Jun 15 privacy in the cloud at financial institutions at the object management group omg

1. ÖÄaaz332Ücß4ÖbÄ26zn
ANO3562/高野ブルーノ
as8d7eonb435DB6jk450
АБВГДЕЖЗИЙКЛМAНОПФ
‫צ‬ ‫ץ‬ ‫פ‬ ‫ף‬ ‫נ‬ ‫ן‬ ‫מ‬ ‫חי‬ ‫ד‬ ‫ג‬ ‫ב‬ ‫א‬
Privacy in the Cloud
at Financial Institutions
Ulf Mattsson
Chief Security Strategist
www.Protegrity.com

2. PaymentCardIndustry(PCI)
SecurityStandards
Council (SSC):
1. Tokenization Task Force
2. Encryption Task Force,Point to Point
Encryption Task Force
3. Risk Assessment
4. eCommerceSIG
5. Cloud SIG, Virtualization SIG
6. Pre-Authorization SIG, Scoping SIG
Working Group
Ulf Mattsson
2
Dec 2019
May 2020
Cloud Security Alliance
Quantum Computing
Tokenization Management and
Security
Cloud Management and Security
ISACA JOURNAL May 2021
Privacy-Preserving Analytics and
Secure Multi-Party Computation
ISACA JOURNAL May 2020
Practical Data Security and
Privacy for GDPR and CCPA
• Chief Security
Strategist, Protegrity
• Chief Technology
Officer, Protegrity, Atlantic
BT, and Compliance
Engineering
• Head of Innovation,
TokenEx
• IT Architect, IBM
• Develops Industry Standards
• Inventor of more than 70 issued US Patents
• Products and Services:
• Data Encryption, Tokenization, and Data Discovery
• Cloud Application Security Brokers (CASB) and Web
Application Firewalls (WAF)
• Security Operation Center (SOC) and Managed Security
Services (MSSP)
• Robotics and Applications
ISACA JOURNAL Nov 2021
How Innovative Businesses Win
with Secure Machine Learning

3. Agenda
1. Balance between privacy, compliance, and business opportunity
2. Opportunities in Analytics and Machine Learning
3. Privacy laws and customer trust
4. A finance-based data risk assessment (FinDRA)
5. Use cases in Financial Services
6. Pseudonymization, anonymization, tokenization, encryption, and more
7. Data security for Hybrid-cloud

4. Opportunities
Controls
Regulations
Policies
Risk Management
Breaches
Balance
Balance: Protect data in ways that are transparent to business processes and
compliant to regulations
Source: Gartner

5. Organization’sRisk Context of Privacy
5
Source: Gartner

6. Drivers Impacting Information Security Function and Controls in Next 3-5 Years
6
Gartner

8. 8
Gartner

9. Area Timing Focus Comments
Requirements Short Internal requirements International regulations
Cloud Short Machine Learning Start with basic ML training and inference on senstivie data in cloud
Competition Short Competitive advantage ML and NLP-powered services can give banks a competitive edge
Short Encrypted data Important
Long Synthetic data Computing cost?
Medium AML / KYC What are other Large banks doing?
Short Analytics Initial focus
Short
Operation on encrypted
data
Computation on sensitive data to the cloud. Trade-offs with performance, protection and utility?
Industry Short Industry dialog Working groups in standard bodies (ANSI X9, Cloud Security Alliance, Homomorphic Encryption Org)
Model Short Encrypted model Important
Short Experimentation What are other Large banks doing?
Short Scotia Bank case study Query solution for AML / KYC
Proven Medium Fast follower What are some proven solutions?
Short
Homomorphic
Encryption post-
Lattice-based cryptography is a promising post-quantum cryptography family, both in terms of
foundational properties as well as its application to both traditional and homomorphic encryption
Medium Quantum Plan for quantum safe algorithms
Long Quantum Plan for quantum ML algorithms
Sharing Short
Secure Multi-party
Computing (SMPC)
Without revealing their own private inputs and outputs. Encrypted data and encryption keys never
comingled while computation on the encrypted data is occurring or an encryption key is split into
shares
Short Vendor positioning
Nonlinear ML regression needed? Linear Regression is one of the fundamental supervised-ML. Linear
and non-linear credit scoring by combining logistic regression and support vector machines
Short Framework integration Important
3rd party Long 3rd party integration Mining first
Long Federated learning Complicated
Long TEE Emerging
Analytics
Data
Quantum
Solutions
Training ML
Pilot
Use case: Bank

