Ulf Mattsson presented on bridging the gap between privacy and big data. He discussed the evolution of data security methods from coarse-grained to fine-grained approaches like field encryption, masking, and tokenization. Mattsson also covered key drivers for data security like regulations, expanding threats, and enabling data insight while maintaining privacy. Examples of data de-identification methods like tokenization and encryption were provided to protect identifiable information.
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Ulf Mattsson
Â
Myths & Realities of Data Security & Compliance - ISACA Atlanta - Ulf Mattsson Jul 22 2016.
Data breaches are on the rise. The constant threat of cyber attacks combined with the high cost and a shortage of skilled security engineers has put many companies at risk. There is a shift in cybersecurity investment and IT risk and security leaders must move from trying to prevent every threat and acknowledge that perfect protection is not achievable. PCI DSS 3.2 is out with an important update on data discovery and requirements to detect security control failures.
In this session, cybersecurity expert Ulf Mattsson will highlight current trends in the security landscape based on major industry report findings, and discuss how we should re-think our security approach.
Key note in nyc the next breach target and how oracle can help - nyougUlf Mattsson
Â
Old security approaches are based on finding malware and data leaks. This is like "boiling the ocean," since you are “patching” all possible data paths and data stores, and you may not even find a trace of an attack. New security approaches assume that you are under attack and focus instead on protecting the data itself, even in computer memory (the “target” for a growing number of attacks). This session discusses what companies can do now to prevent what happened to Target and others processing PII, PHI and PCI data. The Oracle Big Data Appliance is a critical part of the solution.
Ulf Mattsson will highlight current trends in the security landscape based on major industry report findings, and discuss how we should re-think our security approach.
Isaca new delhi india privacy and big dataUlf Mattsson
Â
This document summarizes Ulf Mattsson's presentation on bridging the gap between privacy and big data. Some key points:
- Ulf Mattsson is the CTO of Protegrity and has over 20 years of experience in encryption, tokenization, and data security.
- Big data and cloud computing are driving needs for data security due to regulations, expanding threats, and the desire to gain insights from sensitive data. However, emerging technologies also introduce new vulnerabilities.
- Regulations like PCI DSS and various privacy laws mandate protecting sensitive data. Compliance is important as non-compliance results in fines.
- Threats are also expanding as cyber criminals target valuable data and insiders remain
Data centric security key to digital business success - ulf mattsson - bright...Ulf Mattsson
Â
The document discusses the need for data-centric security strategies to protect sensitive data in digital business systems. As data generation grows exponentially due to technologies like cloud computing, big data, and IoT, cybercriminals have more opportunities. A data-centric approach is needed to merge data security with productivity by controlling access, classifying data, and techniques like encryption, tokenization, and monitoring across structured and unstructured data silos. Solutions that provide centralized security policies and audit/protection of data throughout its entire flow can safely unlock the power of digital business.
Learn how to get more out of your PCI investment with this presentation from SafeNet titled: "Life After Compliance". Derek Tumulak discusses current approaches to PCI DSS compliance, challenges to ensuring compliance, and how to achieve best practices while addressing compliance challenges.
A detailed analysis on the Security Standard goals and requirements. Examples of companies that failed to comply, with emphasis on which part of the security standards they violated and the fines that resulted as a result of their non-compliance.
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Ulf Mattsson
Â
Myths & Realities of Data Security & Compliance - ISACA Atlanta - Ulf Mattsson Jul 22 2016.
Data breaches are on the rise. The constant threat of cyber attacks combined with the high cost and a shortage of skilled security engineers has put many companies at risk. There is a shift in cybersecurity investment and IT risk and security leaders must move from trying to prevent every threat and acknowledge that perfect protection is not achievable. PCI DSS 3.2 is out with an important update on data discovery and requirements to detect security control failures.
In this session, cybersecurity expert Ulf Mattsson will highlight current trends in the security landscape based on major industry report findings, and discuss how we should re-think our security approach.
Key note in nyc the next breach target and how oracle can help - nyougUlf Mattsson
Â
Old security approaches are based on finding malware and data leaks. This is like "boiling the ocean," since you are “patching” all possible data paths and data stores, and you may not even find a trace of an attack. New security approaches assume that you are under attack and focus instead on protecting the data itself, even in computer memory (the “target” for a growing number of attacks). This session discusses what companies can do now to prevent what happened to Target and others processing PII, PHI and PCI data. The Oracle Big Data Appliance is a critical part of the solution.
Ulf Mattsson will highlight current trends in the security landscape based on major industry report findings, and discuss how we should re-think our security approach.
Isaca new delhi india privacy and big dataUlf Mattsson
Â
This document summarizes Ulf Mattsson's presentation on bridging the gap between privacy and big data. Some key points:
- Ulf Mattsson is the CTO of Protegrity and has over 20 years of experience in encryption, tokenization, and data security.
- Big data and cloud computing are driving needs for data security due to regulations, expanding threats, and the desire to gain insights from sensitive data. However, emerging technologies also introduce new vulnerabilities.
- Regulations like PCI DSS and various privacy laws mandate protecting sensitive data. Compliance is important as non-compliance results in fines.
- Threats are also expanding as cyber criminals target valuable data and insiders remain
Data centric security key to digital business success - ulf mattsson - bright...Ulf Mattsson
Â
The document discusses the need for data-centric security strategies to protect sensitive data in digital business systems. As data generation grows exponentially due to technologies like cloud computing, big data, and IoT, cybercriminals have more opportunities. A data-centric approach is needed to merge data security with productivity by controlling access, classifying data, and techniques like encryption, tokenization, and monitoring across structured and unstructured data silos. Solutions that provide centralized security policies and audit/protection of data throughout its entire flow can safely unlock the power of digital business.
Learn how to get more out of your PCI investment with this presentation from SafeNet titled: "Life After Compliance". Derek Tumulak discusses current approaches to PCI DSS compliance, challenges to ensuring compliance, and how to achieve best practices while addressing compliance challenges.
A detailed analysis on the Security Standard goals and requirements. Examples of companies that failed to comply, with emphasis on which part of the security standards they violated and the fines that resulted as a result of their non-compliance.
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonUlf Mattsson
Â
Ulf Mattsson is the CTO of Protegrity, a company that provides data security solutions through encryption, tokenization, and policy-driven approaches. He has over 20 years of experience in data security research. This presentation discusses evolving data security risks and reviews options for enterprise data protection strategies. It examines studies on implementing protection in real-world scenarios and recommends balancing performance, security, and compliance when choosing defenses for sensitive data across different systems and storage locations. The presentation also introduces Protegrity's centralized risk-adjusted platform for securing data throughout its lifecycle.
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
Â
Personal data privacy will be the most prominent issue affecting how businesses gather, store, process, and disclose data in public cloud. Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level. Many companies are focusing on data privacy from the legal and security side, which are foundational, but are missing the focus on data. The good news is that these data privacy regulations compel businesses to get a handle on personal data — how they get it, where they get it from, which systems process it, where it goes internally and externally, etc. In other words, the new norms of data privacy require proactive data management, which enables organizations to extract real business value from their data, improve the customer experience, streamline internal processes, and better understand their customers.
The new Verizon Data Breach Investigations Report (DBIR) provides perspectives on how Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value.
This session will discuss Emerging Application and Data Protection for Multi-cloud and review Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation.
• Learn New Application and Data Protection Strategies
• Learn Advancements in Machine Learning
• Learn how to develop a roadmap for EU GDPR compliance
• Learn Data-centric Security for Digital Business
• Learn Where Data Security and Value of Data Meet in the Cloud
• Learn Data Protection On-premises, and in Public and Private Clouds
• Learn about Emerging Application and Data Protection for Multi-cloud
• Learn about Emerging Data Privacy and Security for Cloud
• Learn about New Enterprise Application and Data Security Challenges
• Learn about Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation
Securing data today and in the future - Oracle NYCUlf Mattsson
Â
NYOUG - New York Oracle Users Group:
- Risks Associated with Cloud Computing
- Data Tokens in a Cloud Environment
- Data Tokenization at the Gateway Layer
- Data Tokenization at the Database Layer
- Risk Management and PCI
Evolving regulations are changing the way we think about tools and technologyUlf Mattsson
Â
Discover the latest in RegTech and stay up-to-date on compliance tools and best practices.
The move to digital has meant that many organizations have had to rethink legacy systems.
They need to put the customer first, focus on the Customer Experience and Digital Experience Platforms.
They also need to understand the latest in RegTech and solutions for hybrid cloud.
We will discuss Regtech for the financial industry and related technologies for compliance.
We will discuss new International Standards, tools and best practices for financial institutions including PCI v4, FFIEC, NACHA, NIST, GDPR and CCPA.
We will discuss related technologies for Data Security and Privacy, including data de-identification, encryption, tokenization and the new API Economy.
Emerging application and data protection for multi cloudUlf Mattsson
Â
Emerging Application and Data Protection for Multi-Cloud
Personal data privacy will be the most prominent issue affecting how businesses gather, store, process, and disclose data in public cloud. Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level. Many companies are focusing on data privacy from the legal and security side, which are foundational, but are missing the focus on data. The good news is that these data privacy regulations compel businesses to get a handle on personal data - how they get it, where they get it from, which systems process it, where it goes internally and externally, etc. In other words, the new norms of data privacy require proactive data management, which enables organizations to extract real business value from their data, improve the customer experience, streamline internal processes, and better understand their customers. The new Verizon Data Breach Investigations Report (DBIR) provides perspectives on how Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value. This session will discuss Emerging Application and Data Protection for Multi-cloud and review Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation.
In depth presentation covers market trends and risks related to network security & big ‎data analytics. The presentation was given by Matan Trogan at Cybertech Singapore.
• Overview of changes and clarification
• Additional requirements for service providers
• Additional requirements for change control processes
• Multifactor authentication
• Penetration testing changes
• SSL/TLS changes and implications
• Timing of changes
A practical data privacy and security approach to ffiec, gdpr and ccpaUlf Mattsson
Â
With sensitive data residing everywhere, organizations becoming more mobile, and the breach epidemic growing, the need for advanced data privacy and security solutions has become even more critical. French regulators cited GDPR in fining Google $57 million and the U.K.'s Information Commissioner's Office is seeking a $230 million fine against British Airways and seeking $124 million from Marriott. Facebook is setting aside $3 billion to cover the costs of a privacy investigation launched by US regulators.
