A Data Privacy & Security Year in Review: Top 10 Trends and Predictions
•Download as PPTX, PDF•
1 like•319 views
Paying attention to data privacy and security is no longer optional. From a mega breach at Equifax to emerging regulations such as GDPR, data security is driving both today’s headlines and the IT initiatives of tomorrow. Join us for a fascinating discussion on how data privacy and security have evolved in 2017—and what to expect in 2018.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to A Data Privacy & Security Year in Review: Top 10 Trends and Predictions
Similar to A Data Privacy & Security Year in Review: Top 10 Trends and Predictions (20)
More from Delphix
More from Delphix (19)
Recently uploaded
Recently uploaded (20)
A Data Privacy & Security Year in Review: Top 10 Trends and Predictions
- 1. © 2017 Delphix. All Rights Reserved. Private and Confidential.© 2017 Delphix. All Rights Reserved. Private and Confidential. Alexandros Mathopoulos | Product Manager, Data Privacy & Security Matthew Yeh | Director, Product Marketing | December 6, 2017 A DATA PRIVACY & SECURITY YEAR IN REVIEW TOP 10 TRENDS AND PREDICTIONS
- 2. © 2017 Delphix. All Rights Reserved. Private and Confidential. 1 Top Trends for 2017 2 Predictions for 2018 3 The Delphix Dynamic Data Platform Agenda 2
- 3. © 2017 Delphix. All Rights Reserved. Private and Confidential.© 2017 Delphix. All Rights Reserved. Private and Confidential. Top Trends for 2017 3
- 4. © 2017 Delphix. All Rights Reserved. Private and Confidential. Trend #1: Data risk is becoming more and more decentralized
- 5. © 2017 Delphix. All Rights Reserved. Private and Confidential. Datawarehouses / Big Data Clouds SaaS Databases 2002
- 6. © 2017 Delphix. All Rights Reserved. Private and Confidential. Datawarehouses / Big Data Clouds SaaS Databases 2007
- 7. © 2017 Delphix. All Rights Reserved. Private and Confidential. Datawarehouses / Big Data Clouds SaaS Databases 2012
- 8. © 2017 Delphix. All Rights Reserved. Private and Confidential. Datawarehouses / Big Data Clouds SaaS Databases 2017
- 9. © 2017 Delphix. All Rights Reserved. Private and Confidential.© 2017 Delphix. All Rights Reserved. Private and Confidential. 9 Average number of applications 483 Average number of copies created per instance of data 13+ Total worldwide data by 2025 Source: Netskope, IDC, 163 ZB
- 10. © 2017 Delphix. All Rights Reserved. Private and Confidential. Trend #2: Increasing Importance of Data Security For Cloud Migrations
- 11. © 2017 Delphix. All Rights Reserved. Private and Confidential. Cloud Adoption is Accelerating 11 30% Cloud spend compound annual growth rate 70% Amount of IT market growth driven by cloud demand 48 of 50 F50 companies have publicly announced cloud adoption plans Source: “The Changing Faces of the Cloud,” Bain & Company, 2017
- 12. © 2017 Delphix. All Rights Reserved. Private and Confidential. Where Do Your Applications Live? 12 Time On Premises 85% on premises 15% cloud 50% on premises 50% cloud 25% on premises 75% cloud Cloud
- 13. © 2017 Delphix. All Rights Reserved. Private and Confidential. Trend #3: Encryption Is Not Enough
- 14. © 2017 Delphix. All Rights Reserved. Private and Confidential. Advantages Disadvantages • Effective at sending data between to parties (email/files) • Effective in protecting data in a production application • Not effective in non-production use • Phishing schemes to obtain user credentials allow hackers to access encryption in non- production
- 15. © 2017 Delphix. All Rights Reserved. Private and Confidential. Trend #4: There Are Not Enough Security Professionals
- 16. © 2017 Delphix. All Rights Reserved. Private and Confidential.© 2017 Delphix. All Rights Reserved. Private and Confidential. 16 Global shortage of cybersecurity professional by 2019 2 M Rate of cybersecurity job growth vs IT Job Overall 3x Organizations believe half or fewer of applicants for open security jobs are qualified 84%Source: ISACA
- 17. © 2017 Delphix. All Rights Reserved. Private and Confidential. Trend #5: A Growing Number of Data Consumers
- 18. © 2017 Delphix. All Rights Reserved. Private and Confidential. Increased Cloud Adoption Data-driven Decisions Faster Dev & Deployment 18 Increasing Governance & Risk Enterprise Silos & Manual Process Massive, Sprawling Datasets
