverage existing tools and knowledge in T-SQL based familiar relational
data model for building applications.
How Financial Institutions Are Leveraging Data Virtualization to Overcome the...Denodo
Watch full webinar here: https://bit.ly/2KkJ08B
Financial institutions need to implement new strategies and services that will drive them securely to their digital objectives over their entire infrastructure.
- How to securely move legacy systems and data to new technologies such as the Big Data and Cloud?
- How to break down silos and ensure a global, centralized, secure and agile access to meaningful data?
- How to facilitate data sharing while applying strict and coherent governance and security rules?
- How to avoid downtime and to guarantee the success of IT initiaves while optimizing costs and resources?
- How to produce and to maintain efficient reports and financial aggregations for the holdings and CxO managers?
We are pleased to invite you to this online session to discover how data virtualization can answer these questions and contribute to the digital transformation of financial institutions.
WHAT IS IT ABOUT?
This virtual event will be organized in two parts. First, we will conduct a conference focusing on the impact of digital transformation in the financial sector, in addition to the general concepts of Data Virtualization and how it has supported the new business goals of financial companies in terms of IT modernization, risk management, governance and security. Then, we will conduct will conduct a hands-on session with a guided live demo to help you discover the main features and benefits of Denodo Platform for Data Virtualization.
An introduction to data virtualization in business intelligenceDavid Walker
A brief description of what Data Virtualisation is and how it can be used to support business intelligence applications and development. Originally presented to the ETIS Conference in Riga, Latvia in October 2013
DMsuite Static & Dynamic Data Masking software from Axis Technology, LLC to mask your data for software testing and development. DMsuite™ profiles, provisions, masks, and audits your data to protect your PII and HIPAA information.
Best Practices: Data Virtualization Perspectives and Best PracticesDenodo
These are the slides from a presentation given by Rajeev Rangachari, Senior Technology Architect, Infosys at Fast Data Strategy Roadshow in San Francisco. Infosys were the official co sponsors of this event.
For more information about our partners Infosys, follow this link: https://goo.gl/wVy5j4
Big data insights with Red Hat JBoss Data VirtualizationKenneth Peeples
You’re hearing a lot about big data these days. And big data and the technologies that store and process it, like Hadoop, aren’t just new data silos. You might be looking to integrate big data with existing enterprise information systems to gain better understanding of your business. You want to take informed action.
During this session, we’ll demonstrate how Red Hat JBoss Data Virtualization can integrate with Hadoop through Hive and provide users easy access to data. You’ll learn how Red Hat JBoss Data Virtualization:
Can help you integrate your existing and growing data infrastructure.
Integrates big data with your existing enterprise data infrastructure.
Lets non-technical users access big data result sets.
We’ll also provide typical uses cases and examples and a demonstration of the integration of Hadoop sentiment analysis with sales data.
Microsoft® SQL Azure™ Database is a cloud-based relational database service built for Windows® Azure platform. It provides a highly available, scalable, multi-tenant database service hosted by Microsoft in the cloud. SQL Azure Database enables easy provisioning and deployment of multiple databases. Developers do not have to install, setup, patch or manage any software. High Availability and fault tolerance is built-in and no physical administration is required. SQL Azure supports Transact-SQL (T-SQL). Customers can leverage existing tools and knowledge in T-SQL based familiar relational
data model for building applications.
How Financial Institutions Are Leveraging Data Virtualization to Overcome the...Denodo
Watch full webinar here: https://bit.ly/2KkJ08B
Financial institutions need to implement new strategies and services that will drive them securely to their digital objectives over their entire infrastructure.
- How to securely move legacy systems and data to new technologies such as the Big Data and Cloud?
- How to break down silos and ensure a global, centralized, secure and agile access to meaningful data?
- How to facilitate data sharing while applying strict and coherent governance and security rules?
- How to avoid downtime and to guarantee the success of IT initiaves while optimizing costs and resources?
- How to produce and to maintain efficient reports and financial aggregations for the holdings and CxO managers?
We are pleased to invite you to this online session to discover how data virtualization can answer these questions and contribute to the digital transformation of financial institutions.
WHAT IS IT ABOUT?
This virtual event will be organized in two parts. First, we will conduct a conference focusing on the impact of digital transformation in the financial sector, in addition to the general concepts of Data Virtualization and how it has supported the new business goals of financial companies in terms of IT modernization, risk management, governance and security. Then, we will conduct will conduct a hands-on session with a guided live demo to help you discover the main features and benefits of Denodo Platform for Data Virtualization.
An introduction to data virtualization in business intelligenceDavid Walker
A brief description of what Data Virtualisation is and how it can be used to support business intelligence applications and development. Originally presented to the ETIS Conference in Riga, Latvia in October 2013
DMsuite Static & Dynamic Data Masking software from Axis Technology, LLC to mask your data for software testing and development. DMsuite™ profiles, provisions, masks, and audits your data to protect your PII and HIPAA information.
Best Practices: Data Virtualization Perspectives and Best PracticesDenodo
These are the slides from a presentation given by Rajeev Rangachari, Senior Technology Architect, Infosys at Fast Data Strategy Roadshow in San Francisco. Infosys were the official co sponsors of this event.
For more information about our partners Infosys, follow this link: https://goo.gl/wVy5j4
Big data insights with Red Hat JBoss Data VirtualizationKenneth Peeples
You’re hearing a lot about big data these days. And big data and the technologies that store and process it, like Hadoop, aren’t just new data silos. You might be looking to integrate big data with existing enterprise information systems to gain better understanding of your business. You want to take informed action.
During this session, we’ll demonstrate how Red Hat JBoss Data Virtualization can integrate with Hadoop through Hive and provide users easy access to data. You’ll learn how Red Hat JBoss Data Virtualization:
Can help you integrate your existing and growing data infrastructure.
Integrates big data with your existing enterprise data infrastructure.
Lets non-technical users access big data result sets.
We’ll also provide typical uses cases and examples and a demonstration of the integration of Hadoop sentiment analysis with sales data.
