at MicroFocus Italy ❖✔, profile picture
Uploaded byat MicroFocus Italy ❖✔
431 views

A data-centric program

The white paper discusses the increasing vulnerabilities data-driven enterprises face from cyber criminals, highlighting the need for robust data protection strategies due to escalating data breaches. It emphasizes a data-centric protection approach that de-identifies sensitive data to mitigate risks while allowing business agility. Organizations are encouraged to adopt well-designed data protection programs that align with their unique requirements and to use advanced technologies like format-preserving encryption and tokenization to secure data throughout its lifecycle.

Embed presentation

Download to read offline
White Paper Data-Centric Protection: Enabling Business Agility While Protecting Data Assets White Paper
Vulnerabilities Abound in Data-Driven Enterprises Corporate, government and other enterprises are under relentless attack by cyber criminals determined to steal business-critical data and confidential customer and third-party information. Whether for the purpose of identity theft, corporate espionage or other malicious ends, hordes of hackers running the gamut from organized crime groups to sovereign government organizations are working around the clock, around the globe to penetrate data stores in virtually every industry sector. Year after year, organizations have struggled to thwart these criminals and the existential risks they pose to business enterprises. Yet, vulnerabilities continue to abound and the associated attacks are more pervasive, more sophisticated and more damaging than ever. And, that damage can affect an organization’s reputation, bottom line, and impact business success for years. The incidence of data breaches and thefts is mind-boggling. Consider the following: • From 2005 to 2014, there have been 5,029 reported data breaches (many more go unreported). In 2014 alone, there were 783 reported data breaches in the US, a 27.5% increase over 2013.1 • A single data breach, such as the Experian ID theft2 or the Target breach3 , can expose and compromise millions to hundreds of millions of confidential records. • Globally, there are an estimated 556-million cyber crime victims per year4 . • Many data thefts can and do go on undetected for years.5 • End-point protection solutions and even many fairly sophisticated data protection solutions have lost their effectiveness6 over time. As the following diagram dramatically illustrates, there are more perpetrators, with more capabilities, using more attack vectors to accomplish their criminal aims than was once imaginable. These folks are tireless, agile and smart. 1 Source: ITRC Breach Statistics 2005-2014. http://www.idtheftcenter.org/ITRC-Surveys- Studies/2014databreaches.html 2 http://krebsonsecurity.com/2014/03/experian- lapse-allowed-id-theft-service-to-access-200- million-consumer-records/ 3 http://krebsonsecurity.com/2014/05/the-target- breach-by-the-numbers/ 4 http://www.go-gulf.com/blog/cyber-crime/ 5 https://www.usa.gov/identity-theft 6 http://www.esg-global.com/blogs/endpoint- security-market-transformation-in-2014/ http:// www.scmagazine.com/10-minutes-on-rethink- your-endpoint-security-strategy/article/208390/ White Paper
Feeling nervous yet? Well, there’s more: • According to one recent survey, an estimated 47% of organizations reported suffering at least one cyber attack during the past year. More shocking is the fact that 13% of those surveyed said they didn’t know whether they had been attacked! • Enterprises have grown increasingly borderless due to disaggregated supply chains, outsourcing and mobile workforces, data is less centralized than ever before. • Cyber threats don’t just originate outside of enterprises, but from inside as well. In fact, approximately 50% of all data breach incidents are sparked by insiders. Organizations should assume cyber criminals have already breached their perimeter defenses. • Companies that fall victim to cyber attacks not only suffer the initial costs and damages, but continue to experience negative impacts including damage to their reputation, customer churn and various other hard costs for years after the incident. It’s become clear that implementing basic security controls and traditional security techniques is not enough to prevent data breaches. New approaches to managing risk and neutralizing breaches, while at the same time enabling businesses to operate with the agility required in today’s business environments, are required. Ironically, organizations’ successes in harnessing innovative technology to create competitive advantage and drive business growth are often also at the heart of their security problems. IT infrastructures were designed to enable organizations to communicate and collaborate more efficiently – not to keep people out. It’s important to keep this in mind when tackling data security challenges because as much as organizations must protect their data, they must also make sure it’s available to serve their businesses and continue to drive their growth. The good news is that companies today can protect critical data through the implementation of well designed, tested and proven data-centric protection programs, customized to their unique business requirements and risk profiles. Keys to an Effective Data-Centric Program Implementation Cyber-solution blueprinting Many organizations start building Cyber Security programs via extensive technology spending. Often this is supplemented by hiring staff with varying backgrounds and skill sets. While this bottom-up approach to developing a capability can be effective over the longer term, most often it results in significant overspend both on technology solutions, vendors/solution providers, and staff. With no overarching strategy, it is extremely difficult to hire the right people and deploy the right solutions for your cyber security challenges. Data-Centric Data Protection Approach A data-centric data protection approach calls for de-identifying the data as close to its source as possible, replacing the sensitive data elements with usable, yet de-identified, equivalents that retain their format, behavior and meaning. This protected form of the data can then be used in subsequent applications, analytic engines, data transfers and data stores. In order words, the data de-identification process removes or obscures any personally identifiable information from enterprise data so that should a data breach occur, the “data” obtained by the perpetrator(s) will be useless. This approach effectively neutralizes data breaches. Figure 1: Complexity of cyber attacks continues to increase exponentially; the need for a robust data protection program has never been greater White Paper
A Successful Data Protection Program Begins With Questions Presented with the preceding statistics, the urge might be to build the IT equivalent of thicker and stronger castle walls, deeper and wider moats and lock down every bit of data. Of course, completely locking down and preventing all access to data would make it impossible to run your business. Given that you can’t count on stopping cyber criminals at the boundary of your organization, you need to focus specifically on protecting your data. That means protecting your sensitive data at the point of origination and throughout its life cycle, wherever it is being stored, moved and used. This approach is called data-centric security. To implement data-centric security, while simultaneously empowering your business to compete and win in today’s nano-second world, you need to understand your data flows and your business needs from your data. Begin by answering some important questions: • What does your organization need from your data in order to extract the maximum business value and gain a competitive advantage? • What opportunities might be leveraged by improving the security posture of the data? • What risks exist based upon your current security posture? What would the impact of a data breach be on the organization? Be specific! • Have you clearly defined which data (both structured and unstructured) residing across your extended enterprise is most important to your business? Where is it? • What people, processes and technology are currently employed to protect your business sensitive information? • Who in your organization requires access to data and for what specific purposes? • What time constraints exist upon the organization that might affect the technical infrastructure? • What must you do to comply with the myriad government and industry regulations relevant to your business? Finally, ask yourself what a successful data-centric protection program should look like in your organization. What’s most appropriate for your organization? The answers to these and other related questions would provide you with a clearer picture of your enterprise’s “data attack surface,” which in turn will