- 19. © 2017 Delphix. All Rights Reserved. Private and Confidential.© 2017 Delphix. All Rights Reserved. Private and Confidential. Predictions for 2018 19
- 20. © 2017 Delphix. All Rights Reserved. Private and Confidential. Trend #5: A Growing Number of Data Consumers Prediction #1: Machine Learning Changes Everything
- 21. © 2017 Delphix. All Rights Reserved. Private and Confidential. Trend #5: A Growing Number of Data Consumers The computer learns to recognize patterns in historical data Feedback The learned machine looks for learned patterns When it encounters a familiar pattern, it predicts likely future developments
- 22. © 2017 Delphix. All Rights Reserved. Private and Confidential. Trend #5: A Growing Number of Data Consumers
- 23. © 2017 Delphix. All Rights Reserved. Private and Confidential. Trend #5: A Growing Number of Data Consumers Prediction #2: GDPR buzz only increases after May 2018
- 24. © 2017 Delphix. All Rights Reserved. Private and Confidential. GDPR At A Glance
- 25. © 2017 Delphix. All Rights Reserved. Private and Confidential. 87% 58% CIOs believe their current policies leave them at risk under GDPR Respondents believe their companies will be fined under GDPR Source: IDC
- 26. © 2017 Delphix. All Rights Reserved. Private and Confidential. Trend #5: A Growing Number of Data Consumers Prediction #3: Rise In Additional Regional Privacy Laws
- 27. © 2017 Delphix. All Rights Reserved. Private and Confidential. Trend #5: A Growing Number of Data Consumers USA Federal CALEA, CCRA, CIPA,COPPA,EFTA, HIPPA, HITECH Mexico Personal Data Protection Law Colombia Data Privacy Law 1266 Chile Law of the Protection of Private Life Argentina Brazil Article 5 of Constitution United Kingdom ICO Privacy & Electronic Communication Regulations European Union GDPR South Africa Electronic Communications and Transactions Act Australia National Privacy Principals, State Privacy Bills, Email Japan Personal Information Protection Act Taiwan Computer-Processed Personal Data Protection
- 28. © 2017 Delphix. All Rights Reserved. Private and Confidential. Trend #5: A Growing Number of Data Consumers Prediction #4: Rise Of The Chief Security/Protection Officer
- 29. © 2017 Delphix. All Rights Reserved. Private and Confidential.© 2017 Delphix. All Rights Reserved. Private and Confidential. 29 Organizations that have CISOs in 2017 65% Increase in Percent of Organizations Who Have CSOs 15% Source: ISACA
- 30. © 2017 Delphix. All Rights Reserved. Private and Confidential. Prediction #5: A major data breach that targets non-production
- 31. © 2017 Delphix. All Rights Reserved. Private and Confidential. Data Breach by the Numbers* 31 $3.62M Average Total cost of a data breach $141 Average cost of lost or stolen record 24,089 Average number of records compromised in a breach 27.7% Likelihood an organization experiences a breach over the next 2 years *Ponemon Institute: 2017 Cost of Data Breach Study
- 32. © 2017 Delphix. All Rights Reserved. Private and Confidential. Non-Production Data Represents a Major Hidden Risk NON-PRODUCTION (80%) PRODUCTION DATA (20%) » Is constantly growing » Entails multiple types of repositories » Is often less protected by security and governance measures Non-Production Data:
- 33. © 2017 Delphix. All Rights Reserved. Private and Confidential.© 2017 Delphix. All Rights Reserved. Private and Confidential. 33
- 34. © 2017 Delphix. All Rights Reserved. Private and Confidential. Delphix Dynamic Data Platform Deliver secure data in just minutes Application s Files Databases Rich APIs DD Controls Self Service Data pods On-Prem Any Server Private Cloud Public Cloud Sync Compress Provision Compliance Policy Masking Distribute Audit & Report Manage VIRTUALIZE SECURE MANAGE DBA 34
- 35. © 2017 Delphix. All Rights Reserved. Private and Confidential. Delphix Masking Protects Sensitive Data “DATA AT RISK” IS IN DATABASES Claimant Table ID First_Name 1 George 2 Mary 3 John Employee Table ID First_Name 5 John 6 George 7 Mary Claimant Table ID First_Name 1 Romanth 2 Clara 3 Damien Employee Table ID First_Name 5 Damien 6 Romanth 7 Clara UNMASKED DATA MASKED DATA ✓ REALISTIC ✓ REFERENTIAL INTEGRITY ✓ IRREVERSIBLE ✓ REPEATABLESENSITIVE DATA IN PRODUCTION Social Security Numbers, Credit Card Information, Patient Information, Email Addresses