10. Machine Learning
(ML)
Homomorphic
Encryption (HE)
Trusted
Execution
Environments
(TEE)
Some HE
algorithms
are QC
resistant
Quantum
machine
learning
integrate QC
algorithms
with ML
Quantum Computing (QC)
Shield
code or
data An ML
algorithm
and data can
live inside
the TEE
ML
algorithms
can be
optimized
for QC
Public Key
Encryption (PKE)
Analytics
Asymmetric
encryption may not
be QC resistant
Lattice based
encryption
Lattice based
encryption
can be QC
resistant
(NTRU is an
open source
HE )
ML algorithm can use HE data
Blockchain
Bitcoin
SHA-256
(Secure
Hash
Algorithm)
TLS
Encryption Use: Homomorphic Encryption and Post-Quantum Cryptography

11. Machine Learning (ML)
Homomorphic
Encryption (HE)
Trusted
Execution
Environments
(TEE)
Quantum Computing (QC)
Public Key
Encryption (PKE)
Analytics
Lattice based
encryption
Blockchain
TLS
Differential
Privacy
(DP)
2-way
Format Preserving
Encryption
(FPE)
K-anonymity
model
Tokenization Static
Data
Masking
Hashing
1-way
Format Preserving Format Preserving
Anonymization
Of Attributes
Pseudonymization
Of Identifiers
Synthetic
Data
Static
Derivation
Data
Security
Techniques:
Data Privacy
and Zero
Trust
Architecture
Algorithmic
Random
Data store Dynamic
Data
Masking
Data Security Policy
Zero Trust Architecture (ZTA)
PKI, ID Management, and SIEM

12. 2-way
Homomorphic
Encryption (HE) K-anonymity
Tokenization
Masking
Hashing
1-way
Analytics and Machine Learning (ML)
Positioning of Different Data Protection Techniques
Algorithmic
Random
Computing on
encrypted data
Format
Preserving
Fast Slow Very slow Fast Fast
Format
Preserving
Differential
Privacy (DP)
Noise
added
Format
Preserving
Encryption
(FPE)
12

13. Global Map Of Privacy Rights And Regulations
13

14. TrustArc
Legal and Regulatory Risks Are Exploding
14

15. Data flow mapping under GDPR
• If there is not already a documented workflow in place in your organization, it can be worthwhile for a
team to be sent out to identify how the data is being gathered.
• This will enable you to see how your data flow is different from reality and what needs to be done
Organizations needs to look at how the data was captured, who is accountable for it, where it is
located and who has access.
Source:
BigID
15

16. https://iapp.org/news/a/why-this-french-court-decision-has-far-
reaching-consequences-for-many-businesses/
GDPR under"SchremsII"
Legal safeguards:
• AWS Sarlguarantees in its contract with Doctolib, a French company, that it will
challenge anygeneral access request froma public authority.
Technical safeguards:
• Technically the data hosted byAWS Sarlis encrypted.
• AWS Sarl,a Luxembourg registeredcompany.
• The key is held by a trusted thirdpartyin France, not by AWS.
Other guarantees taken:
• No health data.
• Thedatahostedrelatesonlyto the identificationof individualsforthepurposeof making
appointments.
• Data is deleted after three months.
Doctolib
AWS Sarl
AWS will challenge any general
access request from a public
authority

17. Encryption and
Tokenization
Discover Data
Assets
Security by
Design
GDPR Security Requirements Framework
17
Source: IBM

18. Personally Identifiable Information (PII) in
compliance with the EU Cross Border Data
Protection Laws, specifically
• Datenschutzgesetz 2000 (DSG 2000) in
Austria, and
• Bundesdatenschutzgesetz in Germany.
This required access to Austrian and German
customer data to be restricted to only requesters
in each respective country.
• Achieved targeted compliance with EU Cross
Border Data Security laws
• Implemented country-specific data access
restrictions
Data sources
Case Study
A major international bank performed a consolidation of all European operational data sources to Italy
18
Protegrity