GDPR regulations will affect the way your organization collects and manages customer data in Europe. This will require changes to your business processes along with IT applications and infrastructure updates. In the webinar, 5 Ways to Make Your Postgres GDPR-Ready, you'll discover what you need to do to prepare your Postgres databases for GDPR including:
- An overview of GDPR and its detailed requirements
- Strategies for preparing your Postgres databases for compliance
- Examples of relevant Postgres capabilities, code changes, process modifications, and third-party tools
- Where to turn for the expertise and support you need to succeed
View Now at: https://attendee.gotowebinar.com/register/3457814923722973699
Denodo DataFest 2016: What’s New in Denodo Platform – Demo and RoadmapDenodo
Watch the full session: Denodo DataFest 2016 sessions: https://goo.gl/ptGwp7
Curious about product roadmap? In this session, we will review some of the new key features introduced this year in the Denodo Platform in areas such as performance, self-service, security and monitoring. We will also take a sneak peek at the most exciting features in the roadmap for Denodo 7.0.
In this session, you will learn:
• New performance-related features in big data scenarios
• New governance and self-service features
• New connectivity, data transformation, and enterprise-wide deployment features
This session is part of the Denodo DataFest 2016 event. You can also watch more Denodo DataFest sessions on demand here: https://goo.gl/VXb6M6
Watch full webinar here: https://bit.ly/2SaBj5l
You will often hear that "data is the new gold". In this context, data management is one of the areas that has received more attention by the software community in recent years. From Artificial Intelligence and Machine Learning to new ways to store and process data, the landscape for data management is in constant evolution. From the privileged perspective of an enterprise middleware platform, we at Denodo have the advantage of seeing many of these changes happen.
In this webinar we will discuss the technology trends that will drive the enterprise data strategies in the years to come. Don't miss it if you want to keep yourself informed about how to convert your data to strategic assets in order to complete the data-driven transformation in your company.
Join us for an exciting session that will cover:
- The most interesting trends in data management
- How to build a logical data fabric architecture?
- How to manage your data integration strategy in the new hybrid world?
- Our predictions on how those trends will change the data management world
- How can companies monetize the data through data-as-a-service infrastructure?
- What is the role of the voice computing in the future of data analytics?
Gdpr ccpa automated compliance - spark java application features and functi...Steven Meister
GDPR – CCPA Automated Technology, 16 Page PowerPoint with Features, Functions, Architecture and our reasons for choosing them. Be on your way to compliance with Technology created with compliance as its goal. Expect to add years of development without technology built specifically for compliances, such as GDPR, CCPA, HIPAA and others.
After scrolling through this PowerPoint you will realize just what is required and be able to better estimate the efforts it will take for your company to meet these regulatory requirements with technology and then without technology.
Spend just 5-10 minutes that might save your company, and your Customers, all the negative ramifications of the inevitable 2 breaches a year a company can expect to suffer.
This PowerPoint covers the critical aspects and needs that are present in any project designed to meet regulatory requirements for GDPR, CCPA and many others.
Complete Channel of Videos on BigDataRevealed
https://www.youtube.com/watch?v=3rLcQF5Wsgc&list=UU3F-qrvOIOwDj4ZKBMmoTWA
847-440-4439
#CCPA #GDPR #Big Data #Data Compliance #PII #Facebook #Hadoop #AWS #Spark #IoT #California
Reconciling your Enterprise Data Warehouse to Source SystemsMethod360
Implementing and an enterprise BI system is a significant organization investment. Too many times the expected benefit of that investment isn’t realized due to inconsistent data between the organization’s operational and BI systems.
This webcast will explain several options to enable your organization to leverage its investment by providing options to reconcile the data from source operational systems to BI.
Big Data: SQL query federation for Hadoop and RDBMS dataCynthia Saracco
Explore query federation capabilities in IBM Big SQL, which enables programmers to transparently join Hadoop data with relational database management (RDBMS) data.
Knowing me, knowing you, knowing your diseaseeHealth Forum
Knowing me, knowing you, knowing your disease: A new paradigm in healthcare privacy-preserving data sharing and big data analytics . Speaker: Omiros Metaxas, Senior Researcher at ATHENA RIC & University of Athens
Percona Live Europe 2018: What's New in MySQL 8.0 SecurityGeorgi Kodinov
In this session get an overview of all the new security features in MySQL 8.0 and how they fit together to answer the modern security challenges. MySQL 8 takes a new step in tightening the security of MySQL installations and provides new and flexible tools including a brand new default authentication method, SQL roles, enhancements in transparent disk encryption, and modern password controls on password reuse, complexity, and brute force password guessing.
[2016 데이터 그랜드 컨퍼런스] 6 2(전략,솔루션). 큐브리드 오픈소스 dbms의 클라우드 구축 사례-발표자료K data
국내 클라우드 시장 현황은 공공에 의해서 선도되고 있으며 행정자치부의 G클라우드, 서울특별시의 IT Complex센터가 대표적입니다. 민간은 KT, LG, SK, 아마존 웹서비스가 사업을 선도하고 있습니다. 이와 같은 사업트렌드와 오픈소스 클라우드 도입에 따른 장점, 그리고 시장 내 다양한 오픈소스SW를 소개합니다. 또한 CUBRID의 실제 민간 공공 분야 적용사례에 대해서 안내합니다.
GDPR regulations will affect the way your organization collects and manages customer data in Europe. This will require changes to your business processes along with IT applications and infrastructure updates. In the webinar, 5 Ways to Make Your Postgres GDPR-Ready, you'll discover what you need to do to prepare your Postgres databases for GDPR including:
- An overview of GDPR and its detailed requirements
- Strategies for preparing your Postgres databases for compliance
- Examples of relevant Postgres capabilities, code changes, process modifications, and third-party tools
- Where to turn for the expertise and support you need to succeed
View Now at: https://attendee.gotowebinar.com/register/3457814923722973699
Denodo DataFest 2016: What’s New in Denodo Platform – Demo and RoadmapDenodo
Watch the full session: Denodo DataFest 2016 sessions: https://goo.gl/ptGwp7
Curious about product roadmap? In this session, we will review some of the new key features introduced this year in the Denodo Platform in areas such as performance, self-service, security and monitoring. We will also take a sneak peek at the most exciting features in the roadmap for Denodo 7.0.