- 36. © 2017 Delphix. All Rights Reserved. Private and Confidential. Mask virtual copy one time Repeatable and Secure Data Delivery Mask once, deliver many 36 Production Source DEV QA • Provision a complete, virtual copy of production • Automatically discover and mask sensitive data • Distribute multiple masked copies packaged in data pods • Provide testers with self-service control Distribute secure copies in minutes
- 37. © 2017 Delphix. All Rights Reserved. Private and Confidential. Stewarded by a World Class Executive Team Delphix was founded in 2008, based in Redwood City, CA 350+ people across 9 offices around the world 300+ global enterprises use Delphix One-third of the Fortune 100 use Delphix with a 90%+ renewal rate About Delphix Chris Cook President & CEO Michelle Kerr Chief Marketing Officer Tony Orlando SVP, Worldwide Sales Stewart Grierson CFO Jedidiah Yueh Founder, Exec Chairman Marc Aronson SVP, Engineering Patrick Lightbody SVP, Product Management
- 38. © 2017 Delphix. All Rights Reserved. Private and Confidential. Select Delphix Customers 38 Financial Healthcare TelecomManufacturingRetailTechnology
- 39. © 2017 Delphix. All Rights Reserved. Private and Confidential. QUESTIONS?
- 40. © 2017 Delphix. All Rights Reserved. Private and Confidential. THANKYOU alexandros.mathopoulos@delphix.com matthew.yeh@delphix.com
Editor's Notes
- Hi everybody, thank you for joining us for our first webinar in our Data Privacy and Security Webinar series. My name is Alexandros and I am the Product Manager at Delphix responsible for all things security. I am here along with my colleague Matt, our Director of Product Marketing here at Delphix. Today we are very excited to be doing our Data Privacy and Security Year in review where we go over the top 10 security trends we have seen develop in 2017 and discuss some of the predictions we have for 2018. This is the first webinar in a 4 part series that will cover topics like “Why your approach to Data governance needs a major update”, ” GDPR and what is means for you” and well as a demo of the data masking service in our Dynamic Data Platform.
- Just a quick glance at the agenda for today. First we will take a look at the top security trends of 2017, dive into the prediction for 2018 and finally give you a small glimpse of Delphix’s Dynamic Data Platform and how we think about data security. With all of that’s said, lets jump right in.
- So what are the top trends of the last year? That is a great question and it is one that Matt and I spent a fare amount of time thinking about through out the year. The trends we have identified here are based on a experience we have with our customers, discussing security trends with security experts through out the industry, as well research done by highly respected security analysts. Matt, do you want to dive into our first trend for 2017?
- Trend #1: Data risk is becoming more and more decentralized Enterprises have never had data in one place, and there have been few enterprises that have truly standardized against a single data repository type or technology BUT in 2017 and across the last few years, we’ve seen an explosion in not just the types of data sources that enterprises maintain, but we’ve also seen growth in the number of locations or environments where those sources reside.
- If you go back 15 years, to 2002 There was really only one public cloud vendor – Amazon Web Services There were a limited number of RDBMS systems seeing heavy use at an enterprise level And Software as a Service was still in its infancy
- Fast forward 5 years you start to see more options pop-up
- 2012 sees the emergence of Big Data as well as the 3 key cloud service providers – Microsoft Azure and Google Cloud in addition to AWS
- By 2017, companies are starting to truly adopt big data systems and the cloud with these technologies reaching maturity Enterprises have significantly more options for for storing and managing data At Delphix, when We talk to our customers they have requirements to support multiple database types and clouds – they all have data in hybrid environments and offsite and this data needs to move from place to place. Our customers who keep data in AWS, for example, may also have data in Azure and have requirements for portability across these and other clouds Data is increasingly spread out over multiple locations and, correspondingly, your data risk spreads and shifts as it moves.