This session will take a practical approach to address guidance and standards from the Federal Financial Institutions Examination Council (FFIEC), EU GDPR, California CCPA, NIST Risk Management Framework, COBIT and the ISO 31000 Risk management Principles and Guidelines.
Learn how new data privacy and security techniques can help with compliance and data breaches, on-premises, and in public and private clouds.
Practical risk management for the multi cloudUlf Mattsson
Â
This session will take a practical approach to IT risk management and discuss multi cloud, Verizon Data Breach Investigations Report (DBIR) and how Enterprises are losing ground in the fight against persistent cyber-attacks. We simply cannot catch the bad guys until it is too late. This picture is not improving. Verizon reports concluded that less than 14% of breaches are detected by internal monitoring tools.
We will review the JP Morgan Chase data breach were hackers were in the bank’s network for months undetected. Network configuration errors are inevitable, even at the largest banks as Capital One that recently had a data breach where a hacker gained access to 100 million credit card applications and accounts.
Viewers will also learn about:
- Macro trends in Cloud security and Micro trends in Cloud security
- Risks from Quantum Computing and when we should move to alternate forms of encryption
- Review “Kill Chains” from Lockhead Martin in relation to APT and DDoS Attacks
- Risk Management methods from ISACA and other organizations
Speaker: Ulf Mattsson, Head of Innovation, TokenEx
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Ulf Mattsson
Â
Big Data systems like Hadoop provide analysis of massive amounts of data to open up “Big Answers”, identifying trends and new business opportunities. The massive scalability and economical storage also provides the opportunity to monetize collected data by selling it to a third party.
However, the biggest issue with Big Data remains security. Like any other system, the data must be protected according to regulatory mandates, such as PCI, HIPAA and Privacy laws; from both external and internal threats – including privileged users.
So how can we bridge the gap between access to vast amounts of data, and security of more and more types of data, in this rapidly evolving new environment?
In this webinar, Ulf Mattsson explores the issues and provide solutions to bring together data insight and security in Big Data. With deep knowledge in advanced data security technologies, Ulf explains the best practices in order to safely unlock the power of Big Data.
Reducing cardholder data footprint with tokenization and other techniquesVISTA InfoSec
Â
This webinar discusses techniques for reducing an organization's cardholder data footprint to simplify PCI DSS compliance. It covers tokenization, which replaces sensitive card data with random tokens that have no value. Tokenization stores the original data in a secure vault and allows transactions to use tokens instead of real card numbers, reducing the scope of systems and data in scope for PCI compliance. Other techniques discussed include network segmentation, point-to-point encryption, and outsourcing services to PCI-compliant vendors. Reducing an organization's cardholder data footprint lowers the cost and effort of compliance while also preventing data breaches and theft.
Big Data Security Analytics (BDSA) with Randy FranklinSridhar Karnam
Â
The document discusses big data security analytics and how HP addresses related challenges. It notes that big data analytics for security requires real-time analysis of high-volume, diverse data streams. While many big data solutions focus on batch analytics, security demands real-time correlation and detection of threats. The document outlines how HP's ArcSight platform collects, correlates, and analyzes security data from many sources in real-time. It also explains how HP uses Hadoop for long-term storage and analytics, and Autonomy for semantic analysis of unstructured data to enable predictive security.
This document provides an overview of new technologies for data protection presented by Ulf Mattsson, Chief Security Strategist at Protegrity. It discusses several emerging technologies like homomorphic encryption, differential privacy, and secure multi-party computation that can be used to enable secure data sharing and analytics while preserving privacy. It also provides examples of how these technologies can be applied in domains like healthcare, financial services, and retail to derive insights from sensitive data in a privacy-preserving manner and in compliance with regulations.
(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...Priyanka Aash
Â
This session is about how to implement any privacy program in any organization - big or small - the foundational step is to understand what Personal Data an organization deals with, where it lies, how it flows (within & outside the organization), who does what with that data, what are the underlying assets involved, etc. Without this foundation, the organization cannot build the necessary controls required to implement and manage Privacy. However, this is not an easy probem to address. This session does a deep dive into the challenges faced, the methodologies used and tools that can be employed to build AND sustain an organization's data map.
Enterprise Data Protection - Understanding Your Options and StrategiesUlf Mattsson
Â
The document provides an overview of enterprise data protection options and strategies. It discusses the changing threat landscape, including increasingly sophisticated attackers and the need for preventative controls. Regarding payment card industry data security standards (PCI DSS), it notes there are 12 rules and 4 approved ways to render credit card numbers unreadable. A case study is presented of a large retail chain that used tokenization to simplify PCI compliance, achieving benefits like faster audits, lower costs, and better security. Different data security methods like hashing, encryption, and tokenization are compared in terms of how they can be applied at the application, database, and storage levels. Best practices for tokenization and evaluating various approaches are also covered.
Providing managed services to your customers is more than just a proven method to retaining your existing customer base. By providing managed services, you create a recurring revenue stream that allows you to proactively plan for the growth of your business. Higher margins and a better business valuation are two of the additional benefits of providing managed services to your customer base.
Not just for IT shops anymore, copier companies, Telco’s and VoIP companies are securing their place in their market by adding managed services to their business profile.
This session will highlight how VoIP companies all over the world have followed N-able’s systematic approach to cross and up sell existing customers and execute on a new clients acquisition strategy to increase services revenue.
The past, present, and future of big data securityUlf Mattsson
Â
ONE OF THE BIGGEST REMAINING CONCERNS REGARDING HADOOP, PERHAPS SECOND ONLY TO ROI, IS SECURITY.
The Past, Present, and Future of Big Data SecurityWhile Apache Hadoop and the craze around Big Data seem to have exploded out into the market, there are still a lot more questions than answers about this new environment.
Hadoop is an environment with limited structure, high ingestion volume, massive scalability and redundancy, designed for access to a vast pool of multi-structured data. What’s been missing is new security tools to match.
Read more in this article by Ulf Mattsson, Protegrity CTO, originally published by Help Net Security’s (IN)SECURE Magazine.
The document provides an overview of cloud infrastructure architecture and security. It discusses key cloud security concepts like the shared responsibility model between cloud providers and customers. It also covers common cloud security categories such as identity and access management, data security, compliance with regulations, and security best practices and frameworks.
Everything You Wanted To Know About CIBIL - www.propertiesandloans.comBhavya Sahni
Â
CIBIL is an organization that tracks individuals' credit histories in India and assigns each a CIBIL score. This score is used by banks and financial institutions to assess loan applications. An individual can check their CIBIL score online for a nominal fee. The score ranges from 900 (supreme) to below 500 (no hope) and impacts what types of loans and interest rates one qualifies for. Maintaining a good credit score involves paying all bills on time, not overusing credit cards, and maintaining a diverse credit profile with a mix of loans and low credit utilization.
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonUlf Mattsson
Â
Ulf Mattsson is the CTO of Protegrity, a company that provides data security solutions through encryption, tokenization, and policy-driven approaches. He has over 20 years of experience in data security research. This presentation discusses evolving data security risks and reviews options for enterprise data protection strategies. It examines studies on implementing protection in real-world scenarios and recommends balancing performance, security, and compliance when choosing defenses for sensitive data across different systems and storage locations. The presentation also introduces Protegrity's centralized risk-adjusted platform for securing data throughout its lifecycle.
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
Â
Personal data privacy will be the most prominent issue affecting how businesses gather, store, process, and disclose data in public cloud. Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level. Many companies are focusing on data privacy from the legal and security side, which are foundational, but are missing the focus on data. The good news is that these data privacy regulations compel businesses to get a handle on personal data — how they get it, where they get it from, which systems process it, where it goes internally and externally, etc. In other words, the new norms of data privacy require proactive data management, which enables organizations to extract real business value from their data, improve the customer experience, streamline internal processes, and better understand their customers.
The new Verizon Data Breach Investigations Report (DBIR) provides perspectives on how Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value.
This session will discuss Emerging Application and Data Protection for Multi-cloud and review Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation.
• Learn New Application and Data Protection Strategies
• Learn Advancements in Machine Learning
• Learn how to develop a roadmap for EU GDPR compliance
• Learn Data-centric Security for Digital Business
• Learn Where Data Security and Value of Data Meet in the Cloud
• Learn Data Protection On-premises, and in Public and Private Clouds
• Learn about Emerging Application and Data Protection for Multi-cloud
• Learn about Emerging Data Privacy and Security for Cloud
• Learn about New Enterprise Application and Data Security Challenges
• Learn about Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation
Securing data today and in the future - Oracle NYCUlf Mattsson
Â
NYOUG - New York Oracle Users Group:
- Risks Associated with Cloud Computing
- Data Tokens in a Cloud Environment
- Data Tokenization at the Gateway Layer
- Data Tokenization at the Database Layer
- Risk Management and PCI
Evolving regulations are changing the way we think about tools and technologyUlf Mattsson
Â
Discover the latest in RegTech and stay up-to-date on compliance tools and best practices.
The move to digital has meant that many organizations have had to rethink legacy systems.
They need to put the customer first, focus on the Customer Experience and Digital Experience Platforms.
They also need to understand the latest in RegTech and solutions for hybrid cloud.
We will discuss Regtech for the financial industry and related technologies for compliance.
We will discuss new International Standards, tools and best practices for financial institutions including PCI v4, FFIEC, NACHA, NIST, GDPR and CCPA.
We will discuss related technologies for Data Security and Privacy, including data de-identification, encryption, tokenization and the new API Economy.
Emerging application and data protection for multi cloudUlf Mattsson
Â
Emerging Application and Data Protection for Multi-Cloud
Personal data privacy will be the most prominent issue affecting how businesses gather, store, process, and disclose data in public cloud. Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level. Many companies are focusing on data privacy from the legal and security side, which are foundational, but are missing the focus on data. The good news is that these data privacy regulations compel businesses to get a handle on personal data - how they get it, where they get it from, which systems process it, where it goes internally and externally, etc. In other words, the new norms of data privacy require proactive data management, which enables organizations to extract real business value from their data, improve the customer experience, streamline internal processes, and better understand their customers. The new Verizon Data Breach Investigations Report (DBIR) provides perspectives on how Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value. This session will discuss Emerging Application and Data Protection for Multi-cloud and review Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation.