In this session, you will learn:
• New performance-related features in big data scenarios
• New governance and self-service features
• New connectivity, data transformation, and enterprise-wide deployment features
This session is part of the Denodo DataFest 2016 event. You can also watch more Denodo DataFest sessions on demand here: https://goo.gl/VXb6M6
Watch full webinar here: https://bit.ly/2SaBj5l
You will often hear that "data is the new gold". In this context, data management is one of the areas that has received more attention by the software community in recent years. From Artificial Intelligence and Machine Learning to new ways to store and process data, the landscape for data management is in constant evolution. From the privileged perspective of an enterprise middleware platform, we at Denodo have the advantage of seeing many of these changes happen.
In this webinar we will discuss the technology trends that will drive the enterprise data strategies in the years to come. Don't miss it if you want to keep yourself informed about how to convert your data to strategic assets in order to complete the data-driven transformation in your company.
Join us for an exciting session that will cover:
- The most interesting trends in data management
- How to build a logical data fabric architecture?
- How to manage your data integration strategy in the new hybrid world?
- Our predictions on how those trends will change the data management world
- How can companies monetize the data through data-as-a-service infrastructure?
- What is the role of the voice computing in the future of data analytics?
Gdpr ccpa automated compliance - spark java application features and functi...Steven Meister
GDPR – CCPA Automated Technology, 16 Page PowerPoint with Features, Functions, Architecture and our reasons for choosing them. Be on your way to compliance with Technology created with compliance as its goal. Expect to add years of development without technology built specifically for compliances, such as GDPR, CCPA, HIPAA and others.
After scrolling through this PowerPoint you will realize just what is required and be able to better estimate the efforts it will take for your company to meet these regulatory requirements with technology and then without technology.
Spend just 5-10 minutes that might save your company, and your Customers, all the negative ramifications of the inevitable 2 breaches a year a company can expect to suffer.
This PowerPoint covers the critical aspects and needs that are present in any project designed to meet regulatory requirements for GDPR, CCPA and many others.
Complete Channel of Videos on BigDataRevealed
https://www.youtube.com/watch?v=3rLcQF5Wsgc&list=UU3F-qrvOIOwDj4ZKBMmoTWA
847-440-4439
#CCPA #GDPR #Big Data #Data Compliance #PII #Facebook #Hadoop #AWS #Spark #IoT #California
Reconciling your Enterprise Data Warehouse to Source SystemsMethod360
Implementing and an enterprise BI system is a significant organization investment. Too many times the expected benefit of that investment isn’t realized due to inconsistent data between the organization’s operational and BI systems.
This webcast will explain several options to enable your organization to leverage its investment by providing options to reconcile the data from source operational systems to BI.
Big Data: SQL query federation for Hadoop and RDBMS dataCynthia Saracco
Explore query federation capabilities in IBM Big SQL, which enables programmers to transparently join Hadoop data with relational database management (RDBMS) data.
Knowing me, knowing you, knowing your diseaseeHealth Forum
Knowing me, knowing you, knowing your disease: A new paradigm in healthcare privacy-preserving data sharing and big data analytics . Speaker: Omiros Metaxas, Senior Researcher at ATHENA RIC & University of Athens
Percona Live Europe 2018: What's New in MySQL 8.0 SecurityGeorgi Kodinov
In this session get an overview of all the new security features in MySQL 8.0 and how they fit together to answer the modern security challenges. MySQL 8 takes a new step in tightening the security of MySQL installations and provides new and flexible tools including a brand new default authentication method, SQL roles, enhancements in transparent disk encryption, and modern password controls on password reuse, complexity, and brute force password guessing.
[2016 데이터 그랜드 컨퍼런스] 6 2(전략,솔루션). 큐브리드 오픈소스 dbms의 클라우드 구축 사례-발표자료K data
국내 클라우드 시장 현황은 공공에 의해서 선도되고 있으며 행정자치부의 G클라우드, 서울특별시의 IT Complex센터가 대표적입니다. 민간은 KT, LG, SK, 아마존 웹서비스가 사업을 선도하고 있습니다. 이와 같은 사업트렌드와 오픈소스 클라우드 도입에 따른 장점, 그리고 시장 내 다양한 오픈소스SW를 소개합니다. 또한 CUBRID의 실제 민간 공공 분야 적용사례에 대해서 안내합니다.
인공지능 스타트업 마인드셋은creative AI platform을 NASA Jet Propultion Lab과 협업하여 개발하였고, 현재 두가지 상품을 시장에 출시했다. 이번 강연에서는 게임에 적용되는 핵심 인공지능 알고리즘 그리고 자연어 처리와 실제 데모를 보여줄 예정이다.
[2016 데이터 그랜드 컨퍼런스] 4 2(인공지능). 위세아이텍 머신러닝플랫폼기반의철도사고위험예측K data
우리 생활의 밀접한 교통수단인 철도는 최근 열차탈선사고가 잇따라 발생하면서 철도안전에 빨간불이 들어와 철도안전의 중요성이 대두되고 있다. 이러한 이유로 철도사고위험예측을 진행하여 철도안전관계자의 의사결정을 지원하여 철도안전에 이바지 하고자 한다.
철도사고 위험예측 프로세스는 다음과 같다. 철도사고에 대한 통계적 데이터분석을 통해 전반적인 데이터를 파악하고 신경망, Support Vector Machine과 같은 머신러닝 알고리즘을 적용하여 사고위험을 예측한다. 그리고 예측결과를 리포트로 생성하여 철도안전관계자에게 전달한다. 이처럼, 머신러닝을 활용한 방법에는 예측뿐만 아니라 추천 등 다양한 분야에 활용할 수 있으며, 이런 분야에 적용할 수 있는 머신러닝 플랫폼에 간략히 소개하고자 한다.