- This is only made worse by the simple fact that enterprises have more applications and more data The average enterprise-level company in 2017 maintains 483 different applications, with each production application associated with multiple copies of its underlying data IDC says that by 2025 there will be 163 Zetabytes of data, with enterprise data being the fastest growing segment of all types of dala
- The second trend we’d like to highlight is the Increasing importance of data security for cloud migrations
- First off, we know that cloud adoption is accelerating at an impressive rate Cloud spend is growing at a 30% compound annual growth rate The growth of the overall IT market is driven by demand for cloud technology and services And the biggest companies in the world have concrete plans for cloud adoption that they’ve announced to the world
- A shift is currently well underway While today’s enterprises have application portfolios mostly on prem, they’ve clearly signaled their intent to move down this blue line in this chart here to reach a point where the balance of their apps are in the cloud And to achieve this shift, they need to solve data security When enterprises are surveyed by analysts and systems integrators, security is cited as the #1 barrier to adoption – Forrestor, Gartner, IDC, and Accenture have done research that all point to security as one of the greatest concerns ahead of a cloud migration project. And at Delphix we see this as well. When we ask customers about their cloud adoption challenges – the first thing that comes up are their requirements to secure their data before they even think about moving it to the cloud. https://www.accenture.com/_acnmedia/Accenture/Conversion-Assets/DotCom/Documents/Global/PDF/Dualpub_25/Accenture-cabu-position-paper-cloud-concerns-us-web%20(1).pdf
- Great, thank you Matt. Our 3rd trend is that organizations are realizing that encryption is simply not enough. This is another one of those trends that is very tied to some of the other macro trends we have discussed like – data becoming more decentralized and the need for data for cloud migrations. For a long time, it seemed like the notion most organizations had about data security was that encryption (whether or data in flight or at rest). What more organizations are realizing though is that it is not that simple.
- Encryption has 2 main advantages/use cases that it is very useful for. This first is when sending data between 2 parties like an email or a file sent over the internet. The other is when protecting your main production data at rest. But where it really not effective is in non-production use cases where the number of users who need access to the data is much broader. These non-production environments are especially vulnerable to phishing schemes where hackers attempt to obtain user credentials to access the data. For these non-production environments, other methods of securing your data like data masking have proven to be much more effective and useful. We will talk a little bit more about what data masking is a later.
- The 4th major security trend is another important one that I think most individuals involved in security can sympathize with. What we have seen in 2017, and honestly in the last several years is that there simply are not enough security professionals to meet the needs of organizations. And this problem is becoming even worse as time goes on due to several other trends that we have already talked about. For example, the fact that data is becoming more decentralized across different clouds, SaaS services, and types of databases means that security professionals need a broader sense of skills around these different data sources. A second reason that there simply are not enough security professionals is driven by the fact that security has become front and center for almost every organization. Every organization is afraid to become the next Equifax, Target, or Uber – and they are raising the expectations they have of their security teams. This means more stringent security procedures and launching launching larger security initiatives – all which have a need for skilled security professionals. So how big is this problem really?
- Well we believe the problem is very large and will only be getting bigger. A recent study by ISACA reviewed some interesting statistics. The believe there will be a a 2 million global shortage of cyber security professional by 2019 and that cyber security job growth will outpace overall IT Job growth by 3 times. An even scarier stat is that over 80%of organizations they surveyed believed that less than half of applicants who applied for open security jobs were qualified for those jobs.
- Trend #5: There is a growing constituency of Data Consumers who use data to drive new projects and innovation: this includes developers, testers, analysts, data scientists, and more. Today’s companies are increasingly driven by software, and decision-making depends more and more on sophisticated data analysis, making more of today’s workers dependent on having access to data In 2017, the rise of DevOps, cloud, IoT, and AI means demand for greater volumes of data, faster At Delphix, one of the things we’ve noticed is that we’re interacting with more and more customers who are building an organization dedicated to managing data. Sometimes this org is built around a Chief Data Officer and is composed of both data operators – folks like DBAs, InfoSec personnel, and other stewards of data – as well as different types of data consumers– folks who derive insight and drive change through data.