In depth presentation covers market trends and risks related to network security & big ‎data analytics. The presentation was given by Matan Trogan at Cybertech Singapore.
• Overview of changes and clarification
• Additional requirements for service providers
• Additional requirements for change control processes
• Multifactor authentication
• Penetration testing changes
• SSL/TLS changes and implications
• Timing of changes
A practical data privacy and security approach to ffiec, gdpr and ccpaUlf Mattsson
Â
With sensitive data residing everywhere, organizations becoming more mobile, and the breach epidemic growing, the need for advanced data privacy and security solutions has become even more critical. French regulators cited GDPR in fining Google $57 million and the U.K.'s Information Commissioner's Office is seeking a $230 million fine against British Airways and seeking $124 million from Marriott. Facebook is setting aside $3 billion to cover the costs of a privacy investigation launched by US regulators.
This session will take a practical approach to address guidance and standards from the Federal Financial Institutions Examination Council (FFIEC), EU GDPR, California CCPA, NIST Risk Management Framework, COBIT and the ISO 31000 Risk management Principles and Guidelines.
Learn how new data privacy and security techniques can help with compliance and data breaches, on-premises, and in public and private clouds.
Practical risk management for the multi cloudUlf Mattsson
Â
This session will take a practical approach to IT risk management and discuss multi cloud, Verizon Data Breach Investigations Report (DBIR) and how Enterprises are losing ground in the fight against persistent cyber-attacks. We simply cannot catch the bad guys until it is too late. This picture is not improving. Verizon reports concluded that less than 14% of breaches are detected by internal monitoring tools.
We will review the JP Morgan Chase data breach were hackers were in the bank’s network for months undetected. Network configuration errors are inevitable, even at the largest banks as Capital One that recently had a data breach where a hacker gained access to 100 million credit card applications and accounts.
Viewers will also learn about:
- Macro trends in Cloud security and Micro trends in Cloud security
- Risks from Quantum Computing and when we should move to alternate forms of encryption
- Review “Kill Chains” from Lockhead Martin in relation to APT and DDoS Attacks
- Risk Management methods from ISACA and other organizations
Speaker: Ulf Mattsson, Head of Innovation, TokenEx
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Ulf Mattsson
Â
Big Data systems like Hadoop provide analysis of massive amounts of data to open up “Big Answers”, identifying trends and new business opportunities. The massive scalability and economical storage also provides the opportunity to monetize collected data by selling it to a third party.
However, the biggest issue with Big Data remains security. Like any other system, the data must be protected according to regulatory mandates, such as PCI, HIPAA and Privacy laws; from both external and internal threats – including privileged users.
So how can we bridge the gap between access to vast amounts of data, and security of more and more types of data, in this rapidly evolving new environment?
In this webinar, Ulf Mattsson explores the issues and provide solutions to bring together data insight and security in Big Data. With deep knowledge in advanced data security technologies, Ulf explains the best practices in order to safely unlock the power of Big Data.
Reducing cardholder data footprint with tokenization and other techniquesVISTA InfoSec
Â
This webinar discusses techniques for reducing an organization's cardholder data footprint to simplify PCI DSS compliance. It covers tokenization, which replaces sensitive card data with random tokens that have no value. Tokenization stores the original data in a secure vault and allows transactions to use tokens instead of real card numbers, reducing the scope of systems and data in scope for PCI compliance. Other techniques discussed include network segmentation, point-to-point encryption, and outsourcing services to PCI-compliant vendors. Reducing an organization's cardholder data footprint lowers the cost and effort of compliance while also preventing data breaches and theft.
Big Data Security Analytics (BDSA) with Randy FranklinSridhar Karnam
Â
The document discusses big data security analytics and how HP addresses related challenges. It notes that big data analytics for security requires real-time analysis of high-volume, diverse data streams. While many big data solutions focus on batch analytics, security demands real-time correlation and detection of threats. The document outlines how HP's ArcSight platform collects, correlates, and analyzes security data from many sources in real-time. It also explains how HP uses Hadoop for long-term storage and analytics, and Autonomy for semantic analysis of unstructured data to enable predictive security.
This document provides an overview of new technologies for data protection presented by Ulf Mattsson, Chief Security Strategist at Protegrity. It discusses several emerging technologies like homomorphic encryption, differential privacy, and secure multi-party computation that can be used to enable secure data sharing and analytics while preserving privacy. It also provides examples of how these technologies can be applied in domains like healthcare, financial services, and retail to derive insights from sensitive data in a privacy-preserving manner and in compliance with regulations.
(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...Priyanka Aash
Â
This session is about how to implement any privacy program in any organization - big or small - the foundational step is to understand what Personal Data an organization deals with, where it lies, how it flows (within & outside the organization), who does what with that data, what are the underlying assets involved, etc. Without this foundation, the organization cannot build the necessary controls required to implement and manage Privacy. However, this is not an easy probem to address. This session does a deep dive into the challenges faced, the methodologies used and tools that can be employed to build AND sustain an organization's data map.
Enterprise Data Protection - Understanding Your Options and StrategiesUlf Mattsson
Â
The document provides an overview of enterprise data protection options and strategies. It discusses the changing threat landscape, including increasingly sophisticated attackers and the need for preventative controls. Regarding payment card industry data security standards (PCI DSS), it notes there are 12 rules and 4 approved ways to render credit card numbers unreadable. A case study is presented of a large retail chain that used tokenization to simplify PCI compliance, achieving benefits like faster audits, lower costs, and better security. Different data security methods like hashing, encryption, and tokenization are compared in terms of how they can be applied at the application, database, and storage levels. Best practices for tokenization and evaluating various approaches are also covered.
Providing managed services to your customers is more than just a proven method to retaining your existing customer base. By providing managed services, you create a recurring revenue stream that allows you to proactively plan for the growth of your business. Higher margins and a better business valuation are two of the additional benefits of providing managed services to your customer base.
Not just for IT shops anymore, copier companies, Telco’s and VoIP companies are securing their place in their market by adding managed services to their business profile.
This session will highlight how VoIP companies all over the world have followed N-able’s systematic approach to cross and up sell existing customers and execute on a new clients acquisition strategy to increase services revenue.
The past, present, and future of big data securityUlf Mattsson
Â
ONE OF THE BIGGEST REMAINING CONCERNS REGARDING HADOOP, PERHAPS SECOND ONLY TO ROI, IS SECURITY.
The Past, Present, and Future of Big Data SecurityWhile Apache Hadoop and the craze around Big Data seem to have exploded out into the market, there are still a lot more questions than answers about this new environment.
Hadoop is an environment with limited structure, high ingestion volume, massive scalability and redundancy, designed for access to a vast pool of multi-structured data. What’s been missing is new security tools to match.
Read more in this article by Ulf Mattsson, Protegrity CTO, originally published by Help Net Security’s (IN)SECURE Magazine.
The document provides an overview of cloud infrastructure architecture and security. It discusses key cloud security concepts like the shared responsibility model between cloud providers and customers. It also covers common cloud security categories such as identity and access management, data security, compliance with regulations, and security best practices and frameworks.
Everything You Wanted To Know About CIBIL - www.propertiesandloans.comBhavya Sahni
Â
CIBIL is an organization that tracks individuals' credit histories in India and assigns each a CIBIL score. This score is used by banks and financial institutions to assess loan applications. An individual can check their CIBIL score online for a nominal fee. The score ranges from 900 (supreme) to below 500 (no hope) and impacts what types of loans and interest rates one qualifies for. Maintaining a good credit score involves paying all bills on time, not overusing credit cards, and maintaining a diverse credit profile with a mix of loans and low credit utilization.
The document discusses how IoT is revolutionizing customer experience through beacon technology. It notes that over 25 billion connected devices will be in use by 2020. Beacons are small, battery-powered devices that use Bluetooth Low Energy to broadcast short data strings to nearby devices within a range of up to 100 meters. The document outlines how combining beacon technology with mobile apps and customer data allows for proximity marketing, personalized and real-time content, gamified loyalty programs, and strengthened shopping experiences through indoor navigation, analyzing shopper behavior, and optimizing facilities. It presents Comarch's CRM and marketing solutions for leveraging beacon and customer data to improve customer engagement, targeting, and experiences.
This document is Pietro Santoro's final report on the simulation of communication systems for his master's degree in telecommunication engineering. It contains 4 chapters that discuss modeling a radio relay link using single carrier and multicarrier transmission, simulating the system in MATLAB, analyzing system performance using BER curves, and optimizing parameters like modulation scheme and amplifier backoff. The goal is to design, simulate, and optimize the system to minimize Eb/N0 for a given BER target, comparing techniques like QPSK, OQPSK, 16-QAM, and OFDM.
This document contains a list of 25 civil engineering projects related to structure engineering and 15 projects related to transportation. Some of the structural engineering projects include a comparison of pre-stressed hollow core slab and precast concrete beam-hcb slab systems, the effect of concrete class variation on dynamic response of framed structures, and the evaluation of hammerhead pier cap bridge design. Some of the transportation projects include studying the impact of vehicle-pedestrian interaction on traffic flow at midblocks and intersections, traffic characteristics of non-motorized vehicles in mixed traffic, and modelling bicycle activity in mid-sized Indian cities. The document provides contact information for Newzen Infotech and lists potential civil engineering research topics.
Marketing automation can help companies improve customer retention through various types of targeted communications. Specifically, the document discusses 5 types of automated emails including transactional, abandoned cart, product-related, date-driven, and customer retention emails. It also discusses how increasing customer retention by 5% can increase profits by 75% and how loyal, long-term customers are the most valuable. The rest of the document outlines a retention grid that segments customers into categories like new, promising, drifting, sleepers, loyal, at-risk, and red alerts in order to trigger different automated journeys and communications for keeping each group engaged.
This document provides a list of IEEE 2016 computer science project topics from the company Softroniics. It includes project topics in various technologies like Java, Hadoop, NS2, and more. For each technology, it lists several potential project titles along with the domain and sometimes a brief abstract. It also provides contact information for Softroniics if interested in these project topics and deliverables.