provide you with a well-documented risk profile. By answering these questions and thinking holistically about where your data is, how it’s being used and by whom, you’ll be well positioned to design and implement a robust, business-enabling data-centric protection plan that is tailored to the unique requirements of your organization. Creating the Blueprint Based on hundreds of client engagements to design and deploy data-centric protection frameworks and programs, Booz Allen Hamilton has found its assessment and diagnostic process – a process called cyber-solution blueprinting – invaluable in jump-starting the design and implementation of customized data-centric protection solutions that match organizations’ operational needs, commercial requirements and the realities of their business environments. This cyber-solution blueprinting process also significantly reduces development time and expense. Solution blueprints include four key elements, which are illustrated below. These elements then drive program development and implementation. Additional Questions to Ask at the Outset • How have you classified your data? • Is it tagged? • Is there metadata associated with it that will identify it when it’s crawled by a DLP solution or when somebody else opens up that data? • How do you need to use your business-critical data (e.g. to process transactions, deliver customer service, perform market and customer analytics, etc.)? • Where is all of your data being stored and used? • Do you have clearly defined policies and rules in place to govern the handling, processing and storage of data? • Do you have a comprehensive knowledge of everyone who has access to your sensitive data? Cyber-Solution Blueprinting Benefits • Provides holistic view of the challenges and solution options • Proven more efficient than ad-hoc approaches • Enables intelligent and planned use of your existing technology infrastructure • Articulates clearly defined program processes • Ensures use of best-of-breed technology • Reduces overall program costs White Paper
People, Process, & Technology Maps Ÿ Defines Roles required to Support a successful program Ÿ Outlines specific process requirements and flows Ÿ Highlights data protection technology to enable the required capabilities (e.g.encryption and tokenization ) Ÿ Summarizes descriptions of each process step Ÿ Provides data protection organizational definitions Ÿ Aligns specific data protection process steps to roles and responsibilities Process Descriptions & RACI Charts Capability Requirements Ÿ Breaks down the distinct technology and people skill requirements to have a successful program Ÿ Technical requirements align against a holistic system view Ÿ Skill requirements align against a human capital framework Ÿ Map of data protection capability requirements against industry leading services, products and techniques Ÿ Specific guidance for addressing key challenge areas to jump-start implementation project Ÿ Helps identify redundant technology and gaps Capability / Vendor Solutions Matrix 1 2 43 HPE Security - Data Security Data-Centric Technologies At-a-Glance HPE Security - Data Security provides its data-centric protection through its HPE SecureData solution. The key components of this solution are: • HPE Format-Preserving Encryption (HPE FPE) is a fundamentally new approach to encrypting structured data, such as credit card or Social Security numbers. HPE FPE makes it possible to integrate data-level encryption into legacy business application frameworks that were previously difficult or impossible to address. It uses a published encryption method with an existing, proven algorithm to encrypt data in a way that does not alter the data format. The result is a strong encryption scheme that allows for encryption with minimal modifications to the way that existing applications work. HPE FPE is a mode of AES, recognized by NIST (see NIST SP- 800-38G). • HPE Secure Stateless Tokenization (HPE SST) is an advanced, patent- pending data security technology that provides enterprises, merchants and payment processors with a new approach to help assure protection for payment card data, with significant Payment Card Industry Data Security Standard (PCI DSS) audit scope reduction. HPE SST technology dramatically improves speed, scalability, security and manageability over conventional and first-generation tokenization solutions. And it does so while eliminating the need to build and maintain token databases and all of the cost and complexity that goes along with such traditional token databases. Why Implement Data-Centric Protection Organizations typically employ a layered approach to prevent access to their enterprises and to protect their data. However, even using such a layered approach involving various point solutions, security gaps remain that can be exploited by cyber-criminals. It’s quite common for organizations to feel confident that they are well protected, only to be rudely disabused of that notion by a clever, industrious crook. That’s why Booz Allen Hamilton and HPE Security - Data Security have developed and strongly advocate a different approach – a data-centric, data de-identifying approach to data security that enables you to protect data over its entire lifecycle – from the point at which it’s captured, throughout its movement across your extended enterprise, all without exposing live information to high-risk, high-threat environments. That’s the essence of data-centric security. HPE SecureData solutions, including HPE Format-Preserving Encryption (FPE), and HPE Secure Stateless Tokenization (SST), protect sensitive data as soon as it is acquired and ensures that it is always used, transferred and stored in protected form. It effectively “de-identifies” data, rendering it useless to attackers, while maintaining its usability and usefulness – its referential integrity – for authorized production and non-production data processes, applications and services. Data De-Identification with HPE SecureData quite literally neutralizes data breaches by making your protected data absolutely worthless to an attacker. Figure 3: HPE SecureData - Data-Centric Protection with HPE FPE and HPE SST FPE FPE SST FPE FPE Name SS# Credit Card# Street Address Customer ID Name SS# Credit Card# Street Address Customer ID James Potter Ryan Johnson Carrie Young Brent Warner Anna Berman Kwfdv Cqvzgk Veks lounrfo Pdnme Wntob Eskfw Gzhqlv Jsfk Tbluhm 161-82-1292 200-79-7127 095-52-8683 178-17-8353 525-25-2125 37123 786354 51001 5587 0856 7634 0139 5348 9209 2367 2829 4929 4333 0934 4379 4556 2545 6223 1830 2890 Ykzbpoi Clpppn 406 Cmxto Osfalu 1498 Zejojtbbx pqkag 8261 Saicbmeayqw Yotv 8412 Wbbhalhs Ueyzg S7202483 B0928254 G8265029 G3951257 B662594 385-12-1199 857-64-4190 761-58-6733 604-41-6687 416-03-4226 37123 456789 01001 5587 0806 2212 0139 5348 9261 0695 2829 4929 4358 7398 4379 4556 2525 1285 1830 1279 Farland Avenue 111 Grant Street 4513 Cambridge Court 1984 Middleville Road 2893 Hamilton Drive G8199143 S3626248 B0191348 G8888767 S9298273 This is an illustration of HPE FPE and HPE SST in use. Note how HPE FPE encrypts the original data without changing the format. HPE SST tokenizes data without the need to build and maintain a token database. White Paper Figure 2: Cyber-solution Blueprinting Process
Data-Centric Protection in the Real World Let’s take a look at several quite real and quite demanding situations in which these technologies are in use. Live Production Data Protecting live production data is both an obvious imperative and, perhaps, the very definition of mission- critical. You may have transaction information, for example, that’s being captured in a mainframe environment. You want to encrypt that data in a very simple way so you can protect it even as it moves out and into other types of systems – perhaps various Oracle databases for departmental use, or into Hadoop for big data analytics, or into the cloud for outsourcing of testing, application development. The data likely contains at least some sensitive data – it may be personally identifiable customer information (e.g. credit card numbers, social security numbers, etc.) as well as external, third party data, perhaps HIPAA regulated data. Consider the example of a global insurance company that wants to reduce its cost of application development. The company needs to provide its offshore vendor with realistic data in order to do this development work. But it cannot afford to risk providing the vendor with the actual data that application is being developed for. Using HPE SecureData technology, the company can provide the vendor with realistically formatted data that has been completely de-identified. In that way, it can achieve its development cost reduction goal without jeopardizing its live production data. Or the company may want to do various types of analytics on broad data sets consisting of hundreds of millions of records. In such a case it would