[2016 데이터 그랜드 컨퍼런스] 4 1(인공지능). 경희대 이경전 교수 경험과 사례를 통한 인공지능 응용 및 사업 방법론K data
Button Internet 회사 벤플은 공간에 부착된 버튼을 누르면, 누른 개인에게 합당한 맞춤형 서비스를 제공하며, 해당 공간의 사용자에게 마케팅을 하고자 하는 사업자들의 정보와 서비스를 자연스럽게 전달하는 세렌디피티 서비스를 제공한다. 또한, 새로운 문화 채널 benple G 앱을 통한 문화 장소/이벤트 추천에도 세렌디피티 추천 방법론을 활용한다. 이렇게, IoT와 O2O가 결합된 사업에서의 인공지능 기법 응용 사례를 설명하고, 경희대 소셜네트워크과학과 Serendipity Science Lab에서 진행하고 있는 딥 러닝과 기계 학습 기반 투자 앙상블 운용 시스템 연구에 대해서 소개한다. 또한, 미국인공지능학회의 혁신적 인공지능 응용상을 수상했던 Spatial Scheduling Expert System과 Construction Project Planning System의 구현 및 적용 경험을 소개함으로써, 기업이 경영관리와 신사업 창출, 그리고 고객 가치 혁신에 어떻게 AI를 응용할 수 있을지 인사이트를 제공한다.
[2016 데이터 그랜드 컨퍼런스] 1 2. bk2(티맥스) 2016데이터그랜드컨퍼런스-티맥스소프트_클라우드 시대의 데이터베이스 시스템 변...K data
기존 레거시 시스템의 가장 중요한 자산은 데이터베이스이다. 전세계적인 클라우드화에 직면해서, 우리는 가장 중요한 데이터베이스를 어떻게 클라우드에 적용해서 비용을 절감하고, 비지니스의 유연성과 발전동력이 되기 위한 방안이 필요하다. 이에 기존 데이터베이스를 클라우드화 하는데 필요한 요구사항이 무엇인지를 살펴보고, 구체적인 기술적 요구사항을 정의해 본다. 그리고 이를 해결하기 위한 관련 기술동향과 솔루션들을 소개함으로써, 기업이 데이터베이스를 클라우드화하기 위한 새로운 시각을 제공하고자 한다.
[2016 데이터 그랜드 컨퍼런스] 3 1(io t). 핸디소프트-finding benefits of iot_service by case ...K data
IoT 플랫폼(HandyPIA IoT Platform) 소개와 이를 기반으로 구축된 다양한 분야의 IoT 서비스(보일러, 스마트웨어, 자전거 분실방지, 스마트 오피스) 사례를 소개하며, 각 서비스 구축시 고려해야 할 다양한 KnowHow와 일부 서비스에서의 데이터 분석 사례를 통해 IoT 서비스의 유효성에 대한 소개를 합니다.
[2016 데이터 그랜드 컨퍼런스] 2 5(빅데이터). 유비원 비정형데이터 중심의 big data 활용방안K data
빅데이터 시대에서 중요한 것은 의미 분석입니다. 통계분석에서 얻을 수 없는 가치를 빅데이터 분석을 통해 얻을 수 있습니다. 빅데이터는 정형데이터와 비정형데이터를 모두 포함하며, 기업 내부 문서, 이메일, ERP, CRM 같은 시스템에도 있고, 소셜 미디어, 웹블로그 같은 일반 인터넷에도 존재 합니다.
인공지능 알고리즘은 빅데이터를 활용하고 숨은 의미를 찾는데 중요한 역할을 합니다. 현재의 인공지능 기술은 아직 인간의 상식, 창의성, 도덕성을 담을 수 없는 한계를 안고 있습니다. 그러나 특정 분야에서, 예를 들어 고객 민원 자동 분류, 금융 상품 상담과 같은 영역에서 인간보다 뛰어난 처리 능력을 보일 수 있습니다. 궁극적으로 일처리에 효율과 효과를 높이는 방향으로 빅데이터와 인공지능이 활용되고 있습니다.
Malware detection within enterprise networks is a critical component of an effective information security strategy. Instances of malware attacks are increasing – making them especially important to detect – and data science can help. This presentation outlines data science driven approaches to finding domains that have time and user-based co-occurrence relationships. It also includes a demonstration of a scalable and operationalizable framework to detect domain associations by analyzing the web traffic of users in any organization.
Additional information:
http://www.datasciencecentral.com/video/dsc-webinar-series-data-science-driven-approaches-to-malware
RightScale Webinar: Security and Compliance in the CloudRightScale
In this webinar we talk about how the cloud security landscape continues to evolve, then show you a demo of how enterprises are using RightScale to help them securely manage all their cloud infrastructure.
Key Topics:
1. Understanding the security requirements of cloud
2. Security certifications among cloud providers
3. Managing secure & compliant cloud-enabled organizations
4. Live demo of the RightScale approach
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...Amazon Web Services
Cloud computing on AWS provides central IT organizations with the ability to control their applications, data and security. This session will detail the processes and controls that CIO organizations can put in place to maintain control while helping their customers to realize the many benefits of cloud computing.
Datensicherheit mit AWS - AWS Security Web DayAWS Germany
Vortrag "Datensicherheit mit AWS" von Bertram Dorn beim AWS Security Web Day 2016. Alle Videos und Präsentationen finden Sie hier: http://amzn.to/1NFtR5P
Dieser Vortrag bietet Ihnen eine Übersicht über mögliche Leistungsmerkmale und Optionen von Amazon Web Services, mit denen Ihre Daten gesichert werden können. Die AWS Dienste folgen spezifischen Bauplänen auf Basis von Regionen und Verfügbarkeitszonen. Das Verstehen dieser Baupläne ermöglicht es Ihnen, die richtige Wahl zu treffen, um erfolgreich Anwendungen auf AWS laufen zu lassen. Auch existieren verschiedenste Optionen welche von AWS zur Sicherung der Anwendungen empfohlen werden. Der Vortrag wird einen Überblick über diese Optionen geben und einige bewährte Verfahren im Bereich Verschlüsselung und AWS-Konto-Verwaltung beschreiben.