RapidMiner is an environment for machine learning and data mining processes that follows a modular operator concept. It introduces transparent data handling and process modeling to ease configuration for end users. Additionally, its clear interfaces and scripting language based on XML make it an integrated developer environment for data mining and machine learning. To get started with RapidMiner, users download the file for their system from the website, install it by accepting the license agreement and specifying the installation directory, then launch it by double clicking the desktop icon.
Family farming is a major part of the economy and workforce in Africa, the Caribbean, and the Pacific (ACP) regions, supporting over 2 billion people. However, ACP family farms face many challenges, including land degradation, aging farmers, low productivity, and high post-harvest losses. Climate change also threatens to reduce agricultural production. To transform ACP agriculture, opportunities exist in increasing private investment, using digital technologies, and growing urban food markets. Achieving this transformation requires supporting inclusive value chains, strong farmer organizations, sustainable intensification practices, new technologies, and building knowledge platforms.
This document introduces various classification techniques in XLMiner, a data mining add-in for Microsoft Excel, including discriminant analysis, logistic regression, classification trees, naive Bayes, neural networks, and k-nearest neighbors. For each technique, it provides a brief overview and screenshots walking through applying the technique in XLMiner step-by-step.
This document discusses cyberbullying, including definitions, types, venues, statistics, and motivations. It defines cyberbullying as willful and repeated harm inflicted through electronic means, involving a power imbalance. Types include flaming, harassment, cyberstalking, denigration, masquerading, outing, trickery, and exclusion. Common venues are social media sites, texting, chatrooms, and online games. Statistics show many teens frequently use the internet, cell phones, and text messaging daily, and that revenge and thinking the victim deserved it are common motivations for cyberbullying.
This document discusses big data, privacy, and social media. It begins by introducing the concept of privacy and how it has developed legally over time. It then discusses the privacy policies of major social media sites like Facebook, Twitter, and Google+. Next, it defines big data and discusses how personal data is used and potential issues like identity theft. It also covers regulation by the FTC to protect consumer privacy and limit data collection. Finally, it raises discussion questions about expectations of privacy with social media and mobile devices, as well as potential areas of litigation or legal changes.
The document discusses privacy concerns related to big data. It notes that as individuals leave large digital trails through online activities like social media, this data is being collected and analyzed by companies. While this data collection can help with marketing, it also raises privacy issues as digital behavior can be used to infer identities even when data is anonymized. The document explores these tensions and how privacy regulations are aiming to protect individual anonymity, but this is challenging given how useful data loses anonymity.
Cyber Summit 2016: Privacy Issues in Big Data Sharing and ReuseCybera Inc.
Â
This document summarizes a presentation on big data and data reuse given by Bart Custers. It discusses:
1) The Eudeco project which examines big data and data reuse from legal, societal, economic, and technological perspectives across multiple European countries.
2) Issues with data sharing and reuse, including potential privacy violations, discrimination, lack of transparency, and unintended consequences from new uses of data or placing it in new contexts.
3) Potential solutions discussed, including privacy impact assessments, privacy by design, and new approaches focusing more on transparency and responsibility than restricting data access and use.
Cross border - off-shoring and outsourcing privacy sensitive dataUlf Mattsson
Â
Ulf Mattsson is the CTO of Protegrity, with over 20 years of experience in research and development and global services at IBM. He has been involved in developing encryption, tokenization, and intrusion prevention technologies. The document discusses cross-border offshoring and outsourcing of privacy sensitive data in the cloud. It notes that cloud services are often provided by third parties and can involve data being stored in multiple locations. Regulations like PCI DSS and national privacy laws apply when data crosses borders or is outsourced. Sensitive data needs to be protected to comply with regulations and address threats while also enabling useful insights from the data. Methods like de-identification through tokenization and encryption can protect identifiable data
Isaca atlanta - practical data security and privacyUlf Mattsson
Â
1. The document discusses various data security and privacy techniques such as tokenization, encryption, anonymization models, and standards. It provides examples of how these techniques can be applied on-premises and in cloud environments.
2. Major privacy regulations and standards discussed include the GDPR, CCPA, and ISO privacy standards. Key requirements around encryption, tokenization, and data mapping are examined.
3. Different data techniques are compared including differential privacy, homomorphic encryption, k-anonymity models, and their applications in analytics and machine learning.
GDPR and evolving international privacy regulationsUlf Mattsson
Â
The document discusses evolving international privacy regulations, focusing on the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). It notes that many countries are passing new privacy laws influenced by GDPR. Technologies like data tokenization, encryption, and anonymization play an important role in complying with these regulations by protecting personal data throughout its lifecycle. The document provides examples of how technologies can be deployed across on-premises and cloud environments to ensure consistent privacy protection of data.
New regulations and the evolving cybersecurity technology landscapeUlf Mattsson
Â
As the cyber threat landscape continues to evolve, organizations worldwide are increasing their spend on cybersecurity technology. We have a transition from 3rd party security providers into native cloud security services. The challenge of securing enterprise data assets is increasing. What’s needed to control Cyber Risk and stay Compliant in this evolving landscape?
We will discuss evolving industry standards, how to keep track of your data assets, protect your sensitive data and maintain compliance to new regulations.
How the latest trends in data security can help your data protection strategy...Ulf Mattsson
Â
Data breaches are on the rise. The constant threat of cyber attacks combined with the high cost and a shortage of skilled security engineers has put many companies at risk. There is a shift in cybersecurity investment and IT risk and security leaders must move from trying to prevent every threat and acknowledge that perfect protection is not achievable. PCI DSS 3.2 is out with an important update on data discovery and requirements to detect security control failures.
In this webinar, cybersecurity expert Ulf Mattsson will highlight current trends in the security landscape based on major industry report findings, and discuss how we should re-think our security approach.
BigData and Privacy webinar at BrighttalkUlf Mattsson
Â
This document discusses bridging the gap between privacy and big data. It begins with an overview of big data adoption rates and security threats to big data systems. It then discusses new techniques for protecting data like tokenization that help balance security and data access. The document advocates classifying sensitive data types and complying with relevant privacy regulations. It provides examples of how to protect data at the field level using techniques like encryption, tokenization, and access controls. Finally, it discusses best practices for enforcing data protection policies.
Complying with Cybersecurity Regulations for IBM i Servers and DataPrecisely
Â
Multiple security regulations became effective across the globe in 2018, most notably the European Union’s General Data Protection Regulation (GDPR), and additional regulations are on their heels. The California Consumer Privacy Act, with its GDPR-like requirements, is just one of the regulations that requires planning and preparation today.
If you need to implement security policies for IBM i systems and data that will meet today’s compliance requirements and prepare you for those that are on the way, this webinar will help you get on the right track.
Where data security and value of data meet in the cloud brighttalk webinar ...Ulf Mattsson
Â
BrightTALK webinar January 14 2015
The biggest challenge in this new paradigm of the cloud and an interconnected world, is merging data security with data value and productivity. What’s required is a seamless, boundless security framework to maximize data utility while minimizing risk. In this webinar, you’ll learn about value-preserving data-centric security methods, how to keep track of your data and monitor data access outside the enterprise, and best practices for protecting data and privacy in the perimeter-less enterprise.
Unlock the potential of data security 2020Ulf Mattsson
Â
Explore challenges of managing and protecting data. We'll share best practices on establishing the right balance between privacy, security, and compliance
Security Beyond Compliance: Using Tokenisation for Data Protection by Design ...TokenEx
Â
At PCI London 2018, TokenEx Solutions Architect John Noltensmeyer presented modern strategies and methodologies for using cloud-based tokenisation and pseudonymization to ease GDPR burdens. For more information visit www.tokenex.com or contact sales@tokenex.com.
Date: 15th November 2017
Location: AI Lab Theatre
Time: 16:30 - 17:00
Speaker: Elisabeth Olafsdottir / Santiago Castro
Organisation: Microsoft / Keyrus
Safeguarding customer and financial data in analytics and machine learningUlf Mattsson
Â
Digital Transformation and the opportunities to use data in Analytics and Machine Learning are growing exponentially, but so too are the business and financial risks in Data Privacy. The increasing number of privacy incidents and data breaches are destroying brands and customer trust, and we will discuss how business prioritization can be benefit from a finance-based data risk assessment (FinDRA).
More than 60 countries have introduced privacy laws and by 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations. We will discuss use cases in financial services that are finding a balance between new technology impact, regulatory compliance, and commercial business opportunity. Several privacy-preserving and privacy-enhanced techniques can provide practical security for data in use and data sharing, but none universally cover all use cases. We will discuss what tools can we use mitigate business risks caused by security threats, data residency and privacy issues. We will discuss how technologies like pseudonymization, anonymization, tokenization, encryption, masking and privacy preservation in analytics and business intelligence are used in Analytics and Machine Learning.
Organizations are increasingly concerned about data security in processing personal information in external environments, such as the cloud; and information sharing. Data is spreading across hybrid IT infrastructure on-premises and multi-cloud services and we will discuss how to enforce consistent and holistic data security and privacy policies. Increasing numbers of data security, privacy and identity access management products are in use, but they do not integrate, do not share common policies, and we will discuss use cases in financial services of different techniques to protect and manage data security and privacy.
Best Practices for PCI Scope Reduction - TokenEx & KyteTokenEx
Â
Best practices for PCI Scope Reduction includes some common misconceptions, important definitions, and an overview of technologies such as tokenization and encryption to help reduce PCI DSS scope and achieve compliance.
The document discusses preparing organizations for compliance with the EU General Data Protection Regulation (GDPR). It provides an overview of key GDPR requirements, such as obtaining consent for personal data use, implementing privacy by design, and responding to data breaches. The document recommends developing a GDPR action plan that includes conducting privacy impact assessments and audits. Overall, the summary emphasizes the need for organizations to understand how they use personal data and ensure they can meet GDPR requirements for data protection.
Improve IT Security and Compliance with Mainframe Data in SplunkPrecisely
Â
Avoid security blind spots with an enterprise-wide view.
If your organization relies on Splunk as its security nerve center, you can’t afford to leave out your mainframes.
They work with the rest of your IT infrastructure to support critical business applications–and they need to be
viewed in that wider context to address potential security blind spots.