extract data from traditional highly trusted data-warehouse environments and move and merge those data sets into low-cost Hadoop ecosystems. you’d also be exposing the data to other downstream systems and tools like Greenplum or Data Mirror via ETL tools. Again, protecting the live data requires that it be de-identified, prior to being moved out of the trusted data warehouse environments. Additionally, you might also want to be able to reverse the process after the analytics are performed. HPE SecureData technology provides the ability to analyze the data in a protected form and then under very tight policy control, be returned to its original form once back in the warehouse. This kind of flexible, data-centric protection is extremely valuable and is employed in many organizations. High Performance Hadoop Data De-identification While many times organizations have the luxury of being able to stage the de-identification process, in other instances the de-identification must be done on the fly. For instance, a global communications company needs to routinely analyze several hundred million customer records to detect patterns to provide the intelligence needed for retail optimization and other business activities. Similarly, a healthcare innovator wanted to do real-time analysis of pharmaceutical, healthcare and third party data to provide the information and insights it needed to create and offer new, high value services to medical networks. In these instances, the organizations used HPE SecureData technologies to de-identify event-driven data from multiple sources in real time in order to accomplish their extraordinarily demanding business objectives, while fully protecting sensitive personal, financial, and healthcare data. • HPE Page-Integrated Encryption (HPE PIE) encrypts sensitive user data in the browser and allows that data to travel encrypted through intermediate application tiers. Unlike traditional TLS/SSL encryption, this keeps user data private as it travels through load balancers and web application stacks, only decrypting that data when it reaches secured inner host systems. PIE encrypts data with host-supplied single use keys, making a breach of a user browser session useless for decrypting any other data in the system. These technologies can be used individually or in combination to provide highly scalable, high performance data de-identification that is standards based and that has been proven effective in many demanding real-world situations. White Paper
Protecting Data in the Cloud As organizations extend their enterprises to the cloud – using both public and private clouds – as part of their efforts to reduce costs, all sorts of data protection red flags begin waving. They may be extending their enterprises to the cloud for storage, to run applications such as fraud detection or perform various analytics. The cloud does provide a low-cost environment in which to operate, but that benefit is accompanied by significant data security risks. It’s easy enough to send a continuum of data up into cloud platforms like Azure or AWS, but not so easy to exert the level of control over these environments that you can in your own data centers. For instance, one global finance firm moved its customer data analysis to Azure Workloads in order to cut per application costs by 40%. Another organization – a global investment bank, created a private cloud stack to enable it to deliver new services more rapidly. The data being moved to the cloud included CRM, PCI (payment card industry) and other personally identifiable information. These organizations felt confident in making these moves thanks to the business-enabling power of HPE SecureData data de- identification technology. Protecting Sensitive Data in Test and Development Environments Generating data for test and development environments presents serious challenges for enterprise security and risk management. When data is copied from production databases and used directly for application development, large volumes of private data accumulate on unprotected servers and workstations. The use of outsourced and offshore QA and development services further increases the risks and costs of data leakage – potentially resulting in damages affecting reputation, compliance, and revenues. A nonprofit financial services company that provides financing to rural electric cooperatives in the U.S. faced just this challenge. To reduce the application development and testing costs for a new web application, the organization decided to offshore the project. It needed, however, to provide the offshore contractor with realistic data for use in development and testing, but not the actual, confidential data, which if stolen, could wreak havoc with the organization’s reputation, member relationships and survival. By using HPE SecureData with HPE FPE, it was able to meet its tight deadline for this offshore project, reduce its application development costs, effectively neutralize data breaches, ensure the security of its sensitive data and maintain the confidence of its members. Business Empowerment and Solid Data Protection: You Can Have Both As discussed earlier, security approaches that have attempted to prevent cyber criminals from accessing enterprise data have been less than fully effective. That does not mean you should abandon network security, of course. It’s just that you can’t rely solely on perimeter defenses to protect your invaluable data assets. Only by employing a data-centric data protection approach can you truly reduce your risk profile and render attacks on your data pointless and worthless. By de-identifying critical data throughout its entire life-cycle, you can neutralize data breaches while retaining your data’s referential integrity and usability. Most important, implementing a data-centric program does not hamper your organization’s ability to access, move, analyze, and use your data to enable business success. The unique cyber-solution blueprinting and data de-identification processes described in this white paper – beginning with an enterprise risk assessment, then the development of a cyber-solution blueprint, and the implementation of HPE SecureData data de-identification solutions – have proven effective in numerous extremely challenging situations and environments. They provide consistent, robust data protection while also protecting organizations’ access to the information they rely upon to run and grow their businesses. And they do this without you having to embark on a lengthy and horrendously expensive project. In fact, they produce significant cost savings while providing the business with the information it needs to glean critical insights that can lead to formidable growth and enhanced customer loyalty. White Paper
About Booz Allen Hamilton Booz Allen Hamilton has been at the forefront of strategy and technology for more than 100 years. Today, the firm provides management and technology consulting and engineering services to leading Fortune 500 corporations, governments, and not-for-profits across the globe. Booz Allen partners with public and private sector clients to solve their most difficult challenges through a combination of consulting, analytics, mission operations, technology, systems delivery, cybersecurity, engineering, and innovation expertise. With international headquarters in McLean, Virginia, the firm employs more than 22,500 people globally, and had revenue of $5.27 billion for the 12 months ended March 31, 2015. To learn more, visit www.boozallen.com. (NYSE: BAH) About HPE Security - Data Security HPE Security - Data Security drives leadership in data-centric security and encryption solutions. With over 80 patents and 51 years of experience we protect the world’s largest brands and neutralize breach impact by securing sensitive data-at-rest, in use and in motion. Our solutions provide advanced encryption, tokenization and key management that protect sensitive data across enterprise applications, data processing infrastructure, cloud, payments ecosystems, mission critical transactions, storage and big data platforms. HPE Security - Data Security solves one of the industry’s biggest challenges: simplifying the protection of sensitive data in even the most complex use cases. For more information, visit www.voltage.com. To learn how this approach to data protection can allow your organization to deploy your data where, when and to whom it needs to be deployed while keeping it fully protected visit www.voltage.com and/or contact BAH: Ernie Anderson Principal anderson_ernie@bah.com 619-663-7757 Stephen Coraggio Principal corragio_stephen@bah.com 917-305-8004 Chris White Senior Associate white_chris@bah.com 517-524-7175 White Paper © Copyright 2015 Hewlett Packard Enterprise Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. December 2015 Learn More www.voltage.com hpe.com/software/DataSecuritySign up for updates Rate this document