Rackspace provides a comprehensive set of tooling and expertise on AWS that further unlocks your ability to secure your environment efficiently and cost effectively. The dynamic environment of data, applications, and infrastructure can pose challenges for businesses trying to manage security while following compliance regulations. To mitigate these challenges, businesses need a scalable security solution to ensure their data is safe, secure, and stable. In this webinar, Brad Schulteis, Jarret Raim and Todd Gleason will discuss the topic of security control requirements on AWS through the lens of three common compliance scenarios: HIPAA, PCI-DSS, and generalized security compliance based on the NIST Risk Management Framework. Watch our webinar to learn how Rackspace combines AWS and security expertise with tools like AWS CloudFormation, AWS CodeCommit and AWS CodeDeploy to help customers meet their security and compliance needs.
Join us to learn:
• Best practices for securely operating workloads on the AWS Cloud
• Architecting a secure environment for dynamic workloads
• How to incorporate Security by Design principles to address compliance needs across 3 use cases: HIPAA, PCI-DSS and generalized security compliance based on the NIST Risk Management Framework
Who should attend: Directors and Managers of Security, IT Administers, IT Architects, and IT Security Engineers
Cloud Breach - Forensics Audit Planning
The goal of this presentation is to assist IT Risk and Security professionals with adding Cloud computing forensics to their Incident Response team.
It should assist them with understanding the technical ways of capturing forensic data from cloud service providers using security controls that incorporate and integrate logging, chain of evidence, virtualization and cloud security architecture
Walk through this hands-on workshop to expand your AWS technical skills. Gain credibility for your experience working with AWS by building proficiency with services and solutions in the areas of AWS Architecture Fundamentals.
AWS Canberra WWPS Summit 2013 - AWS Governance and Security OverviewAmazon Web Services
As you look to go beyond your cloud and how you will manage governance for it, there are things you need to consider as you build your strategy. Come to this session to understand data protection policies, your relevant control areas, what shared responsibility means and what you need to do to put the right components together for your organisation's Cloud governance strategy.
CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...Amazon Web Services
Most law enforcement agencies today manage, store, process, analyze, and report on digital forensics using on-premises data centers for computing. Digital forensics is a spiky workload that requires ever increasing storage. Workloads for digital evidence are increasing as it becomes routine to collect laptops, thumb drives, phones, and media (video, images, etc.) during criminal investigations. With oscillating workloads and a need for large amounts of storage, digital forensics is prime workload for the AWS Cloud. This session explores the use of AWS in the tracking and evolution of digital forensics. Learn how to tackle CJIS evidence management in the cloud using AWS GovCloud (US). Learn More: https://aws.amazon.com/government-education/
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...Amazon Web Services
The cloud is not an 'All or Nothing' approach with regards to replacing workloads inside your datacenter. Enterprises with existing datacenters can easily extend their Infrastructure into the cloud to seamlessly leverage the benefits of cloud while using the same set of controls familiar to their business. However availability and security still remain among the top two concerns for CIOs when deciding on cloud adoption for their organization.
Amazon Web Services has infrastructure across multiple geographical Regions spanning five continents, with multiple Availability Zones in each Region along with a set of global edge locations. Building a similar infrastructure for high availability with your traditional datacenter would be non-trivial and cost prohibitive. Join this session to understand how you can achieve high availability across geographies, deploy your applications close to your users, control where your data is located, achieve low latency, and migrate your applications around the world in a cost-effective and easy manner using AWS services. You will also learn how AWS builds services in accordance with security best practices, provides appropriate security features in those services, has achieved industry standard certifications, and other third-party attestations. In addition, in line with the shared security model on the cloud, AWS customers must leverage on security features and best practices to architect an appropriately secure application environment. Enabling customers to ensure the confidentiality, integrity, and availability of their data is of the utmost importance to AWS, as is maintaining trust and confidence.
Security in the cloud Workshop HSTC 2014Akash Mahajan
A broad overview of what it takes to be secure. This is more of an introduction where we introduce the basic terms around Cloud Computing and how do we go about securing our information assets(Data, Applications and Infrastructure)
The workshop was fun because all the slides were paired with real world examples of security breaches and attacks.
This presentation includes cloud security overview, Could Security Access Broker, CASB's four pillars, proxy and API deployment mode and advantage and limitation of deployment modes
Shared Responsibility and Setting Up Secure Account StructuresAmazon Web Services
In addition to discussing the AWS Shared Responsibility Model in detail for Infrastructure, Container and Abstract Services, we present a reference architecture for a secure, multi-account enterprise structure, including Mandatory Access Control for logging and separation assurance for different groups and functions within an organisation.
[2016 데이터 그랜드 컨퍼런스] 6 3(전략, 솔루션).크레딧데이터 공공데이터를 활용한 생활의 질 향상K data
국내 클라우드 시장 현황은 공공에 의해서 선도되고 있으며 행정자치부의 G클라우드, 서울특별시의 IT Complex센터가 대표적입니다. 민간은 KT, LG, SK, 아마존 웹서비스가 사업을 선도하고 있습니다. 이와 같은 사업트렌드와 오픈소스 클라우드 도입에 따른 장점, 그리고 시장 내 다양한 오픈소스SW를 소개합니다. 또한 CUBRID의 실제 민간 공공 분야 적용사례에 대해서 안내합니다.
[2016 데이터 그랜드 컨퍼런스] 5 4(보안,품질). 비투엔 4차산업혁명의성공 데이터품질K data
4차 산업혁명의 도래는 IOT, 빅데이터 관리 등 신 기술의 개발로 “광대한 데이터”의 활용이 가능함에 따라 급속도로 발전하고 있습니다. 여기서 간과해서 안 될 사실 하나는 수집, 활용되는 데이터의 정확성과 유의미성이라고 볼 수 있으며, 기존의 정형데이터 위주의 품질관리의 영역에서 비정형/빅데이터로 품질관리 기술도 개발되어야 합니다. 2000년 초반 DW/CRM 초기에 저 품질 데이터로 인한 시행착오를 우리는 기억하고 있습니다.