Although the importance of including mainframe data in Splunk is undeniable, many organizations have left it out
because Splunk doesn’t natively support IBM Z® environments. Learn how Precisely Ironstream can help with a
straight-forward, powerful approach for integrating your mainframe security data into Splunk, and making it actionable
once it’s there.
Fully understand how GDPR affects the life of millions of EU citizens by having in mind the 10 simple facts exposed by Dr. Karsten Kinast
The presentation gives a short glimpse in to the motivation of GDPR, the key changes it brings, and the ongoing compliance on information lifecycle it presumes.
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Precisely
Â
The document discusses protecting sensitive data on IBM i systems. It provides an agenda for a webcast covering key concepts for protecting IBM i data privacy including encryption, tokenization, and secure file transfer. It will also introduce the Assure Security solution from Precisely for IBM i compliance and security. The webcast includes segments on protecting data privacy, demonstrating Assure Security, and a question and answer period.
One thing's for sure, there are many choices when it comes to hardware, software and everything in between. How can you know if you have the right infrastructure for moving forward? Many organizations have an IT Assessment done as their organizations grow to determine the best strategic plan for moving forward.
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprUlf Mattsson
Â
Do you have a GDPR Roadmap?
- How to measure Cybersecurity Preparedness
- Oversight of Third Parties
- Related International Standards
- Killing Cloud Quickly?
Technology aspects:
- International/EU PII Customer Case Studies
- Available Data Protection Options
- How to Integrate Security into Application Development
- Security Metrics
Similar to Isaca new delhi india - privacy and big data (20)
Jun 29 new privacy technologies for unicode and international data standards ...Ulf Mattsson
Â
Protecting the increasing use International Unicode characters is required by a growing number of Privacy Laws in many countries and general Privacy Concerns with private data. Current approaches to protect International Unicode characters will increase the size and change the data formats. This will break many applications and slow down business operations. The current approach is also randomly returning data in new and unexpected languages. New approach with significantly higher performance and a memory footprint can be customizable and fit on small IoT devices.
We will discuss new approaches to achieve portability, security, performance, small memory footprint and language preservation for privacy protecting of Unicode data. These new approaches provide granular protection for all Unicode languages and customizable alphabets and byte length preserving protection of privacy protected characters.
Old Approaches
Major Issues
Protecting the increasing use International Unicode characters is required by a growing number of Privacy Laws in many countries and general Privacy Concerns with private data.
Old approaches to protect International Unicode characters will typically increase the size and change the data formats.
This will break many applications and slow down business operations. This is an example of an old approach that is also randomly returning data in new and unexpected languages
Jun 15 privacy in the cloud at financial institutions at the object managemen...Ulf Mattsson
Â
This document discusses privacy and security considerations for financial institutions using cloud services. It begins with an introduction of the speaker, Ulf Mattsson, and his background working with standards bodies. The rest of the document discusses opportunities and challenges around analytics, machine learning, and complying with privacy laws in the cloud. It provides examples of how techniques like homomorphic encryption, differential privacy, and secure multi-party computation can be applied to use cases in areas like payments, risk assessment, and secondary data usage. The document concludes with a discussion of hybrid cloud environments and maintaining consistent security policies across on-premises and cloud platforms.
Book about
Quantum Computing Blockchain Reversable Protection Privacy by Design, Applications and APIs Privacy, Risks, and Threats Machine Learning and Analytics Non-Reversable Protection International Unicode Secure Multi-party Computing Computing on Encrypted Data Internet of Things II. Data Confidentiality and Integrity Standards and Regulations IV. Applications VI. Summary Best Practices, Roadmap, and Vision Trends, Innovation, and Evolution Hybrid Cloud , CASB and SASE Appendix A B C D E I. Introduction and Vision Section Access Control Zero Trust Architecture Trusted Execution Environments III. Users and Authorization Governance, Guidance, and Frameworks V. Platforms Data User App Innovation 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Chapter Discovery and Search Glossary
qubit-conference-new-york-2021: https://nyc.qubitconference.com/
Cybersecurity: Get ready for the unpredictable
Create a sound cybersecurity strategy based on the right technology & budgetary insights, proven practices, and processes for SMEs.
This virtual event will equip CxOs and cybersecurity teams with the right intel to create a sound cybersecurity strategy based on the right technology & budgetary insights, proven practices, and processes specially tailored for SMEs.
Find out how to bring the smart design of cybersecurity architecture and processes, what to automate & how to properly set up internal and external ownership.
The proven cybersecurity strategy fit for your environment can go a long way. Know what to do in-house, what to outsource, set up your budgets right, and get help from the right cybersecurity specialists.
Secure analytics and machine learning in cloud use casesUlf Mattsson
Â
Table of Contents:
Secure Analytics and Machine Learning in Cloud ......................................................................................... 2
Use case #1 in Financial Industry .............................................................................................................. 2
Data Flow .............................................................................................................................................. 2
The approach can be used for other Use-cases .................................................................................... 2
Homomorphic Encryption for Secure Machine Learning in Cloud ............................................................... 3
Evolving Homomorphic Encryption .......................................................................................................... 3
Performance Examples – HE, RSA and AES ........................................................................................... 3
Performance Examples – FHE, NTRU, ECC, RSA and AES ...................................................................... 3
Some popular HE schemes .................................................................................................................... 4
Examples of HE Libraries used by IBM, Duality, and Microsoft ............................................................ 4
Fast Homomorphic Encryption for Secure Analytics in Cloud ...................................................................... 4
Use case #2 in Health Care ........................................................................................................................ 5
Provable security for untrusted environments ..................................................................................... 5
Comparison to multiparty computation and trusted execution environments ................................... 5
Time and memory requirements of HE ................................................................................................ 5
Managing Data Security in Hybrid Cloud ...................................................................................................... 8
Data Security Policy and Zero Trust Architecture ..................................................................................... 8
The future of encryption will change in the Post-Quantum Era: .............................................................. 8
Managing Data Security in a Hybrid World ................................................................................................... 9
Evolving Privacy Regulations ....................................................................................................................... 10
New Ruling in GDPR under "Schrems II" ................................................................................................. 10
The new California Privacy Rights Act (CPRA)
Evolving international privacy regulations and cross border data transfer - g...Ulf Mattsson
Â
We will discuss the Evolving International Privacy Regulations. Cross Border Data Transfer for GDPR under Schrems II is now ruled by an EU court that defined what is required. This ruling can be far reaching for many businesses.
Data encryption and tokenization for international unicodeUlf Mattsson
Â
Unicode is an information technology standard for the consistent encoding, representation, and handling of text expressed in most of the world's writing systems. The standard is maintained by the Unicode Consortium, and as of March 2020, it has a total of 143,859 characters, with Unicode 13.0 (these characters consist of 143,696 graphic characters and 163 format characters) covering 154 modern and historic scripts, as well as multiple symbol sets and emoji. The character repertoire of the Unicode Standard is synchronized with ISO/IEC 10646, each being code-for-code identical with the other.
The Unicode Standard consists of a set of code charts for visual reference, an encoding method and set of standard character encodings, a set of reference data files, and a number of related items, such as character properties, rules for normalization, decomposition, collation, rendering, and bidirectional text display order (for the correct display of text containing both right-to-left scripts, such as Arabic and Hebrew, and left-to-right scripts). Unicode's success at unifying character sets has led to its widespread and predominant use in the internationalization and localization of computer software. The standard has been implemented in many recent technologies, including modern operating systems, XML, Java (and other programming languages), and the .NET Framework.
Unicode can be implemented by different character encodings. The Unicode standard defines Unicode Transformation Formats (UTF) UTF-8, UTF-16, and UTF-32, and several other encodings. The most commonly used encodings are UTF-8, UTF-16, and UCS-2 (a precursor of UTF-16 without full support for Unicode)
The future of data security and blockchainUlf Mattsson
Â
Discussion of Post-Quantum Cryptography and other technologies:
Data Security Techniques
Secure Multi-Party Computation (SMPC)
Homomorphic encryption (HE)
Differential Privacy (DP) and K-Anonymity
Pseudonymization and Anonymization
Synthetic Data
Zero trust architecture (ZTA)
Zero-knowledge proofs (ZKP)
Private Set Intersection (PSI)
Trusted execution environments (TEE)
Post-Quantum Cryptography
Blockchain
Regulations and Standards in Data Privacy
Privacy preserving computing and secure multi-party computation ISACA AtlantaUlf Mattsson
Â
A major challenge that many organizations faces, is how to address data privacy regulations such as CCPA, GDPR and other emerging regulations around the world, including data residency controls as well as enable data sharing in a secure and private fashion. We will present solutions that can reduce and remove the legal, risk and compliance processes normally associated with data sharing projects by allowing organizations to collaborate across divisions, with other organizations and across jurisdictions where data cannot be relocated or shared.
We will discuss secure multi-party computation where organizations want to securely share sensitive data without revealing their private inputs. We will review solutions that are driving faster time to insight by the use of different techniques for privacy-preserving computing including homomorphic encryption, k-anonymity and differential privacy. We will present best practices and how to control privacy and security throughout the data life cycle. We will also review industry standards, implementations, policy management and case studies for hybrid cloud and on-premises.
Protecting data privacy in analytics and machine learning ISACA London UKUlf Mattsson
Â
This document discusses privacy-preserving techniques for machine learning and analytics such as homomorphic encryption, secure multi-party computation, differential privacy, and trusted execution environments. It provides examples of how these techniques can be applied, including allowing sensitive financial and healthcare data to be analyzed while preserving privacy. The document also outlines regulatory requirements around data privacy and international standards that techniques must comply with to protect sensitive information.
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
Â
In the shadow of the global pandemic and the associated economic downturn, organizations are focused on cost optimization, which often leads to impulsive decisions to deprioritize compliance with all nonrevenue programs.
Regulators have evolved to adapt with the notable increase in data subject complaints and are getting more serious about organizations that don’t properly protect consumer data. Marriott was hit with a $124 million fine while Equifax agreed to pay a minimum of $575 million for its breach. The US Federal Trade Commission, the US Consumer Financial Protection Bureau (CFPB), and all 50 U.S. states and territories sued over the company’s failure to take “reasonable steps” to secure its sensitive personal data.