More Related Content

PDF
Threat Ready Data: Protect Data from the Inside and the Outside
byDLT Solutions
 
PDF
Big Data: Beyond the Hype - Why Big Data Matters to You
byDATAVERSITY
 
PDF
Master Data in the Cloud: 5 Security Fundamentals
bySarah Fane
 
PDF
Responding to a Data Breach, Communications Guidelines for Merchants
by- Mark - Fullbright
 
PDF
Adopting Intelligence-Driven Security
byEMC
 
PDF
Spo2 t17
bySelectedPresentations
 
PDF
Who is the next target proactive approaches to data security
byUlf Mattsson
 
PDF
Looking Forward - Regulators and Data Incidents
byResilient Systems
 
Threat Ready Data: Protect Data from the Inside and the Outside
byDLT Solutions
 
Big Data: Beyond the Hype - Why Big Data Matters to You
byDATAVERSITY
 
Master Data in the Cloud: 5 Security Fundamentals
bySarah Fane
 
Responding to a Data Breach, Communications Guidelines for Merchants
by- Mark - Fullbright
 
Adopting Intelligence-Driven Security
byEMC
 
Spo2 t17
bySelectedPresentations
 
Who is the next target proactive approaches to data security
byUlf Mattsson
 
Looking Forward - Regulators and Data Incidents
byResilient Systems
 

What's hot

PPTX
Data breach presentation
byBradford Bach
 
PDF
Internal or insider threats are far more dangerous than the external - bala g...
byBala Guntipalli ♦ MBA
 
PDF
Data Breach Guide 2013
by- Mark - Fullbright
 
PPTX
Proven Practices to Protect Critical Data - DarkReading VTS Deck
byNetIQ
 
PDF
Using Digital Threat Intelligence Management (DTIM) to Combat Threats
byEnterprise Management Associates
 
PPTX
Forrester Webinar: Security Ratings Set the Standard
bySecurityScorecard
 
PDF
Enterprise Data Privacy Quiz
byDruva
 
PDF
5 Questions Executives Should Be Asking Their Security Teams
byArun Chinnaraju MBA, PMP, CSM, CSPO, SA
 
PPTX
Putting data science into perspective
bySravan Ankaraju
 
PDF
Before the Breach: Using threat intelligence to stop attackers in their tracks
by- Mark - Fullbright
 
PDF
Protect your confidential information while improving services
byCloudMask inc.
 
PDF
Material de apoyo Un replanteamiento masivo de la seguridad.
byUniversidad Cenfotec
 
PDF
2015 Scalar Security Study Executive Summary
bypatmisasi
 
PDF
Eliminate the 49% of Documents that Contain Data Breaches Webinar
byConcept Searching, Inc
 
PDF
ZoomLens - Loveland, Subramanian -Tackling Info Risk
byJohn Loveland
 
PPTX
Protecting the Crown Jewels – Enlist the Beefeaters
byJack Nichelson
 
PDF
Executive Summary of the 2016 Scalar Security Study
byScalar Decisions
 
PDF
DATA PROTECTION & BREACH READINESS GUIDE 2014
by- Mark - Fullbright
 
PPTX
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
byProofpoint
 
PPTX
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
byPrecisely
 
Data breach presentation
byBradford Bach
 
Internal or insider threats are far more dangerous than the external - bala g...
byBala Guntipalli ♦ MBA
 
Data Breach Guide 2013
by- Mark - Fullbright
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
byNetIQ
 
Using Digital Threat Intelligence Management (DTIM) to Combat Threats
byEnterprise Management Associates
 
Forrester Webinar: Security Ratings Set the Standard
bySecurityScorecard
 
Enterprise Data Privacy Quiz
byDruva
 
5 Questions Executives Should Be Asking Their Security Teams
byArun Chinnaraju MBA, PMP, CSM, CSPO, SA
 
Putting data science into perspective
bySravan Ankaraju
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
by- Mark - Fullbright
 
Protect your confidential information while improving services
byCloudMask inc.
 
Material de apoyo Un replanteamiento masivo de la seguridad.
byUniversidad Cenfotec
 
2015 Scalar Security Study Executive Summary
bypatmisasi
 
Eliminate the 49% of Documents that Contain Data Breaches Webinar
byConcept Searching, Inc
 
ZoomLens - Loveland, Subramanian -Tackling Info Risk
byJohn Loveland
 
Protecting the Crown Jewels – Enlist the Beefeaters
byJack Nichelson
 
Executive Summary of the 2016 Scalar Security Study
byScalar Decisions
 
DATA PROTECTION & BREACH READINESS GUIDE 2014
by- Mark - Fullbright
 
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
byProofpoint
 
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
byPrecisely
 

Similar to A data-centric program

PPTX
Secure Your High Risk Data
byNaveed Ahmed
 
PPTX
Microsoft DATA Protection To Put secure.
byjayceewong1
 
PPTX
Your security posture may define your company’s future
byHome
 
PDF
3 guiding priciples to improve data security
byKeith Braswell
 
PDF
Emerging Trends in Data Security for a Competitive Edge in 2024 and Beyond.pdf
byAnil
 
PDF
Addressing Gaps in Your Cyber Security
byNextLabs, Inc.
 
PDF
White Paper: The Age of Data
byKim Cook
 
PDF
Measure To Avoid Cyber Attacks
bySkillmine Technology Consulting
 
PDF
Measures to Avoid Cyber-attacks
bySkillmine Technology Consulting
 
PDF
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
byUlf Mattsson
 
PDF
Encrypt-Everything-eB.pdf
byalexguzman510050
 
PDF
Why Data-Centric Security Needs to be a Top Priority for Enterprises.pdf
byEnterprise Insider
 
PDF
Industry Overview: Big Data Fuels Intelligence-Driven Security
byEMC
 
PDF
Data centric security key to digital business success - ulf mattsson - bright...
byUlf Mattsson
 
PPTX
Module 8 - External Crisis – Changing Technology.pptx
bycaniceconsulting
 
PDF
idg_secops-solutions
byJonny Nässlander
 
PDF
Perimeter Security is Failing
byUL Transaction Security
 
PDF
Cyber Security small
byHenry Worth
 
PDF
The State of Data Security
byRazor Technology
 
PDF
Gus Hunt's Work-Bench Enterprise Security Summit Keynote
byWork-Bench
 
Secure Your High Risk Data
byNaveed Ahmed
 
Microsoft DATA Protection To Put secure.
byjayceewong1
 
Your security posture may define your company’s future
byHome
 
3 guiding priciples to improve data security
byKeith Braswell
 
Emerging Trends in Data Security for a Competitive Edge in 2024 and Beyond.pdf
byAnil
 
Addressing Gaps in Your Cyber Security
byNextLabs, Inc.
 