2016년, 그 동안 버려졌던 관측센서데이터, SNS 데이터, 통신데이터 등을 기반으로 하는 AI가 가까운 미래에 우리에게 새로운 문명의 혜택일지 재앙일지는 정확하지 않습니다. 이번 발표는 이런 폐해를 줄이기 위해 데이터 품질관리 동향, 사례, 향후 방향성에 대해 공유하고 고민하는 시간이 되겠습니다.
[2016 데이터 그랜드 컨퍼런스] 5 4(보안,품질). 바넷정보기술 컴플라이언스 대응을 위한 효율적인 데이터 관리 방안K data
개인정보보호법과 정통망법에 이어 상거래 종료 고객 데이터의 파기와 분리보관에 대한 신용정보법이 시행된 지 8개월이 지났습니다. 그러나, 실제 실무에 적용하기 위해서 많은 고려사항이 존재하고 추진하는데 어려움이 있는 것이 사실입니다. 또한 적용 범위와 구체적인 실행 방안에서도 많은 혼란이 있습니다. ㈜바넷정보기술이 개인정보 파기/분리보관 솔루션을 이용하여 금융권 고객사에 구축했던 경험을 기반으로 그 적용 과정에 발생했던 이슈들과 고려사항, 해결방안 등을 말씀 드리고자 합니다. 또한, 자체 개발로 진행할 때와 전문 솔루션을 구축할 때의 차이점과 필요한 기술들에 대해 소개함으로써 앞으로 사업 추진 방향을 결정하는데 도움을 드리고자 합니다. 그리고, 추가로 데이터 보안 관련 최신 트랜드와 관련 솔루션에 대해 간략히 소개합니다.
[2016 데이터 그랜드 컨퍼런스] 5 2(보안,품질). 투비웨이 데이터정제와품질검증을위한mdm 시스템의기능과역할K data
기업 시스템의 기본 인프라인 기준정보관리는 기업에서 고품질의 정확한 데이터를 적시에 필요한 곳에서 사용할 수 있도록 기준정보의 라이프사이클을 관리하고, 기준정보가 필요한 곳에 연계하며, 기준정보의 품질을 관리합니다. 기준정보관리 프로젝트 과정에서 고품질 데이터의 확보를 위해 가장 기초적인 작업인 데이터정제(Cleansing)을 수행하게 됩니다. 데이터 정제작업은 다수의 현업 워킹그룹과 스프레드시트를 통해 협업을 진행하고, 변경된 표준과 품질규칙을 적용하기 위해서 매우 반복적이고 소모적인 작업을 수행하곤 합니다. 변경되는 표준체계와 추가되는 품질규칙을 효과적으로 데이터 정제작업에 반영하고, 현업 워킹그룹과 정제 수행그룹간의 효과적인 협업을 유도하고 지원하기 위한, 기준정보관리시스템(MDM)의 기능과 역할에 대해 살펴보고 제안하고자 합니다.
[2016 데이터 그랜드 컨퍼런스] 4 5(인공지능). 머니브레인 앱의 시대는 가고 인공지능 봇의 시대가 온다K data
앱 시장이정체되고 AI에 대한 관심이 높아지면서 챗봇이 새로운 혁신으로 떠오르게 됐다. 인공지능을 가진 챗봇은 기존 앱과는 달리 사용자와의 대화와 교류를 통해 능동적인 일처리가 가능하다. 초기 챗봇기술은 명령어와 대답을 일대일 매칭시키는 시나리오방식이었다. 이후 점차 사람의 말을 잘 이해하는 NLU(Natural Language Understanding)기술이 개발되었고 Deep Learning을 통해 방대한 데이터를 바탕으로 사람의 말을 학습시키려는 노력이 진행되고 있다. 하지만 현 기술은 일차원적인 답변만 가능하다는 한계점을 지니고 있다. 그것을 극복하기 위해선 HTA(Hierarchical task analysis)기술이 필요하며 HTA기술은 챗봇의 지능을 한층 높이며 챗봇의 상용화에 크게 기여할 것이다.
[2016 데이터 그랜드 컨퍼런스] 3 5(io t). 스마트박스-iot와 생활 속 사물함의 만남K data
정보통신 혁명으로 사회기반 시설이 된 인터넷 그 인터넷을 통해 사물들이 자동적으로 대화합니다.세계최초로 상용화한 사물인터넷 기술의 무인보관함은 과연 어떤대화를 나누고 거기서 우리는 어떤 의미 있는 가치를 찾을 수 있을까요? 이번 발표에서는 온라인 쇼핑몰의 발전과 현재 택배 시장 분석, 기존 택배시스템의 문제점, 기존 컴퓨터 기반 기계와 IoT 기술을 접목한 스마트박스의 차이, 휴대전화번호를 키 값으로하는 비식별조치화 된 개인정보를 통한 빅데이터 수집 및 활용의 가능성, 조합된 빅데이터로 가지는 개인정보유출 방지에 관련된 기대 효과, 스마트박스 IoT 플랫폼으로 활용되는 타제품...
[2016 데이터 그랜드 컨퍼런스] 2 4(빅데이터). 오픈메이트 공간정보로 풀어보는 빅데이터 세상K data
공간정보의 역할? 데이터는 다른 데이터 소스들과 결합할 때 데이터의 진정한 가치가 발휘됩니다. 이중 고강은 많은 데이터 셋이 공존하게 하는 중요한 허브 역할을 합니다. 이와 함께 국가데이터가 개방되면서 공간정보의 역할은 무궁무진해졌습니다. 기존에 상권정보에만 국한되었던 GIS 분석 서비스가 이제는 Location Intelligence로 다양한 역할을 하기 시작하게 되었습니다. 복지시설의 입지 선정, 공공정책의 수립, 그리고 헬스케어 분야까지! 공간정보로 풀수 있는 빅데이터 세상! 그 가능성을 보여드립니다!
