Emerging Data Privacy and Security for Cloud
Title "Emerging Data Privacy and Security for Cloud" Abstract: Personal data privacy will be the most prominent issue affecting how businesses gather, store, process, and disclose data in public cloud. Gartner includes data ethics and privacy on their list of the top 10 strategic technology trends of 2019, placing it on the same level as AI-driven development, blockchain, and edge computing. Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level. Many companies are focusing on data privacy from the legal and security side, which are foundational, but are missing the focus on data. The good news is that these data privacy regulations compel businesses to get a handle on personal data — how they get it, where they get it from, which systems process it, where it goes internally and externally, etc. In other words, the new norms of data privacy require proactive data management, which enables organizations to extract real business value from their data, improve the customer experience, streamline internal processes, and better understand their customers. Companies continue to transition to more costefficient cloud-based solutions, their email and other valuable data migrate along with them. The new Verizon Data Breach Investigations Report (DBIR) provides perspectives on how Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value. Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation are often discussed in the context of identifying individuals whose information may be in a database. Secure multi-party computation (also known as secure computation, multi-party computation (MPC), or privacy-preserving computation) is a subfield of cryptography with the goal of creating methods for parties to jointly compute a function over their inputs while keeping those inputs private. We will discuss how these emerging data privacy technologies can limit the privacy impact on individuals whose information is in a database. Let’s break down the differences and see where these techniques fit best in an organization’s security and privacy strategy and align with privacy law requirements. You will learn - The latest trends and strategies for securing sensitive data in cloud and the enterprise - How to discover and capture your data inventory - What’s needed to prevent a data breach by securing your critical data and protect your reputation
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Emerging Data Privacy and Security for Cloud
Similar to Emerging Data Privacy and Security for Cloud (20)
More from Ulf Mattsson
More from Ulf Mattsson (20)
Recently uploaded
Recently uploaded (20)
Emerging Data Privacy and Security for Cloud
- 1. 1 Emerging Data Privacy and Security for Cloud Ulf Mattsson, TokenEx
- 2. 2 Ulf Mattsson, BIO + Mr. Mattsson is currently the Head of Innovation at TokenEx, a cloud-based data security company, was previously Chief Technology Officer at Atlantic BT Security Solutions, and earlier Chief Technology Officer at Compliance Engineering. He was the Chief Technology Officer and a technology founder of Protegrity. + Prior to Protegrity, he worked 20 years at IBM's Research and Development organization, in the areas of Application and Database Security. He also worked at companies providing Data Discovery Services, Cloud Application Security Brokers, Web Application Firewalls, Managed Security Service, Security Operation Center, and Cybersecurity consulting. + Mr. Mattsson is an Inventor of 73 Awarded and Issued US Patents. + He delivered joint Application and Data Protection products and development teams at IBM, Microsoft, Hewlett-Packard, Oracle, Teradata, and RSA Security (Dell). Mr. Mattsson is a also advising companies in the area of AI, Machine Learning and Quantum Computing technologies. + Mr. Mattsson also owns and manages the BrightTALK “Cybersecurity - The No Spin Zone” and “The Blockchain Channel.”
- 3. 3 *: By 2023, 20% of organizations will be budgeting for quantum computing projects, compared to less than 1% in 2018, Gartner. *
- 7. 7 Source: Verizon 2019 Data Breach Investigations Report
- 8. 8 Source: Verizon 2019 Data Breach Investigations Report
- 9. 9 Source: Verizon 2019 Data Breach Investigations Report
- 10. 10 Source: Verizon 2019 Data Breach Investigations Report
- 11. 11 Data Security Context Operating System Security Controls OS File System Database Application Framework Application Source Code Data Security Context High Low Application Data Network External Network Internal Network Application Server 11
- 12. 12 Cloud
- 13. 13
- 14. 14
- 15. 15
- 16. 16
- 17. 17
- 18. 18
- 19. 19
- 20. 20
- 21. 21
- 23. 23 Cloud Data Security Operating System Security Control OS File System Database Application Framework Application Source Code Application Data Network External Network Internal Network Application Server 23 Publi c Cloud Public Security Cloud Security Separation
- 24. 24 Security Separation in Cloud Internal Network Administrator Remote User Internal User Public Cloud Examples Each authorized field is in clear Cloud Gateway Data Security for including encryption, tokenization or masking of fields or files (at transit and rest) Public Security Cloud Security Separation
- 26. 26 Advanced PII/PI Discovery Source: BigId 1. Find & Inventory All Personal Data At Scale. 2. Machine learning & identity intelligence technology. 3. Identify all PII across structured, unstructured, cloud & Big Data. 4. Inventory PII by data subject & residency for GDPR. 5. Measure data re-identifiability for pseudonymization. 6. Uncover dark or uncatalogued data. 7. Fix data quality, visualize PII data relationships. 8. Build & Measure Data Risk KPIs. 9. Measure risk by data sensitivity, location, access, consent etc. 10. Customize multiple risk models tailored to internal audiences. 11. Get actionable recommendations for security & privacy. 12. Bubble up risky data & activities for attention. 13. Assign investigation & remediation tasks. 14. Tag files with risk parameters for enhanced DLP, DAM, DRM.