White Paper: The Age of Data
byKim Cook
 
Measure To Avoid Cyber Attacks
bySkillmine Technology Consulting
 
Measures to Avoid Cyber-attacks
bySkillmine Technology Consulting
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
byUlf Mattsson
 
Encrypt-Everything-eB.pdf
byalexguzman510050
 
Why Data-Centric Security Needs to be a Top Priority for Enterprises.pdf
byEnterprise Insider
 
Industry Overview: Big Data Fuels Intelligence-Driven Security
byEMC
 
Data centric security key to digital business success - ulf mattsson - bright...
byUlf Mattsson
 
Module 8 - External Crisis – Changing Technology.pptx
bycaniceconsulting
 
idg_secops-solutions
byJonny Nässlander
 
Perimeter Security is Failing
byUL Transaction Security
 
Cyber Security small
byHenry Worth
 
The State of Data Security
byRazor Technology
 
Gus Hunt's Work-Bench Enterprise Security Summit Keynote
byWork-Bench
 

More from at MicroFocus Italy ❖✔

PDF
Hpe security research cyber risk report 2016
byat MicroFocus Italy ❖✔
 
PDF
Sicurezza end-to-end-per-la-posta-e-documenti-allegati
byat MicroFocus Italy ❖✔
 
PDF
The Best Articles of 2016 DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLO...
byat MicroFocus Italy ❖✔
 
PDF
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
byat MicroFocus Italy ❖✔
 
PDF
Format preserving encryption bachelor thesis
byat MicroFocus Italy ❖✔
 
PDF
Mobile app user_survey_failing_meet_user_expectations
byat MicroFocus Italy ❖✔
 
PDF
Privacy e recupero crediti il vademecum
byat MicroFocus Italy ❖✔
 
PDF
Protecting your data against cyber attacks in big data environments
byat MicroFocus Italy ❖✔
 
PDF
PCI COMPLIANCE REPORT
byat MicroFocus Italy ❖✔
 
PDF
Volume2 chapter1 security
byat MicroFocus Italy ❖✔
 
PDF
The Business of Hacking - Business innovation meets the business of hacking
byat MicroFocus Italy ❖✔
 
PDF
Crittografia end to-end basata sui dati come volano della app economy
byat MicroFocus Italy ❖✔
 
PDF
HPE Software at Discover 2016 London 29 November—1 December
byat MicroFocus Italy ❖✔
 
PDF
Configuration Management in a Multi-Cloud Era
byat MicroFocus Italy ❖✔
 
PDF
Technology’s role in data protection – the missing link in GDPR transformation
byat MicroFocus Italy ❖✔
 
PDF
Hpe secure data-payments-pci-dss-control-applicability-assessment
byat MicroFocus Italy ❖✔
 
PDF
HPE Security – Data Security HPE Voltage SecureMail
byat MicroFocus Italy ❖✔
 
PDF
Bper services Case Study Application Delivery Management
byat MicroFocus Italy ❖✔
 
PDF
Threat report 2015_v1
byat MicroFocus Italy ❖✔
 
PDF
Chationary
byat MicroFocus Italy ❖✔
 
Hpe security research cyber risk report 2016
byat MicroFocus Italy ❖✔
 
Sicurezza end-to-end-per-la-posta-e-documenti-allegati
byat MicroFocus Italy ❖✔
 
The Best Articles of 2016 DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLO...
byat MicroFocus Italy ❖✔
 
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
byat MicroFocus Italy ❖✔
 
Format preserving encryption bachelor thesis
byat MicroFocus Italy ❖✔
 
Mobile app user_survey_failing_meet_user_expectations
byat MicroFocus Italy ❖✔
 
Privacy e recupero crediti il vademecum
byat MicroFocus Italy ❖✔
 
Protecting your data against cyber attacks in big data environments
byat MicroFocus Italy ❖✔
 
PCI COMPLIANCE REPORT
byat MicroFocus Italy ❖✔
 
Volume2 chapter1 security
byat MicroFocus Italy ❖✔
 
The Business of Hacking - Business innovation meets the business of hacking
byat MicroFocus Italy ❖✔
 
Crittografia end to-end basata sui dati come volano della app economy
byat MicroFocus Italy ❖✔
 
HPE Software at Discover 2016 London 29 November—1 December
byat MicroFocus Italy ❖✔
 
Configuration Management in a Multi-Cloud Era
byat MicroFocus Italy ❖✔
 
Technology’s role in data protection – the missing link in GDPR transformation
byat MicroFocus Italy ❖✔
 
Hpe secure data-payments-pci-dss-control-applicability-assessment
byat MicroFocus Italy ❖✔
 
HPE Security – Data Security HPE Voltage SecureMail
byat MicroFocus Italy ❖✔
 
Bper services Case Study Application Delivery Management
byat MicroFocus Italy ❖✔
 
Threat report 2015_v1
byat MicroFocus Italy ❖✔
 
Chationary
byat MicroFocus Italy ❖✔
 

Recently uploaded

PPTX
Privacy Preserving Detection of Sensitive Data Exposure (1).pptx
byNikitaMandhan4
 
PDF
How Modern Custom Software is Revolutionizing Mortgage Lending Processes -Ma...
byMatellio
 
PPTX
SNG460-CNG489_Week8_17-21Nov25_Chp8-OdtuClass.pptx
byberayseray382
 
PDF
Revolutionising-SQL-Data-Modelling-with-SqlDBM.pdf
bySQL DBM
 
PPTX
Fast-tracking quality for hundreds applications with automated testing layers
byBogdan Plieshka
 
PDF
Constraints First - Why Our On-Prem Ticketing System Starts With Limits, Not ...
bySpirit Face
 
PDF
Database Management Systems(DBMS):UNIT-I Introduction to Database(DBMS) BCA S...
byKuvempu University
 
PPTX
Code Assessment Tools .pptx
byCodexpro
 
PDF
Coding Assessment Tools .pdf
byCodexpro
 
PDF
Virtual Study Circles Innovative Ways to Collaborate Online.pdf
byExplain Learning
 
PPTX
application security presentation 2 by harman
byharmanideapad
 
PPTX
AI Agent Overview - Why we need AI Agent
byAlokGope
 
PDF
nsfconvertersoftwaretoconvertNSFtoPST.pdf
byNSF Converter Software
 
PPTX
AI Clinic Management Software for Pulmonology Clinics Bringing Clarity, Contr...
byEasy Clinic
 
PPTX
Road_Quality_Indicator using deeplearning algorithms and computer vision
byDHARUNPRASHOBMM
 
PDF
DSD-INT 2025 Latest Developments for HydroMT and wflow - Meshgi
byDeltares
 
PDF
Kiến trúc hướng dịch vụ UET!!!!!!!!!!!!!!!!!!!!!!!
bydoquangminh962004
 
PDF
BCS-FACS Peter Landin Semantics Seminar - Formal Methods: Whence and Whither?
byJonathan Bowen
 
PDF
Design and Analysis of Algorithms(DAA): Unit-II Asymptotic Notations and Basi...
byKuvempu University
 
PDF
DSD-INT 2025 Hydrological response of the Puget Sound area to a changing clim...
byDeltares
 
Privacy Preserving Detection of Sensitive Data Exposure (1).pptx
byNikitaMandhan4
 
How Modern Custom Software is Revolutionizing Mortgage Lending Processes -Ma...
byMatellio
 
SNG460-CNG489_Week8_17-21Nov25_Chp8-OdtuClass.pptx
byberayseray382
 
Revolutionising-SQL-Data-Modelling-with-SqlDBM.pdf
bySQL DBM
 
Fast-tracking quality for hundreds applications with automated testing layers
byBogdan Plieshka
 
Constraints First - Why Our On-Prem Ticketing System Starts With Limits, Not ...
bySpirit Face
 
Database Management Systems(DBMS):UNIT-I Introduction to Database(DBMS) BCA S...
byKuvempu University
 