[2016 데이터 그랜드 컨퍼런스] 2 3(빅데이터). 엑셈 빅데이터 적용 사례 및 플랫폼 구현K data
빅데이터 환경에서 기업의 의사결정에 필요한 DW 시스템은 더욱 중요해졌고, 대용량 데이터 분석은 필수가 되었다. 전통적인 DBMS의 확장성, 성능 한계를 해결하기 위해서 소프트웨어 뿐만 아니라 최신의 하드웨어 디바이스와 결합하여 어플라이언스 형태의 DW 구축이 대세가 되고 있는 환경에서, 국산 DBMS의 선두주자 티맥스소프트는 외산 DB 어플라이언스와 경쟁할 수 있는 데이터베이스 어플라이언스를 출시하였다. 최근 HP 하드웨어와 어플라이언스 협력 모델을 내놓았으며, 기존의 DBMS가 해결하지 못한 초대용량과 고성능, 그리고 데이터의 확장성이 특징이다. ZetaData는 고성능 데이터베이스 서버와 지능형 스토리지 서버, 초고속 네트워크를 통해 대용량 데이터의 빠른 처리와 시스템 안정성을 제공하는 통합(Consolidated) 데이터 솔루션이다.
[2016 데이터 그랜드 컨퍼런스] 2 2(빅데이터). skt beyond big dataK data
미래의 ICT생태계는 데이터를 중심으로 형성될 것입니다. 디지털라이제이션(digitalization)의 가속화로 우리의 일상은 빠르게 데이터 기반으로 급변하고 있습니다. 빅데이터라는 용어가 라디오 프로그램의 선곡기준으로도 등장하는 현 시점에서 다양한 관점의 빅데이터를 살펴봄으로써 실제 산업 생태계에 가져올 기술, 사회, 제도적 혁신의 조짐을 살펴보고자 합니다.
먼저 오픈소스가 가져오는 IT 생태계의 변화와 공유경제라는 키워드를 통해 함께함으로써 커지는 데이터의 가치, 그리고 그 가치를 더욱 크게 할 메타데이터의 중요성을 이야기하겠습니다. 또한 데이터 생태계의 활성화를 위한 거래 플랫폼이 가진 멀티 사이드 플랫폼의 가치와 이러한 플랫폼 활성화를 위한 공공 정책의 데이터 기반 변화 트렌드와 개인 프라이버시 보호 트렌드 및 기술을 살펴보고자합니다.
[2016 데이터 그랜드 컨퍼런스] 2 1(빅데이터). 티맥스 빅데이터시대,더욱중요해진dw를위한어플라이언스전략K data
빅데이터 환경에서 기업의 의사결정에 필요한 DW 시스템은 더욱 중요해졌고, 대용량 데이터 분석은 필수가 되었다. 전통적인 DBMS의 확장성, 성능 한계를 해결하기 위해서 소프트웨어 뿐만 아니라 최신의 하드웨어 디바이스와 결합하여 어플라이언스 형태의 DW 구축이 대세가 되고 있는 환경에서, 국산 DBMS의 선두주자 티맥스소프트는 외산 DB 어플라이언스와 경쟁할 수 있는 데이터베이스 어플라이언스를 출시하였다. 최근 HP 하드웨어와 어플라이언스 협력 모델을 내놓았으며, 기존의 DBMS가 해결하지 못한 초대용량과 고성능, 그리고 데이터의 확장성이 특징이다. ZetaData는 고성능 데이터베이스 서버와 지능형 스토리지 서버, 초고속 네트워크를 통해 대용량 데이터의 빠른 처리와 시스템 안정성을 제공하는 통합(Consolidated) 데이터 솔루션이다.
[2016 데이터 그랜드 컨퍼런스] 1 1. bk1(위세아이텍) 2016데이터그랜드컨퍼런스-머신러닝동향과 산업별 활용_김종현-finalK data
머신러닝은 인공지능 내부 시스템 가운데 학습영역을 구체화한 기술로 데이터를 반복해서 기계를 학습시키는 알고리즘과 기술을 개발하는 분야이다. 머신러닝 알고리즘은 특성과 사용 분야를 기준으로 크게 유사성 베이스, 정보, 비지도, 신경망의 5가지 유형으로 분류된다. 이번 발표에서 머신러닝이 활용되는 산업별 세계 시장 규모와 실제 머신러닝이 어떻게 실생활에 적용되어 있는지 사례를 들어 설명할 예정이다. 특히 머신러닝 구현을 위해 필수적 요소인 도메인 지식 데이터의 중요성을 확인할 수 있다.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
[2016 데이터 그랜드 컨퍼런스] 5 1(보안,품질). 웨어밸리 data security challenges and its solutions in cloud environment
1. Data Security Challenges and Its
Solutions in Cloud Environment
Threats, Security Responsibilities, Compliances, Solutions
WAREVALLEY
http://www.warevalley.com
2. www.warevalley.com
1. Excessive and Unused Privileges
2. Privileges Abuse
3. Input Injection (Formerly SQL Injection)
4. Malware
5. Weak Audit Trail
6. Storage Media Exposure
7. Exploitation of Vulnerable, Misconfigured Databases
8. Unmanaged Sensitive Data
9. Denial of Service
10. Limited Security Expertise and Education
Top Ten Database Security Threat
Source : 2014 Verizon Data Breach Report
Traditional databases, Big Data / On-Premise or Cloud
3. www.warevalley.com
1. Default, Blank & Weak Username/Password
2. SQL Injections in the DBMS
3. Excessive User & Group Privilege
4. Unnecessary Enabled Database Features
5. Broken Configuration Management
6. Buffer Overflows
7. Privilege Escalation
8. Denial of Service Attack DoS
9. Unpatched Databases
10. Unencrypted Sensitive data – at rest and in motion
Top Ten Database Vulnerabilities and
Misconfigurations
Source : Team SHATTER
4. www.warevalley.com
Database Security on Cloud
1. What data are you moving ?
• Sensitive Data Discovery
• IT Compliances after you move data to cloud
• Security Hole in data migration
2. Who is accessing the database?
• Administrators, Developers and Applications
• DAP, Masking, Encryption, Approval Process
3. To where are you moving the data?
• Physical and Network Security infrastructures
• Who has administration access to the database ?