Privacy and data protection are enforced by a growing number of regulations around the world and people are actively demanding privacy protection — and legislators are reacting. More than 60 countries have introduced privacy laws in response to citizens’ cry for transparency and control. By 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations, up from 10% today, according to Gartner. There is a convergence of data privacy principles, standards and regulations on a common set of fundamental principles.
The opportunities to use data are growing exponentially, but so too are the business and financial risks as the number of data protection and privacy regulations grows internationally.
Join this webinar to learn more about:
- Trends in modern privacy regulations
- The impact on organizations to protect and use sensitive data
- Data privacy principles
- The impact of General Data Protection Regulation (GDPR) and data transfer between US and EU
- The evolving CCPA, the new PCI DSS version 4 and new international data privacy laws or regulations
- Data privacy best practices, use cases and how to control sensitive personal data throughout the data life cycle
What is tokenization in blockchain - BCS LondonUlf Mattsson
Â
BCS North London Branch in association with Central London Branch webinar (by GoToWebinar) Date: 2nd December 2020 Time: 18.00 to 19.30 Event title: Blockchain tokenization “What is tokenization in Blockchain?”
Agenda
Blockchain
What is Blockchain?
Use cases, trends and risks
Vendors and platforms
Data protection techniques and scalability
Tokenization
Digital business
Convert a digital value into a digital token
Local and central models
Cloud
Tokenization in Hybrid cloud
Protecting data privacy in analytics and machine learning - ISACAUlf Mattsson
Â
In this session, we will discuss a range of new emerging technologies for privacy and confidentiality in machine learning and data analytics. We will discuss how to put these technologies to work for databases and other data sources.
When we think about developing AI responsibly, there’s many different activities that we need to think about.
This session also discusses international standards and emerging privacy-enhanced computation techniques, secure multiparty computation, zero trust, cloud and trusted execution environments. We will discuss the “why, what, and how” of techniques for privacy preserving computing.
We will review how different industries are taking opportunity of these privacy preserving techniques. A retail company used secure multi-party computation to be able to respect user privacy and specific regulations and allow the retailer to gain insights while protecting the organization’s IP. Secure data-sharing is used by a healthcare organization to protect the privacy of individuals and they also store and search on encrypted medical data in cloud.
We will also review the benefits of secure data-sharing for financial institutions including a large bank that wanted to broaden access to its data lake without compromising data privacy but preserving the data’s analytical quality for machine learning purposes.
Tokenization in blockchain involves converting digital values like assets, currencies, and identities into digital tokens that can be securely exchanged on distributed ledgers. Various types of assets can be tokenized, including real estate, art, and company stocks. While tokenization provides liquidity and accessibility of assets, issues around centralization and legal ownership remain challenges. Blockchain trends indicate the technology will become more scalable and support private transactions by 2023. Data protection techniques like differential privacy, tokenization, and homomorphic encryption can help secure sensitive data when used with blockchain and multi-cloud environments.
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bUlf Mattsson
Â
Blockchain
- What is Blockchain?
- Blockchain trends
Emerging data protection techniques
- Secure multiparty computation
- Trusted execution environments
- Use cases for analytics
- Industry Standards
Tokenization
- Convert a digital value into a digital token
- Tokenization local or in a centralized model
- Tokenization and scalability
Cloud
- Analytics in Hybrid cloud
Tokenization on Blockchain is a steady trend. It seems that everything is being tokenized on Blockchain from paintings, diamonds and company stocks to real estate. Thus, we took an asset, tokenized it and created its digital representation that lives on Blockchain. Blockchain guarantees that the ownership information is immutable.
Unfortunately, some problems need to be solved before we can successfully tokenize real-world assets on Blockchain. Main problem stems from the fact that so far, no country has a solid regulation for cryptocurrency. For example, what happens if a company that handles tokenization sells the property? They have no legal rights on the property and thus are not protected by the law. Another problem is that this system brings us back some sort of centralization. The whole idea of Blockchain and especially smart contracts is to create a trustless environment.
Tokenization is a method that converts a digital value into a digital token. Tokenization can be used as a method that converts rights to an asset into a digital token.
The tokenization system can be implemented local to the data that is tokenized or in a centralized model. We will discuss tokenization implementations that can provide scalability across hybrid cloud models. This session will position different data protection techniques, use cases for blockchain, and protecting blockchain.
Protecting Data Privacy in Analytics and Machine LearningUlf Mattsson
Â
In this session, we will discuss a range of new emerging technologies for privacy and confidentiality in machine learning and data analytics. We will discuss how to use open source tools to put these technologies to work for databases and other data sources.
When we think about developing AI responsibly, there’s many different activities that we need to think about. In this session, we will discuss technologies that help protect people, preserve privacy, and enable you to do machine learning confidentially.
This session discusses industry standards and emerging privacy-enhanced computation techniques, secure multiparty computation, and trusted execution environments. We will discuss Zero Trust philosophy fundamentally changes the way we approach security since trust is a vulnerability that can be exploited particularly when working remotely and increasingly using cloud models. We will also discuss the “why, what, and how” of techniques for privacy preserving computing.
We will review how different industries are taking opportunity of these privacy preserving techniques. A retail company used secure multi-party computation to be able to respect user privacy and specific regulations and allow the retailer to gain insights while protecting the organization’s IP. Secure data-sharing is used by a healthcare organization to protect the privacy of individuals and they also store and search on encrypted medical data in cloud.
We will also review the benefits of secure data-sharing for financial institutions including a large bank that wanted to broaden access to its data lake without compromising data privacy but preserving the data’s analytical quality for machine learning purposes.
ISACA Houston - How to de-classify data and rethink transfer of data between ...Ulf Mattsson
Â
The document discusses data privacy regulations and international standards for transferring personal data between the US and EU after key court rulings invalidated the EU-US Privacy Shield and placed additional requirements on standard contractual clauses. It provides an overview of Privacy Shield and Schrems II, recommendations for focusing on accessible data, identifying personal data, governance, ongoing protection and audits to protect data after Privacy Shield. It also discusses the impact of GDPR and differences between pseudonymization under GDPR versus prior definitions.
Privacy preserving computing and secure multi party computationUlf Mattsson
Â
Ulf Mattsson is the Chief Security Strategist at Protegrity and has extensive experience in data encryption, tokenization, data privacy tools and security compliance. The document discusses several use cases for secure multi-party computation and homomorphic encryption including: sharing financial data between institutions while preserving privacy, using retail transaction data for secondary purposes like advertising while protecting privacy, and enabling internal data sharing within a bank for analytics while complying with regulations. It also provides overviews of important privacy-preserving computation techniques like homomorphic encryption, secure multi-party computation, differential privacy and the growth of the homomorphic encryption market.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
Â
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
Â
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
Must Know Postgres Extension for DBA and Developer during MigrationMydbops
Â
Mydbops Opensource Database Meetup 16
Topic: Must-Know PostgreSQL Extensions for Developers and DBAs During Migration
Speaker: Deepak Mahto, Founder of DataCloudGaze Consulting
Date & Time: 8th June | 10 AM - 1 PM IST
Venue: Bangalore International Centre, Bangalore
Abstract: Discover how PostgreSQL extensions can be your secret weapon! This talk explores how key extensions enhance database capabilities and streamline the migration process for users moving from other relational databases like Oracle.
Key Takeaways:
* Learn about crucial extensions like oracle_fdw, pgtt, and pg_audit that ease migration complexities.
* Gain valuable strategies for implementing these extensions in PostgreSQL to achieve license freedom.
* Discover how these key extensions can empower both developers and DBAs during the migration process.
* Don't miss this chance to gain practical knowledge from an industry expert and stay updated on the latest open-source database trends.
Mydbops Managed Services specializes in taking the pain out of database management while optimizing performance. Since 2015, we have been providing top-notch support and assistance for the top three open-source databases: MySQL, MongoDB, and PostgreSQL.
Our team offers a wide range of services, including assistance, support, consulting, 24/7 operations, and expertise in all relevant technologies. We help organizations improve their database's performance, scalability, efficiency, and availability.
Contact us: info@mydbops.com
Visit: https://www.mydbops.com/
Follow us on LinkedIn: https://in.linkedin.com/company/mydbops
For more details and updates, please follow up the below links.
Meetup Page : https://www.meetup.com/mydbops-databa...
​​Twitter: https://twitter.com/mydbopsofficial
Blogs: https://www.mydbops.com/blog/
​
​Facebook(Meta): https://www.facebook.com/mydbops/
From Natural Language to Structured Solr Queries using LLMsSease
Â
This talk draws on experimentation to enable AI applications with Solr. One important use case is to use AI for better accessibility and discoverability of the data: while User eXperience techniques, lexical search improvements, and data harmonization can take organizations to a good level of accessibility, a structural (or “cognitive” gap) remains between the data user needs and the data producer constraints.
That is where AI – and most importantly, Natural Language Processing and Large Language Model techniques – could make a difference. This natural language, conversational engine could facilitate access and usage of the data leveraging the semantics of any data source.
The objective of the presentation is to propose a technical approach and a way forward to achieve this goal.
The key concept is to enable users to express their search queries in natural language, which the LLM then enriches, interprets, and translates into structured queries based on the Solr index’s metadata.
This approach leverages the LLM’s ability to understand the nuances of natural language and the structure of documents within Apache Solr.
The LLM acts as an intermediary agent, offering a transparent experience to users automatically and potentially uncovering relevant documents that conventional search methods might overlook. The presentation will include the results of this experimental work, lessons learned, best practices, and the scope of future work that should improve the approach and make it production-ready.
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillLizaNolte
Â
HERE IS YOUR WEBINAR CONTENT! 'Mastering Customer Journey Management with Dr. Graham Hill'. We hope you find the webinar recording both insightful and enjoyable.Â
In this webinar, we explored essential aspects of Customer Journey Management and personalization. Here’s a summary of the key insights and topics discussed:Â
Key Takeaways:Â
Understanding the Customer Journey: Dr. Hill emphasized the importance of mapping and understanding the complete customer journey to identify touchpoints and opportunities for improvement.
Personalization Strategies: We discussed how to leverage data and insights to create personalized experiences that resonate with customers.
Technology Integration: Insights were shared on how inQuba’s advanced technology can streamline customer interactions and drive operational efficiency.