Code Assessment Tools .pptx
byCodexpro
 
Coding Assessment Tools .pdf
byCodexpro
 
Virtual Study Circles Innovative Ways to Collaborate Online.pdf
byExplain Learning
 
application security presentation 2 by harman
byharmanideapad
 
AI Agent Overview - Why we need AI Agent
byAlokGope
 
nsfconvertersoftwaretoconvertNSFtoPST.pdf
byNSF Converter Software
 
AI Clinic Management Software for Pulmonology Clinics Bringing Clarity, Contr...
byEasy Clinic
 
Road_Quality_Indicator using deeplearning algorithms and computer vision
byDHARUNPRASHOBMM
 
DSD-INT 2025 Latest Developments for HydroMT and wflow - Meshgi
byDeltares
 
Kiến trúc hướng dịch vụ UET!!!!!!!!!!!!!!!!!!!!!!!
bydoquangminh962004
 
BCS-FACS Peter Landin Semantics Seminar - Formal Methods: Whence and Whither?
byJonathan Bowen
 
Design and Analysis of Algorithms(DAA): Unit-II Asymptotic Notations and Basi...
byKuvempu University
 
DSD-INT 2025 Hydrological response of the Puget Sound area to a changing clim...
byDeltares
 

A data-centric program

  • 1.
    White Paper Data-Centric Protection: EnablingBusiness Agility While Protecting Data Assets White Paper
  • 2.
    Vulnerabilities Abound inData-Driven Enterprises Corporate, government and other enterprises are under relentless attack by cyber criminals determined to steal business-critical data and confidential customer and third-party information. Whether for the purpose of identity theft, corporate espionage or other malicious ends, hordes of hackers running the gamut from organized crime groups to sovereign government organizations are working around the clock, around the globe to penetrate data stores in virtually every industry sector. Year after year, organizations have struggled to thwart these criminals and the existential risks they pose to business enterprises. Yet, vulnerabilities continue to abound and the associated attacks are more pervasive, more sophisticated and more damaging than ever. And, that damage can affect an organization’s reputation, bottom line, and impact business success for years. The incidence of data breaches and thefts is mind-boggling. Consider the following: • From 2005 to 2014, there have been 5,029 reported data breaches (many more go unreported). In 2014 alone, there were 783 reported data breaches in the US, a 27.5% increase over 2013.1 • A single data breach, such as the Experian ID theft2 or the Target breach3 , can expose and compromise millions to hundreds of millions of confidential records. • Globally, there are an estimated 556-million cyber crime victims per year4 . • Many data thefts can and do go on undetected for years.5 • End-point protection solutions and even many fairly sophisticated data protection solutions have lost their effectiveness6 over time. As the following diagram dramatically illustrates, there are more perpetrators, with more capabilities, using more attack vectors to accomplish their criminal aims than was once imaginable. These folks are tireless, agile and smart. 1 Source: ITRC Breach Statistics 2005-2014. http://www.idtheftcenter.org/ITRC-Surveys- Studies/2014databreaches.html 2 http://krebsonsecurity.com/2014/03/experian- lapse-allowed-id-theft-service-to-access-200- million-consumer-records/ 3 http://krebsonsecurity.com/2014/05/the-target- breach-by-the-numbers/ 4 http://www.go-gulf.com/blog/cyber-crime/ 5 https://www.usa.gov/identity-theft 6 http://www.esg-global.com/blogs/endpoint- security-market-transformation-in-2014/ http:// www.scmagazine.com/10-minutes-on-rethink- your-endpoint-security-strategy/article/208390/ White Paper
  • 3.
    Feeling nervous yet?Well, there’s more: • According to one recent survey, an estimated 47% of organizations reported suffering at least one cyber attack during the past year. More shocking is the fact that 13% of those surveyed said they didn’t know whether they had been attacked! • Enterprises have grown increasingly borderless due to disaggregated supply chains, outsourcing and mobile workforces, data is less centralized than ever before. • Cyber threats don’t just originate outside of enterprises, but from inside as well. In fact, approximately 50% of all data breach incidents are sparked by insiders. Organizations should assume cyber criminals have already breached their perimeter defenses. • Companies that fall victim to cyber attacks not only suffer the initial costs and damages, but continue to experience negative impacts including damage to their reputation, customer churn and various other hard costs for years after the incident. It’s become clear that implementing basic security controls and traditional security techniques is not enough to prevent data breaches. New approaches to managing risk and neutralizing breaches, while at the same time enabling businesses to operate with the agility required in today’s business environments, are required. Ironically, organizations’ successes in harnessing innovative technology to create competitive advantage and drive business growth are often also at the heart of their security problems. IT infrastructures were designed to enable organizations to communicate and collaborate more efficiently – not to keep people out. It’s important to keep this in mind when tackling data security challenges because as much as organizations must protect their data, they must also make sure it’s available to serve their businesses and continue to drive their growth. The good news is that companies today can protect critical data through the implementation of well designed, tested and proven data-centric protection programs, customized to their unique business requirements and risk profiles. Keys to an Effective Data-Centric Program Implementation Cyber-solution blueprinting Many organizations start building Cyber Security programs via extensive technology spending. Often this is supplemented by hiring staff with varying backgrounds and skill sets. While this bottom-up approach to developing a capability can be effective over the longer term, most often it results in significant overspend both on technology solutions, vendors/solution providers, and staff. With no overarching strategy, it is extremely difficult to hire the right people and deploy the right solutions for your cyber security challenges. Data-Centric Data Protection Approach A data-centric data protection approach calls for de-identifying the data as close to its source as possible, replacing the sensitive data elements with usable, yet de-identified, equivalents that retain their format, behavior and meaning. This protected form of the data can then be used in subsequent applications, analytic engines, data transfers and data stores. In order words, the data de-identification process removes or obscures any personally identifiable information from enterprise data so that should a data breach occur, the “data” obtained by the perpetrator(s) will be useless. This approach effectively neutralizes data breaches. Figure 1: Complexity of cyber attacks continues to increase exponentially; the need for a robust data protection program has never been greater White Paper
  • 4.
    A Successful DataProtection Program Begins With Questions Presented with the preceding statistics, the urge might be to build the IT equivalent of thicker and stronger castle walls, deeper and wider moats and lock down every bit of data. Of course, completely locking down and preventing all access to data would make it impossible to run your business. Given that you can’t count on stopping cyber criminals at the boundary of your organization, you need to focus specifically on protecting your data. That means protecting your sensitive data at the point of origination and throughout its life cycle, wherever it is being stored, moved and used. This approach is called data-centric security. To implement data-centric security, while simultaneously empowering your business to compete and win in today’s nano-second world, you need to understand your data flows and your business needs from your data. Begin by answering some important questions: • What does your organization need from your data in order to extract the maximum business value and gain a competitive advantage? • What opportunities might be leveraged by improving the security posture of the data? • What risks exist based upon your current security posture? What would the impact of a data breach be on the organization? Be specific! • Have you clearly defined which data (both structured and unstructured) residing across your extended enterprise is most important to your business? Where is it? • What people, processes and technology are currently employed to protect your business sensitive information? • Who in your organization requires access to data and for what specific purposes? • What time constraints exist upon the organization that might affect the technical infrastructure? • What must you do to comply with the myriad government and industry regulations relevant to your business? Finally, ask yourself what a successful data-centric protection program should look like in your organization. What’s