- At Delphix, we do like to point out an important dynamic that’s emerged with the rise of the data consumer. On one hand, you have this quickly growing constituency of consumers who need access to data at faster speeds On the other hand are forces driving to constrain data, restricting access and availability: Data is doubling in size and in complexity. It’s spread out over many types of repositories It’s also very risky: Sensitive information is vulnerable to breach and subject to regulatory measures These 2 opposing forces create what we call Data Friction: data operators struggle to manage, secure, and deliver data environments demanded of them. And users are still struggling to access, manipulate, and share the data they need. As we look to the future, a key theme will be solutions designed to eliminate this friction to speed up data-driven innovation.
- Great, thank you Matt. Next, we are going to dive into a few security predictions for 2018. 2018 is going to be a very exciting year for the security industry. We expect to see a significant amount of innovation coming from organizations and even governments. Lets lump in right in.
- Our first prediction for 2018 is the growing importance of Machine Learning technology. At this point this is probably a technology you have heard up because of its growing importance in many industries.
- Now, we hear machine learning in the headlines all of the time now a days, but really what is it. At a high level, its actually pretty easy to understand the technology. There are basically 3 major steps in most applications that use machine learning technology. Frist, is that developers develop algorithms that are built to recognize patterns when you feed them data and some kind of classification. After that the algorithms or machine can look for patterns it has already learned in the data. Once it encounters a familiar pattern it can make some sort of prediction about the data. A great example of of this in the security industry is several companies that are building applications that monitor things like network traffic to identify patterns outside the norm. These abnormal activities in network traffic could mean some active security breach in progress.
- But we believe we are just at the forefront of really understanding the impact machine learning will have on different industries, including the security industry. In 2018 and beyond we will see the most innovative companies beginning and furthering injecting machine learning into their solutions to make them better and provide more value. Machine learning really is a game changer.
- The GDPR is a relatively new, European Union-based regulation that sets strict limits on businesses that collect, use, and share data from EU citizens. Companies—EU-based or otherwise—face new requirements that compel them to redouble their efforts to protect sensitive information.
- Again, GDPR impacts not just companies based in the EU, but any global business that stores or traffics data related to EU citizens. To comply with GDPR, companies need to adequately secure confidential information that directly or indirectly reveals an individual’s identity. GDPR also sets standards around breach notification: For certain types of breaches, businesses are required to report the incident within 72 hours GDPR punishes businesses that fail to leverage appropriate protection. The fine for non-compliance can be harsh: as much as 4% of global revenue, certainly enough to jeopardize ongoing European operations for any business selling in the EU. And There’s a May 2018 deadline for compliance….
- We predict that many organizations will not fully have their houses in order by this time, and that buzz around the regulation won’t subside come May. IDC says the 87% of CIOs believe their current policies leave them at risk under GDPR and that 58% of survey respondents believe that their companies will be fined under GDPR. As the law becomes enacted and as the first few organizations are fined, we believe urgency around GDPR will grow for organizations that believe they do not fully comply. This will be the wakeup call that the EU is getting serious about data privacy.
- Next, this brings us to our third prediction. This third prediction is that governments around the world will follow the EUs example and develop additional and more stringent data privacy and security laws.
- This map just shows some of the data protection laws that currently exist around the world or are currently in the process of being implemented. Expect more of these to pop up through out 2018 and also become more strict and far reaching. We are already seeing movement on this for 2018 with the new proposal in the US congress to mandate huge penalties and possible jail time for organizations/indiduals that do not report data breaches.
- Our fourth prediction is that we will see the continuing rise in the prominence of the Chief Security Officer within organizations. This is going to be especially true for any organizations that are impacted by GDPR due to the fact that GDPR required by law that someone be named a “Chief Protection Officer”.
- Some stats to demonstrate this trend are that in 2017 65% of organizations around the world had CISOs which is a 15% increase from 2016. Expect this number to increase even further in 2018 as organizations look to put the responsibility of data security on a single executive.