- 27. 27 Positioning of some Encryption and Privacy Models Source: INTERNATIONAL STANDARD ISO/IEC 20889 Privacy enhancing data de-identification terminology and classification of techniques Data has the same format, including the length, as the original data. Server model Local model Differential Privacy (DP) Formal privacy measurement models (PMM)De-identification techniques (DT) Cryptographic tools (CT) Format Preserving Encryption (FPE) Homomorphic Encryption (HE) Two values encrypted with the same public key can be combined* K-anonymity model Responses to queries are only able to be obtained through a software component or “middleware”, known as the “curator**” The entity receiving the data is looking to reduce risk Ensures that for each identifier there is a corresponding equivalence class containing at least K records *: Multi Party Computation (MPC) **: Example Apple
- 28. 28 Positioning of some Encryption and Privacy Models Source: INTERNATIONAL STANDARD ISO/IEC 20889 Clear 123 897 Differential Privacy (DP) Format Preserving Encryption (FPE) Homomorphic Encryption (HE) k-Anonymity Model FPE Enc __ __ __ **: Example Apple Clear_D1 Clear Protected Curator** Filter Clear Cleanser Filter Cleanser Filter Clear __ __ __ *: Multi Party Computation (MPC) Op (Enc_D1, Enc_D2) HE Dec HE Enc HE Enc Clear12 FPE Dec Clear 123 Protec ted DB DB Protected Keys Protected Key Clear_D2 Enc_D1 Enc_D2 “Untrusted Party*”
- 29. 29 Secure multi-party computation (MPC) and Homomorphic encryption
- 30. 30 Secure Multi-Party Computation (MPC) Source: https://eprint.iacr.org/2018/450.pd
- 31. 31 Security Metrics from DevOps # Vulnerabilities Time
- 32. 32 Generating Key Security Metrics 32 # Vulnerabilities Time
- 33. 33 DGPR & CCPA
- 34. 34
- 35. 35
- 36. 36 Source: IBM Encryption and TokenizationDiscover Data Assets Security by Design GDPR Security Requirements – Encryption and Tokenization
- 37. 37 Data sources Data Warehouse In Italy Complete policy- enforced de- identification of sensitive data across all bank entities Example of Cross Border Data-centric Security • Protecting Personally Identifiable Information (PII), including names, addresses, phone, email, policy and account numbers • Compliance with EU Cross Border Data Protection Laws • Utilizing Data Tokenization, and centralized policy, key management, auditing, and reporting
- 38. 38 Differential privacy, Tokenization, Homomorphic encryption, and Privacy- preserving computation
- 39. 39 On Premise tokenization • Limited PCI DSS scope reduction - must still maintain a CDE with PCI data • Higher risk – sensitive data still resident in environment • Associated personnel and hardware costs Cloud-Based tokenization • Significant reduction in PCI DSS scope • Reduced risk – sensitive data removed from the environment • Platform-focused security • Lower associated costs – cyber insurance, PCI audit, maintenance Total Cost and Risk of Tokenization in Cloud vs On-prem
- 41. 41
- 43. 43 Emerging De Jure Standards for SSI Verifiable Credentials DID Auth DKMS (Decentralized Key Management System) DID (Decentralized Identifier) Source: Sovrin.org
- 44. 44 • Format-preserving encryption (FPE) is useful in situations where fixed-format data, such as Primary account numbers Social Security numbers, must be protected. • FPE will limit changes to existing communication protocols, database schemata or application code. 44Source: Accredited Standards Committee ANSI X9 2018 ANSI X9 STANDARD FOR FORMAT PRESERVING ENCRYPTION
- 45. 45
- 46. 46
- 47. 47
- 48. 48 Thank You! Ulf Mattsson, TokenEx ullf@ulfmattsson.com www.TokenEx.com