most appropriate for your organization? The answers to these and other related questions would provide you with a clearer picture of your enterprise’s “data attack surface,” which in turn will provide you with a well-documented risk profile. By answering these questions and thinking holistically about where your data is, how it’s being used and by whom, you’ll be well positioned to design and implement a robust, business-enabling data-centric protection plan that is tailored to the unique requirements of your organization. Creating the Blueprint Based on hundreds of client engagements to design and deploy data-centric protection frameworks and programs, Booz Allen Hamilton has found its assessment and diagnostic process – a process called cyber-solution blueprinting – invaluable in jump-starting the design and implementation of customized data-centric protection solutions that match organizations’ operational needs, commercial requirements and the realities of their business environments. This cyber-solution blueprinting process also significantly reduces development time and expense. Solution blueprints include four key elements, which are illustrated below. These elements then drive program development and implementation. Additional Questions to Ask at the Outset • How have you classified your data? • Is it tagged? • Is there metadata associated with it that will identify it when it’s crawled by a DLP solution or when somebody else opens up that data? • How do you need to use your business-critical data (e.g. to process transactions, deliver customer service, perform market and customer analytics, etc.)? • Where is all of your data being stored and used? • Do you have clearly defined policies and rules in place to govern the handling, processing and storage of data? • Do you have a comprehensive knowledge of everyone who has access to your sensitive data? Cyber-Solution Blueprinting Benefits • Provides holistic view of the challenges and solution options • Proven more efficient than ad-hoc approaches • Enables intelligent and planned use of your existing technology infrastructure • Articulates clearly defined program processes • Ensures use of best-of-breed technology • Reduces overall program costs White Paper
  • 5.
    People, Process, &Technology Maps Ÿ Defines Roles required to Support a successful program Ÿ Outlines specific process requirements and flows Ÿ Highlights data protection technology to enable the required capabilities (e.g.encryption and tokenization ) Ÿ Summarizes descriptions of each process step Ÿ Provides data protection organizational definitions Ÿ Aligns specific data protection process steps to roles and responsibilities Process Descriptions & RACI Charts Capability Requirements Ÿ Breaks down the distinct technology and people skill requirements to have a successful program Ÿ Technical requirements align against a holistic system view Ÿ Skill requirements align against a human capital framework Ÿ Map of data protection capability requirements against industry leading services, products and techniques Ÿ Specific guidance for addressing key challenge areas to jump-start implementation project Ÿ Helps identify redundant technology and gaps Capability / Vendor Solutions Matrix 1 2 43 HPE Security - Data Security Data-Centric Technologies At-a-Glance HPE Security - Data Security provides its data-centric protection through its HPE SecureData solution. The key components of this solution are: • HPE Format-Preserving Encryption (HPE FPE) is a fundamentally new approach to encrypting structured data, such as credit card or Social Security numbers. HPE FPE makes it possible to integrate data-level encryption into legacy business application frameworks that were previously difficult or impossible to address. It uses a published encryption method with an existing, proven algorithm to encrypt data in a way that does not alter the data format. The result is a strong encryption scheme that allows for encryption with minimal modifications to the way that existing applications work. HPE FPE is a mode of AES, recognized by NIST (see NIST SP- 800-38G). • HPE Secure Stateless Tokenization (HPE SST) is an advanced, patent- pending data security technology that provides enterprises, merchants and payment processors with a new approach to help assure protection for payment card data, with significant Payment Card Industry Data Security Standard (PCI DSS) audit scope reduction. HPE SST technology dramatically improves speed, scalability, security and manageability over conventional and first-generation tokenization solutions. And it does so while eliminating the need to build and maintain token databases and all of the cost and complexity that goes along with such traditional token databases. Why Implement Data-Centric Protection Organizations typically employ a layered approach to prevent access to their enterprises and to protect their data. However, even using such a layered approach involving various point solutions, security gaps remain that can be exploited by cyber-criminals. It’s quite common for organizations to feel confident that they are well protected, only to be rudely disabused of that notion by a clever, industrious crook. That’s why Booz Allen Hamilton and HPE Security - Data Security have developed and strongly advocate a different approach – a data-centric, data de-identifying approach to data security that enables you to protect data over its entire lifecycle – from the point at which it’s captured, throughout its movement across your extended enterprise, all without exposing live information to high-risk, high-threat environments. That’s the essence of data-centric security. HPE SecureData solutions, including HPE Format-Preserving Encryption (FPE), and HPE Secure Stateless Tokenization (SST), protect sensitive data as soon as it is acquired and ensures that it is always used, transferred and stored in protected form. It effectively “de-identifies” data, rendering it useless to attackers, while maintaining its usability and usefulness – its referential integrity – for authorized production and non-production data processes, applications and services. Data De-Identification with HPE SecureData quite literally neutralizes data breaches by making your protected data absolutely worthless to an attacker. Figure 3: HPE SecureData - Data-Centric Protection with HPE FPE and HPE SST FPE FPE SST FPE FPE Name SS# Credit Card# Street Address Customer ID Name SS# Credit Card# Street Address Customer ID James Potter Ryan Johnson Carrie Young Brent Warner Anna Berman Kwfdv Cqvzgk Veks lounrfo Pdnme Wntob Eskfw Gzhqlv Jsfk Tbluhm 161-82-1292 200-79-7127 095-52-8683 178-17-8353 525-25-2125 37123 786354 51001 5587 0856 7634 0139 5348 9209 2367 2829 4929 4333 0934 4379 4556 2545 6223 1830 2890 Ykzbpoi Clpppn 406 Cmxto Osfalu 1498 Zejojtbbx pqkag 8261 Saicbmeayqw Yotv 8412 Wbbhalhs Ueyzg S7202483 B0928254 G8265029 G3951257 B662594 385-12-1199 857-64-4190 761-58-6733 604-41-6687 416-03-4226 37123 456789 01001 5587 0806 2212 0139 5348 9261 0695 2829 4929 4358 7398 4379 4556 2525 1285 1830 1279 Farland Avenue 111 Grant Street 4513 Cambridge Court 1984 Middleville Road 2893 Hamilton Drive G8199143 S3626248 B0191348 G8888767 S9298273 This is an illustration of HPE FPE and HPE SST in use. Note how HPE FPE encrypts the original data without changing the format. HPE SST tokenizes data without the need to build and maintain a token database. White Paper Figure 2: Cyber-solution Blueprinting Process
  • 6.
    Data-Centric Protection inthe Real World Let’s take a look at several quite real and quite demanding situations in which these technologies are in use. Live Production Data Protecting live production data is both an obvious imperative and, perhaps, the very definition of mission- critical. You may have transaction information, for example, that’s being captured in a mainframe environment. You want to encrypt that data in a very simple way so you can protect it even as it moves out and into other types of systems – perhaps various Oracle databases for departmental use, or into Hadoop for big data analytics, or into the cloud for outsourcing of testing, application development. The data likely contains at least some sensitive data – it may be personally identifiable customer information (e.g. credit card numbers, social security numbers, etc.) as well as external, third party data, perhaps HIPAA regulated data. Consider the example of a global insurance company that wants to reduce its cost of application development. The company needs to provide its offshore vendor with realistic data in order to do this development work. But it cannot afford to risk providing the vendor with the actual data that application is being developed for. Using HPE SecureData technology, the company can provide the vendor with realistically formatted data that has been completely de-identified. In that way, it can achieve its development cost reduction goal without jeopardizing its live production data. Or the company may want to do various types