- Prediction #5: A major data breach will hit an organization in 2018 with a non-production environment as the site of the attack.
- Breaches in both the private and public sector have cost millions That’s just considering the breaches that have made the news – but there are many more that go undiscovered for months or years Customer churn, fines, reputational risk—those are all the real dangers of data breach I think these ideas are well understood by this audience.
- But what is surprising to some is the important of protecting non-production environments as it relates to breach protection A key insight we have at Delphix around data security and privacy is that where businesses are most vulnerable is actually not in live production environments, but in non-prod environments for development, testing, reporting, or analytics. In fact, most of the surface area of risk for data breach is situated in non-production environments. Much of this is due to the data sprawl that we see in today’s enterprises For every copy of prod, businesses create 10-12 copies for non –prod and this sprawl multiplies the surface area of risk Making matters worse, these environments are often less scrutinized from a security perspective, putting businesses at risk and suggesting that the likelihood of a attack on non-prod is high.
- At this point, I do want transition and say a quick work about Delphix
- At Delphix we provide a solution that integrates data masking and data delivery, to solve data privacy & security challenges, and we call this solution the Delphix Dynamic Data Platform Our platform installs on-prem or in the cloud and iingests data from various sources– oftentimes this is an RDMS such as Oracle, SQL Server, DB2, AWS, It virtualizes that data, allowing users to create lightweight virtual copies that are space-efficient and highly portable We can automatically apply data masking to those virtual copies to protect sensitive information Finally, we package those virtual copies into personal data pods that are delivered to end users in just minutes. Data pods contain secure, virtual copies of data along with data controls that allows users to manipulate that data: users can instantly refresh, rewind, branch, or share those copies as a self service
- I mentioned data masking earlier What a masking solution does is that it transforms sensitive data values – names, email addresses, social security numbers, credit card numbers – into fictitious yet realistic values The key here is that we scramble the data in a way that’s irreversible, secure, and yet intelligent. The data is still usable after its masked. So if you’re a developer, you often don’t need the actual information resident in the data, but you do need that data to look, feel, and operate like the real thing. In this example here, Mary is masked to another name Clara and John is masked to Damian. We do this very quickly and in a way that preserves the referential integrity of the data. Again, in his example, Mary is masked to Clara consistently, across the Oracle tables and the SQL Server tables. This is a really common requirement that we encrounted at Delphix.
- I referenced how Delphix integrates data masking and data delivery And that’s really the key to making masking practical, effective, and repeatable. There are 2 challenges that masking solution must address: that’s creating the masked data, and then moving it where it needs to go. Most masking solution only address the former, leaving teams to manually deliver data to downstream environments, a process that in most organizations takes days, weeks, or even months. Delphix, though, lets teams mask their data, then provision virtual copies of that masked data in minutes and as a self-service. With the Delphix Dynamic data platform, you can pull in your production data, mask it with referential integrity, and then deliver as many secure copies as you need to non-production environments that, otherwise, represent a huge security risk to your organization.
- A little bit of background on Delphix We’re based in Redwood City, CA outside of San Francisco and have over 350 employees led by a world class executive team.
- Over 300 global customers use our Dynamic Data Platform, including over 1/3 of the Fortune 100 Just some of our customers are listed here These are companies that aren’t just using in a small corner of their business, they are truly standardizing on our platform to increase the agility of their operations, ro protect their most sensitive information, and to comply with the world’s toughest regulations such as GDPR.
- With that I’d like to Seed questions Don’t cloud vendors like AWS already have data privacy solutions in place. Will those solution be sufficient to protect cloud data? (M) Alerting, monitoring solution, encryption, access control measures Single governance platform across clouds. Most organizations Environments accessible to more data consumers – insider threat, use case where you’re giving access to someone What are some best practices for launching a GDPR compliance initiative for a US-based company? (A) What data sources does Delphix support? (M) Does Delphix use machine learning? (A) Why can’t we use encryption to protect test data? (A) How can we leverage Delphix with cloud services? (M) Does masking our data make us GDPR compliant? (A) On average, how long does it take to implement Delphix masking? (M) Are masking tools used to secure data for BI/reporting? (A)