Session 1 - Intro to Robotic Process Automation.pdfUiPathCommunity
Â
👉 Check out our full 'Africa Series - Automation Student Developers (EN)' page to register for the full program:
https://bit.ly/Automation_Student_Kickstart
In this session, we shall introduce you to the world of automation, the UiPath Platform, and guide you on how to install and setup UiPath Studio on your Windows PC.
đź“• Detailed agenda:
What is RPA? Benefits of RPA?
RPA Applications
The UiPath End-to-End Automation Platform
UiPath Studio CE Installation and Setup
đź’» Extra training through UiPath Academy:
Introduction to Automation
UiPath Business Automation Platform
Explore automation development with UiPath Studio
👉 Register here for our upcoming Session 2 on June 20: Introduction to UiPath Studio Fundamentals: https://community.uipath.com/events/details/uipath-lagos-presents-session-2-introduction-to-uipath-studio-fundamentals/
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
Â
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
Â
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
Â
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...Fwdays
Â
Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless.
As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency.
We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.
QA or the Highway - Component Testing: Bridging the gap between frontend appl...zjhamm304
Â
These are the slides for the presentation, "Component Testing: Bridging the gap between frontend applications" that was presented at QA or the Highway 2024 in Columbus, OH by Zachary Hamm.
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Â
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
High performance Serverless Java on AWS- GoTo Amsterdam 2024Vadym Kazulkin
Â
Java is for many years one of the most popular programming languages, but it used to have hard times in the Serverless community. Java is known for its high cold start times and high memory footprint, comparing to other programming languages like Node.js and Python. In this talk I'll look at the general best practices and techniques we can use to decrease memory consumption, cold start times for Java Serverless development on AWS including GraalVM (Native Image) and AWS own offering SnapStart based on Firecracker microVM snapshot and restore and CRaC (Coordinated Restore at Checkpoint) runtime hooks. I'll also provide a lot of benchmarking on Lambda functions trying out various deployment package sizes, Lambda memory settings, Java compilation options and HTTP (a)synchronous clients and measure their impact on cold and warm start times.
ScyllaDB is making a major architecture shift. We’re moving from vNode replication to tablets – fragments of tables that are distributed independently, enabling dynamic data distribution and extreme elasticity. In this keynote, ScyllaDB co-founder and CTO Avi Kivity explains the reason for this shift, provides a look at the implementation and roadmap, and shares how this shift benefits ScyllaDB users.
1. Bridging the Gap Between Privacy and Big Data
Ulf Mattsson, CTO
Protegrity
ulf.mattsson AT protegrity.com
2. 20 years with IBM
• Research & Development & Global Services
Inventor
• Encryption, Tokenization & Intrusion Prevention
Involvement
Ulf Mattsson, CTO Protegrity
2
• PCI Security Standards Council (PCI SSC)
• American National Standards Institute (ANSI) X9
• Encryption & Tokenization
• International Federation for Information Processing
• IFIP WG 11.3 Data and Application Security
• ISACA New York Metro chapter
4. Agenda
1. What is Big Data & Cloud?
2. Risk & Drivers for Data Security
3. The Evolution of Data Security Methods
4. Data De-Identification
5. Off-Shoring & Outsourcing
6. Use Cases & Case Studies
4
5. Who is Protegrity?
Proven enterprise data protection software leader since the 90’s.
Business driven by compliance
• PCI (Payment Card Industry)
• PII (Personally Identifiable Information)
• PHI (Protected Health Information) – HIPAA
• State and Industry Privacy Laws• State and Industry Privacy Laws
Servicing many Industries
• Retail, Hospitality, Travel and Transportation
• Financial Services, Insurance, Banking
• Healthcare
• Telecommunications, Media and Entertainment
• Manufacturing and Government
7. Hadoop
• Designed to handle the emerging “4 V’s”
• Massively Parallel Processing (MPP)
• Elastic scale
• Usually Read-Only
• Allows for data insights on massive, heterogeneous
data sets
What is Big Data?
data sets
• Includes an ecosystem of components:
7
Hive
MapReduce
HDFS
Physical Storage
Pig Other
Application Layers
Storage Layers
10. Services usually provided by a third party
• Can be virtual, public, private, or hybrid
Increasing adoption – up 12% from 2012*
Often an outsourced solution, sometimes cross-border
Allows for greater accessibility of data and low overhead
Cloud Services
*Source: GigaOM
15. Founded in 2006, comprised of four major credit card
brands
Each card brand enforcement program issues fines,
fees and schedule deadlines
• Visa's Cardholder Information Security Program (CISP)
http://www.visa.com/cisp
PCI Data Security Standards Council
• MasterCard's Site Data Protection (SDP) program
http://www.mastercard.com/us/sdp/index.html
• Discover's Discover Information Security and Compliance
(DISC) program
http://www.discovernetwork.com/fraudsecurity/disc.html
• American Express Data Security Operating Policy (DSOP)
http://www.americanexpress.com/datasecurity
15
16. PCI DSS
Build and maintain a secure
network.
1. Install and maintain a firewall configuration to protect
data
2. Do not use vendor-supplied defaults for system
passwords and other security parameters
Protect cardholder data. 3. Protect stored data
4. Encrypt transmission of cardholder data and
sensitive information across public networks
Maintain a vulnerability
management program.
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and
applicationsapplications
Implement strong access
control measures.
7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer
access
9. Restrict physical access to cardholder data
Regularly monitor and test
networks.
10. Track and monitor all access to network resources
and cardholder data
11. Regularly test security systems and processes
Maintain an information
security policy.
12. Maintain a policy that addresses information security
16
17. Protection of cardholder data in memory
Clarification of key management dual control and split
knowledge
Recommendations on making PCI DSS business-as-
usual and best practices
PCI DSS 3.0
Security policy and operational procedures added
Increased password strength
New requirements for point-of-sale terminal security
More robust requirements for penetration testing
17
18. Relevant to all sensitive data that is outsourced to cloud
1. Clients retain responsibility for the data they put in the cloud
2. Public-cloud providers often have multiple data centers, which may
often be in multiple countries or regions
3. The client may not know the location of their data, or the data may
PCI DSS Cloud Guidelines
3. The client may not know the location of their data, or the data may
exist in one or more of several locations at any particular time
4. A client may have little or no visibility into the controls
5. In a public-cloud environment, one client’s data is typically stored
with data belonging to multiple other clients. This makes a public
cloud an attractive target for attackers
18
20. National Privacy Laws - USA
1. Names
2. All geographical subdivisions
smaller than a State
3. All elements of dates (except
year) related to individual
4. Phone numbers
11. Certificate/license numbers
12. Vehicle identifiers and serial
numbers
13. Device identifiers and serial
numbers
14. Web Universal Resource Locators
Heath Information Portability and Accountability Act – HIPAA
4. Phone numbers
5. Fax numbers
6. Electronic mail addresses
7. Social Security numbers
8. Medical record numbers
9. Health plan beneficiary
numbers
10. Account numbers
20
14. Web Universal Resource Locators
(URLs)
15. Internet Protocol (IP) address
numbers
16. Biometric identifiers, including
finger prints
17. Full face photographic images
18. Any other unique identifying
number
22. Information Technology Act – 2000 (IT Act)
• Requires that the corporate body and Data Processor
implement reasonable security practices and standards
• IS/ISO/IEC 27001 requirements recognized
Information Technology Act – 2008 (Amended IT Act)
• Damages for negligence and wrongful gain or loss
• Criminal punishment for disclosing Sensitive Personal
National Privacy Laws - India
• Criminal punishment for disclosing Sensitive Personal
Information (SPI)
India Privacy Law – 2011
• Expanded definition of SPI to passwords, financial data,
health data, medical treatment records, and more
Right to Privacy Bill – 2013 (Proposed)
• Increased jail terms & fines for disclosure of SPI
• Addresses data handled for foreign clients
22
24. The laws of the sending country apply to data sent
across international borders, including outsourced
operations
• i.e. National Privacy Laws
APEC Cross-Border Privacy Laws
• Non-binding privacy enforcement in Asia-Pacific region
Cross-Border & Outsourcing Laws
• Non-binding privacy enforcement in Asia-Pacific region
24
35. Big Data and Cloud environments are designed for
access and deep insight into vast data pools
Data can monetized not only by marketing
analytics, but through sale or use by a third party
The more accessible and usable the data is, the
Sensitive Data Insight & Usability
The more accessible and usable the data is, the
greater this ROI benefit can be
Security concerns and regulations are often viewed
as opponents to data insight
35
36. Big Data (Hadoop) was designed for data access,
not security
Security in a read-only environment introduces new
challenges
Massive scalability and performance requirements
Big Data Vulnerabilities and Concerns
Sensitive data regulations create a barrier to
usability, as data cannot be stored or transferred in
the clear
Transparency and data insight are required for ROI
on Big Data
36
37. Public cloud security is often not visible to the client,
but client is still responsible for security
Greater access to shared data sets by more users
creates additional points of vulnerability
Data redundancy for high availability, often across
multiple data centers, increases vulnerability
Cloud Vulnerabilities and Concerns
multiple data centers, increases vulnerability
Virtualization can create numerous security issues
Transparency and data insight are required for ROI
37
How do you lock this?