of analytics on broad data sets consisting of hundreds of millions of records. In such a case it would extract data from traditional highly trusted data-warehouse environments and move and merge those data sets into low-cost Hadoop ecosystems. you’d also be exposing the data to other downstream systems and tools like Greenplum or Data Mirror via ETL tools. Again, protecting the live data requires that it be de-identified, prior to being moved out of the trusted data warehouse environments. Additionally, you might also want to be able to reverse the process after the analytics are performed. HPE SecureData technology provides the ability to analyze the data in a protected form and then under very tight policy control, be returned to its original form once back in the warehouse. This kind of flexible, data-centric protection is extremely valuable and is employed in many organizations. High Performance Hadoop Data De-identification While many times organizations have the luxury of being able to stage the de-identification process, in other instances the de-identification must be done on the fly. For instance, a global communications company needs to routinely analyze several hundred million customer records to detect patterns to provide the intelligence needed for retail optimization and other business activities. Similarly, a healthcare innovator wanted to do real-time analysis of pharmaceutical, healthcare and third party data to provide the information and insights it needed to create and offer new, high value services to medical networks. In these instances, the organizations used HPE SecureData technologies to de-identify event-driven data from multiple sources in real time in order to accomplish their extraordinarily demanding business objectives, while fully protecting sensitive personal, financial, and healthcare data. • HPE Page-Integrated Encryption (HPE PIE) encrypts sensitive user data in the browser and allows that data to travel encrypted through intermediate application tiers. Unlike traditional TLS/SSL encryption, this keeps user data private as it travels through load balancers and web application stacks, only decrypting that data when it reaches secured inner host systems. PIE encrypts data with host-supplied single use keys, making a breach of a user browser session useless for decrypting any other data in the system. These technologies can be used individually or in combination to provide highly scalable, high performance data de-identification that is standards based and that has been proven effective in many demanding real-world situations. White Paper
  • 7.
    Protecting Data inthe Cloud As organizations extend their enterprises to the cloud – using both public and private clouds – as part of their efforts to reduce costs, all sorts of data protection red flags begin waving. They may be extending their enterprises to the cloud for storage, to run applications such as fraud detection or perform various analytics. The cloud does provide a low-cost environment in which to operate, but that benefit is accompanied by significant data security risks. It’s easy enough to send a continuum of data up into cloud platforms like Azure or AWS, but not so easy to exert the level of control over these environments that you can in your own data centers. For instance, one global finance firm moved its customer data analysis to Azure Workloads in order to cut per application costs by 40%. Another organization – a global investment bank, created a private cloud stack to enable it to deliver new services more rapidly. The data being moved to the cloud included CRM, PCI (payment card industry) and other personally identifiable information. These organizations felt confident in making these moves thanks to the business-enabling power of HPE SecureData data de- identification technology. Protecting Sensitive Data in Test and Development Environments Generating data for test and development environments presents serious challenges for enterprise security and risk management. When data is copied from production databases and used directly for application development, large volumes of private data accumulate on unprotected servers and workstations. The use of outsourced and offshore QA and development services further increases the risks and costs of data leakage – potentially resulting in damages affecting reputation, compliance, and revenues. A nonprofit financial services company that provides financing to rural electric cooperatives in the U.S. faced just this challenge. To reduce the application development and testing costs for a new web application, the organization decided to offshore the project. It needed, however, to provide the offshore contractor with realistic data for use in development and testing, but not the actual, confidential data, which if stolen, could wreak havoc with the organization’s reputation, member relationships and survival. By using HPE SecureData with HPE FPE, it was able to meet its tight deadline for this offshore project, reduce its application development costs, effectively neutralize data breaches, ensure the security of its sensitive data and maintain the confidence of its members. Business Empowerment and Solid Data Protection: You Can Have Both As discussed earlier, security approaches that have attempted to prevent cyber criminals from accessing enterprise data have been less than fully effective. That does not mean you should abandon network security, of course. It’s just that you can’t rely solely on perimeter defenses to protect your invaluable data assets. Only by employing a data-centric data protection approach can you truly reduce your risk profile and render attacks on your data pointless and worthless. By de-identifying critical data throughout its entire life-cycle, you can neutralize data breaches while retaining your data’s referential integrity and usability. Most important, implementing a data-centric program does not hamper your organization’s ability to access, move, analyze, and use your data to enable business success. The unique cyber-solution blueprinting and data de-identification processes described in this white paper – beginning with an enterprise risk assessment, then the development of a cyber-solution blueprint, and the implementation of HPE SecureData data de-identification solutions – have proven effective in numerous extremely challenging situations and environments. They provide consistent, robust data protection while also protecting organizations’ access to the information they rely upon to run and grow their businesses. And they do this without you having to embark on a lengthy and horrendously expensive project. In fact, they produce significant cost savings while providing the business with the information it needs to glean critical insights that can lead to formidable growth and enhanced customer loyalty. White Paper
  • 8.
    About Booz AllenHamilton Booz Allen Hamilton has been at the forefront of strategy and technology for more than 100 years. Today, the firm provides management and technology consulting and engineering services to leading Fortune 500 corporations, governments, and not-for-profits across the globe. Booz Allen partners with public and private sector clients to solve their most difficult challenges through a combination of consulting, analytics, mission operations, technology, systems delivery, cybersecurity, engineering, and innovation expertise. With international headquarters in McLean, Virginia, the firm employs more than 22,500 people globally, and had revenue of $5.27 billion for the 12 months ended March 31, 2015. To learn more, visit www.boozallen.com. (NYSE: BAH) About HPE Security - Data Security HPE Security - Data Security drives leadership in data-centric security and encryption solutions. With over 80 patents and 51 years of experience we protect the world’s largest brands and neutralize breach impact by securing sensitive data-at-rest, in use and in motion. Our solutions provide advanced encryption, tokenization and key management that protect sensitive data across enterprise applications, data processing infrastructure, cloud, payments ecosystems, mission critical transactions, storage and big data platforms. HPE Security - Data Security solves one of the industry’s biggest challenges: simplifying the protection of sensitive data in even the most complex use cases. For more information, visit www.voltage.com. To learn how this approach to data protection can allow your organization to deploy your data where, when and to whom it needs to be deployed while keeping it fully protected visit www.voltage.com and/or contact BAH: Ernie Anderson Principal anderson_ernie@bah.com 619-663-7757 Stephen Coraggio Principal corragio_stephen@bah.com 917-305-8004 Chris White Senior Associate white_chris@bah.com 517-524-7175 White Paper © Copyright 2015 Hewlett Packard Enterprise Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. December 2015 Learn More www.voltage.com hpe.com/software/DataSecuritySign up for updates Rate this document