• Different geographic locations = Different regulations, laws and standards
Source : Security Week
5. www.warevalley.com
Responsibility Challenge on Cloud
1. Protecting the data as it moves to the cloud
• Data-in-motion encryption : SSL or VPN
2. Hardening instances
• With IaaS, the customer is responsible for securing the operating
system. This includes hardening processes, patches, security software
installation and following the database vendor’s security guidelines.
3. Protect management console access
• Role-based access to dashboard
• Data recovery plan to an external location
4. Prepare plan for availability, backups, DR and Business Continuity
• Using IaaS provider’s tools for backup and DR
• Customer is responsible for deploying others
Source : Security Week
9. www.warevalley.com
Compliance Challenge on Cloud
1. Understanding where the data
• Regulated data should be mapped to exact locations.
2. Separation of duties
• Between production and test environment data
• Between non-regulated and regulated applications
• Between the different roles involved with handling the data
3. Identity Management
4. Access controls should be in place
• All sensitive data should be governed, monitored and approved.
Source : Security Week
10. www.warevalley.com
Compliance Challenge on Cloud
5. Encryption and encryption alternatives
• Data encryption, tokenization, data masking
6. Detecting, Preventing and mitigating attacks
• Detect and prevent attacks on the database (e.g., SQL injection attacks)
• Adequate controls and audit infrastructure
7. Operational Security
• Govern asset management,
• Change management, production access,
• Periodic vulnerability scanning,
• Adequate remediation procedures,
• User access audit, management operation
• Event response procedures
Source : Security Week
12. www.warevalley.com
Amazon RDS Security Features
• Run your DB instance in an Amazon Virtual Private Cloud (VPC)
– Network Access Control
• Use AWS Identity and Access Management (IAM) - assign
permissions that determine who is allowed to manage RDS resources
• Use security groups - control what IP addresses or EC2 instances can
connect to your databases on a DB instance
• Use Secure Socket Layer (SSL) connections with DB instances
• Use RDS encryption - AES-256 encryption algorithm to encrypt your
data
• Use network encryption and transparent data encryption with
Oracle DB instances
• Use the security features of your DB engine
Source : AWS
13. www.warevalley.com
Azure Database Security Features
• Firewall - IP addresses, can access a logical Azure SQL Server or a
specific database
• Secure Connection - Secure communication from clients based
on the TDS protocol over TLS (Transport Layer Security)
• Auditing - auditing events include insert, update, and delete
events on tables /Audit logs in Azure table storage and build
reports on top of them
• Data masking - SQL users excluded from masking, Masking rules
& functions
• Row-level Security - Aimed at multi-tenant applications that
share data in a single table within the same database.
Source : blogs.msdn.microsoft.com
15. www.warevalley.com
Chakra MAX V2
• Database(System) Audit and Protection
• Database(System) Activity Monitoring
• Database(System) Work Approval Process
• Dynamic Data Masking
• Sensitive Data Discovery
• Compliance Reports
Systems
Windows
HP-UX
AIX
Solaris
Linux
Mainframe
Databases
Oracle / Time-Stan /Exadata
Microsoft SQL Server
IBM DB2 (Mainframe, UDB)
SAP Sybase IQ/ASE
SAP HANA
Mysql / MariaDB
IBM Netezza
TeraData
PostgreSQL / Greenplum
Altibase / Tibero / Cubrid / Kairos / SunDB
Amazon RedShift / Aurora
Dameng DM7
Fujitsu Symfoware
PetaSQL
Chakra MAX(Database Audit and Protection) on Cloud
16. www.warevalley.com
Chakra MAX(Database Audit and Protection) on Cloud
DB service
STAP
Chakra MAX for AWS RDS(DB as a service)
• Sniffing is Impossible - Port Mirror (X), TAP(X), STAP(X)
• Gateway(Proxy Sever) is OK
Chakra MAX for EC2 (Infrastructure as a service)
• Sniffing is Possible – STAP
• Gateway(Proxy Server) is OK
DB service
STAP
RDS
EC2
Gateway Only
Gateway + Sniffing
17. www.warevalley.com
Chakra MAX(Database Audit and Protection) on Cloud
Client A
AWS
Client B
WAS (EC2)
DB (RDS)
Chakra Max SAGENT
Chakra Max (EC2)
SAGENT analyze end user’s information
and notify it to Chakra MAX
Client A
Client B
WEB Users
Internet
DB Users
①
①
①
②
Internet
②
DB users connect to DB
through Chakra MAX server
as gateway(Proxy) mode.
Blocking backdoor
connection
User Access Control
DNS
Mapping DNS to real IP Address
Sniffing Mode (Database Activity Monitoring)
Gateway Mode (Database Audit and Protection)
18. www.warevalley.com
Systems DatabasesWeb
Cyclone V3
• Auto Service Discovery
• Sensitive Data Discovery in System/DB
• Database Audit / Change Management
• DB Vulnerability Assessment
• Compliance Reports
Cyclone(Database Security Assessment) on Cloud
20. www.warevalley.com
Plugin
Authorized User (Plain Text)
Unauthorized User (Cipher Text or Masked)
Sensitive Data (Columns)
has been Encrypted
End User (Plain Text)
Galea(Database Encryption-Column Level) on Cloud
API
Authorized Applications
21. www.warevalley.com
Galea(Database Encryption-Column Level) on Cloud
Column-Level Encryption Plan
(Algorithm, Keys ..)
Authorization Policies to Decrypt
(Client IP, DB User, Application, Time & Date)
Return Masked Data
Return Encrypted Data
Return Decrypted Data
Unauthorized Users
Authorized Users
No need to modify customer’s application !
22. www.warevalley.com
WAREVALLEY : Database Security and Management
DB Encryption (Plugin) DB Encryption (API)
DB (System) Audit and Protection
Dynamic Data Masking
Work Flow Process
DB Administration, Performance Monitoring
Data Quality Assessment
Sensitive Data Discovery
DB Security Assessment
DB Vulnerability Assessment
Big Data Analysis
Datawarehouse