43. Old and flawed:
Minimal access
levels so people
can only carry
Access Control
Risk
High –
can only carry
out their jobs
43
Access
Privilege
Level
I
High
I
Low
Low –
DC6
44. Slide 43
DC6 I have no idea what this graph is supposed to represent
Daniel Crum, 11/6/2013
45. Applying the protection profile to
the content of data fields allows
for a wider range of authorityfor a wider range of authority
options
44
46. Risk
High –
Old:
Minimal access
levels – Least
New:
Much greater
How the New Approach is Different
Access
Privilege
Level
I
High
I
Low
Low –
levels – Least
Privilege to avoid
high risks
Much greater
flexibility and
lower risk in data
accessibility
45
47. Reduction of Pain with New Protection Techniques
High
Pain
& TCO
Strong Encryption Output:
AES, 3DES
Format Preserving Encryption
DTP, FPE
Input Value: 3872 3789 1620 3675
!@#$%a^.,mhu7///&*B()_+!@
8278 2789 2990 2789
46
1970 2000 2005 2010
Low
Vault-based Tokenization
Vaultless Tokenization
8278 2789 2990 2789
Format Preserving
Greatly reduced Key
Management
No Vault
8278 2789 2990 2789
48. Fine Grained Security: Encryption of Fields
Production Systems
Encryption of fields
• Reversible
• Policy Control (authorized / Unauthorized Access)
• Lacks Integration Transparency
• Complex Key Management
• Example: !@#$%a^.,mhu7///&*B()_+!@
47
Non-Production Systems
49. Fine Grained Security: Masking of Fields
Production Systems
48
Non-Production Systems
Masking of fields
• Not reversible
• No Policy, Everyone can access the data
• Integrates Transparently
• No Complex Key Management
• Example: 0389 3778 3652 0038
50. Fine Grained Security: Tokenization of Fields
Production Systems
Tokenization (Pseudonymization)
• No Complex Key Management
• Business Intelligence
• Example: 0389 3778 3652 0038
49
Non-Production Systems
• Reversible
• Policy Control (Authorized / Unauthorized Access)
• Not Reversible
• Integrates Transparently
51. Fine Grained Data Security Methods
Tokenization and Encryption are Different
Used Approach Cipher System Code System
Cryptographic algorithms
Cryptographic keys
TokenizationEncryption
50
Cryptographic keys
Code books
Index tokens
Source: McGraw-HILL ENCYPLOPEDIA OF SCIENCE & TECHNOLOGY
52. Fine Grained Data Security Methods
Vault-based Tokenization Vaultless Tokenization
Footprint Large, Expanding. Small, Static.
High Availability,
Disaster Recovery
Complex, expensive
replication required.
No replication required.
Vault-based vs. Vaultless Tokenization
51
Distribution Practically impossible to
distribute geographically.
Easy to deploy at different
geographically distributed locations.
Reliability Prone to collisions. No collisions.
Performance,
Latency, and
Scalability
Will adversely impact
performance & scalability.
Little or no latency. Fastest industry
tokenization.
53. PCI DSS 3.0
• Split knowledge and dual control
PCI SSC Tokenization Task Force
• Tokenization and use of HSM
Card Brands – Visa, MC, AMEX …
The Future of Tokenization
• Tokens with control vectors
ANSI X9
• Tokenization and use of HSM
52
54. Security of Different Protection Methods
High
Security Level
I
Format
Preserving
Encryption
I
Vaultless
Data
Tokenization
I
AES CBC
Encryption
Standard
I
Basic
Data
Tokenization
53
Low
55. 10 000 000 -
1 000 000 -
100 000 -
10 000 -
Transactions per second*
Speed of Different Protection Methods
10 000 -
1 000 -
100 -
I
Format
Preserving
Encryption
I
Vaultless
Data
Tokenization
I
AES CBC
Encryption
Standard
I
Vault-based
Data
Tokenization
*: Speed will depend on the configuration
54
56. Risk Adjusted Data Protection
Data Security Methods Performance Storage Security Transparency
System without data protection
Monitoring + Blocking + Obfuscation
Data Type Preservation Encryption
Strong Encryption
There is always a trade-off between security and usability.
Strong Encryption
Vaultless Tokenization
Hashing
Anonymisation
BestWorst
55
58. The solution to protecting Identifiable data is to properly de-
identify it.
Redact the information – remove it.
What is de-identification of identifiable data?
Personally Identifiable Information Health Information / Financial Information
Personally Identifiable Information Health Information / Financial Information
Redact the information – remove it.
The identifiable portion of the record is de-identified with any
number of protection methods such as masking, tokenization,
encryption, redacting (removed), etc.
The method used will depend on your use case and the
reason that you are de-identifying the data.
57
59. Identifiable Sensitive Information
Field Real Data Tokenized / Pseudonymized
Name Joe Smith csu wusoj
Address 100 Main Street, Pleasantville, CA 476 srta coetse, cysieondusbak, CA
Date of Birth 12/25/1966 01/02/1966
Telephone 760-278-3389 760-389-2289
E-Mail Address joe.smith@surferdude.org eoe.nwuer@beusorpdqo.org
SSN 076-39-2778 937-28-3390
CC Number 3678 2289 3907 3378 3846 2290 3371 3378
Business URL www.surferdude.com www.sheyinctao.com
Fingerprint Encrypted
Photo Encrypted
X-Ray Encrypted
Healthcare /
Financial
Services
Dr. visits, prescriptions, hospital stays
and discharges, clinical, billing, etc.
Financial Services Consumer Products
and activities
Protection methods can be equally
applied to the actual healthcare data, but
not needed with de-identification
58
60. De-Identified Sensitive Data
Field Real Data Tokenized / Pseudonymized
Name Joe Smith csu wusoj
Address 100 Main Street, Pleasantville, CA 476 srta coetse, cysieondusbak, CA
Date of Birth 12/25/1966 01/02/1966
Telephone 760-278-3389 760-389-2289
E-Mail Address joe.smith@surferdude.org eoe.nwuer@beusorpdqo.org
SSN 076-39-2778 076-28-3390
CC Number 3678 2289 3907 3378 3846 2290 3371 3378
Business URL www.surferdude.com www.sheyinctao.com
Fingerprint Encrypted
Photo Encrypted
X-Ray Encrypted
Healthcare /
Financial
Services
Dr. visits, prescriptions, hospital stays
and discharges, clinical, billing, etc.
Financial Services Consumer Products
and activities
Protection methods can be equally
applied to the actual data, but not
needed with de-identification
59
61. Use
Case
How Should I Secure Different Data?
Simple – PCI
PII
Encryption
of Files
Card
Holder
Data
Tokenization
of Fields
Personally Identifiable Information
Type of
Data
I
Structured
I
Un-structured
Complex – PHI
Protected
Health
Information
60
Personally Identifiable Information
62. Research Brief
Tokenization Gets Traction
Aberdeen has seen a steady increase in enterprise
use of tokenization for protecting sensitive data over
encryption
Nearly half of the respondents (47%) are currently
using tokenization for something other than cardholder
data
Over the last 12 months, tokenization users had 50%
fewer security-related incidents than tokenization non-
users
61 Author: Derek Brink, VP and Research Fellow, IT Security and IT GRC
63. The business intelligence exposed through Vaultless
Tokenization can allow many users and processes to
perform job functions on protected data
Extreme flexibility in data de-identification can allow
responsible data monetization
Vaultless Tokenization & Data Insight
Data remains secure throughout data flows, and can
maintain a one-to-one relationship with the original
data for analytic processes
62
66. Business Process Outsourcing (BPO)
• Business Processes
• E.g. Loans, Mortgages, Call Centre, Claims Processing, ERP,
etc.
• Application Development
• Need to de-identify Data for Testing and Development
Off-Shoring
Privacy Impacts BPO & Offshore Business Solutions
• Same as Outsourcing, but data is sent for business functions
(like call center, etc.) off-shore.
Laws governing your ability to send real data to 3rd parties are
already restrictive, and becoming more so
Penalties for infringement are growing more severe
Risk of data breaches and data theft is increased
65
67. Major Bank in EU wants to centralise EDW
operations in a single country and therefore send
customer data from country A to country B. Privacy
Laws in country A prohibit this.
Private Bank in Europe wants to offshore Finance
Examples
Private Bank in Europe wants to offshore Finance
Operations. Privacy Law prohibits transfer of citizen
data to India.
Retail Bank in Scandinavia wants to offshore
Customer Services. Privacy law prevents transfer of
citizen data to the Far East.
66
69. Protegrity Use Case: UniCredit
CHALLENGES
The primary challenge was to protect PII – names and addresses, phone and email, policy and account numbers,
birth dates, etc. – to the satisfaction of EU Cross Border Data Security requirements. This included incoming
source data from various European banking entities, and existing data within those systems, which would be
consolidated at the Italian HQ.
70. Case Study - Large US Chain Store
Reduced cost
• 50 % shorter PCI audit
Quick deployment
• Minimal application changes
• 98 % application transparent
Top performanceTop performance
• Performance better than encryption
Stronger security
69
71. Case Study: Large Chain Store
Why? Reduce compliance cost by 50%
• 50 million Credit Cards, 700 million daily transactions
• Performance Challenge: 30 days with Basic to 90 minutes with
Vaultless Tokenization
• End-to-End Tokens: Started with the D/W and expanding to
stores
• Lower maintenance cost – don’t have to apply all 12 requirements
• Better security – able to eliminate several business and daily
reports
• Quick deployment
• Minimal application changes
• 98 % application transparent
70
74. Aadhaar Data Stores
Mongo cluster
(all enrolment records/documents
– demographics + photo)
Shard
1
Shard
4
Shard
5
Shard
2
Shard
3
Low latency indexed read (Documents per sec),
High latency random search (seconds per read)
Low latency indexed read (milli-
Solr cluster
(all enrolment records/documents
– selected demographics only)
Low latency indexed read (Documents per sec),
Low latency random search (Documents per sec)
Shard
0
Shard
2
Shard
6
Shard
9
Shard
a
Shard
d
Shard
f
MySQL
(all UID generated records - demographics only,
track & trace, enrolment status )
Low latency indexed read (milli-
seconds per read),
High latency random search (seconds
per read)
UID master
(sharded)
Enrolment
DB
HDFS
(all raw packets)
Data
Node 1
Data
Node 10
Data
Node ..
High read throughput (MB per sec),
High latency read (seconds per read)
Data
Node 20
HBase
(all enrolment
biometric templates)
Region
Ser. 1
Region
Ser. 10
Region
Ser. ..
High read throughput (MB per sec),
Low-to-Medium latency read (milli-seconds per read)Region
Ser. 20
NFS
(all archived raw packets)
Moderate read throughput,
High latency read (seconds per read)
LUN 1 LUN 2 LUN 3 LUN 4
75. Protegrity Summary
Proven enterprise data security
software and innovation leader
• Sole focus on the protection of
data
• Patented Technology,
Continuing to Drive Innovation
Cross-industry applicability
• Retail, Hospitality, Travel and
TransportationTransportation
• Financial Services, Insurance,
Banking
• Healthcare
• Telecommunications, Media and
Entertainment
• Manufacturing and Government
74
76. Please contact us for more information
Ulf.Mattsson@protegrity.com
Info@protegrity.com
Elaine.Evans@protegrity.com
www.protegrity.com