19. The CCPA
Effect
Regulatory
Activities in
Privacy Since
Jan 2019
19
Protegrity Gartner

20. A finance-based
data risk
assessment
(FinDRA)

21. Finance-based
data risk
assessment
(FinDRA)
Hype Cyclefor RiskManagement,2020
21
Gartner

22. Pyramidof Risk
22
Gartner

23. 23
Gartner

24. Gartner

25. Use cases in
Financial Services

26. Use case – Retail - Data for Secondary Purposes
Large aggregator of credit card transaction data.
Open a new revenue stream
• Using its data with its business partners: retailers, banks and advertising companies.
• They could help their partners achieve better ad conversion rate, improved customer satisfaction, and more timely
offerings.
• Needed to respect user privacy and specific regulations. In this specific case, they wanted to work with a retailer.
• Allow the retailer to gain insights while protecting user privacy, and the credit card organization’s IP.
• An analyst at each organization’s office first used the software to link the data without exchanging any of the
underlying data.
Data used to train the machine learning and statistical models.
• A logistic and linear regression model was trained using secure multi-party computation (SMC).
• In the simplest form SMC splits a dataset into secret shares and enables you to train a model without needing to put
together the pieces.
• The information that is communicated between the peers is encrypted at all times and cannot be reverse engineered.
With the augmented dataset, the retailer was able to get a better picture of its customers buying habits.
26

27. Use case - Financial services industry
Confidential financial datasets which are vital for gaining significant insights.
• The use of this data requires navigating a minefield of private client information as well as sharing data
between independent financial institutions, to create a statistically significant dataset.
• Data privacy regulations such as CCPA, GDPR and other emerging regulations around the world
• Data residency controls as well as enable data sharing in a secure and private fashion.
Reduce and remove the legal, risk and compliance processes
• Collaboration across divisions, other organizations and across jurisdictions where data cannot be
relocated or shared
• Generating privacy respectful datasets with higher analytical value for Data Science and Analytics
applications.
27

28. Use case: Bank - Internal Data Usage by Other Units
A large bank wanted to broaden access to its data lake without compromising data privacy, preserving the data’s
analytical value, and at reasonable infrastructure costs.
• Current approaches to de-identify data did not fulfill the compliance requirements and business needs, which had
led to several bank projects being stopped.
• The issue with these techniques, like masking, tokenization, and aggregation, was that they did not sufficiently
protect the data without overly degrading data quality.
This approach allows creating privacy protected datasets that retain their analytical value for Data Science and
business applications.
A plug-in to the organization’s analytical pipeline to enforce the compliance policies before the data was consumed
by data science and business teams from the data lake.
• The analytical quality of the data was preserved for machine learning purposes by-using AI and leveraging privacy
models like differential privacy and k-anonymity.
Improved data access for teams increased the business’ bottom line without adding excessive infrastructure costs,
while reducing the risk of-consumer information exposure.
28

29. Confidential computing is a security mechanism that executes code in a hardware based trusted execution environment (TEE)
Hype Cyclefor Privacy
29
Gartner

30. http://homomorphicencryption.org
Use Cases for Secure Multi Party Computation &
Homomorphic Encryption (HE)
30

31. Homomorphic Encryption Market Size (USD Million)
PHE (Partially
Homomorphic
Encryption) schemes are
in general more efficient
than SHE and FHE, mainly
because they are
homomorphic w.r.t to only
one type of operation:
addition or
multiplication.
SHE (Somewhat
Homomorphic
Encryption) is more
general than PHE in the
sense that it supports
homomorphic operations
with additions and
multiplications.
SHE scheme is also a PHE. This implies that PHE's are at least as efficient as SHE's.
FHE (Fully Homomorphic
Encryption) allows you to
do an unbounded number
of operations
Source: Market Intellica
SHE and PHE are not suitable for data sharing scenarios.

32. Enc
Sort
Encr
Proxy
Quantum
Safe
HomomorphicEncryption.org
Private Set
Intersection
Differential
Priv
Commercial-applications Off The Shelf
Extended Encrypted
Operations
Extended Privacy
Features
Extended ML Features
200 to 50 Employees
5
19 and fewer Employees
Fuzzy
Search
Baffle
Algorand
Foundation
Crypto
Numerics
Duality IXUP Enveil
Examples of 7 big and smaller HE Vendors Examples of features
Members
Support
for COTS
IBM
FHE
ZTA
AI
SQL like
language
Blockchain

33. Hype Cycle for Emerging Technologies, 2020
Algorithmic
Trust
Models Can
Help
Ensure
Data
Privacy
Emerging technologies
tied to algorithmic trust
include
1. Secure access service
edge (SASE)
2. Explainable AI
3. Responsible AI
4. Bring your own
identity
5. Differential privacy
6. Authenticated
provenance
cmswire.com
Gartner
33
Gartner

34. Pseudonymization,
anonymization,
tokenization,
encryption, and
more

35. Payment
Application
Payment
Network
Payment
Data
Policy, tokenization,
encryption
and keys
Gateway
Call Center
Application
Salesforce
Analytics
Application
Differential Privacy
And K-anonymity
PI* Data
Microsoft
Election
Guard
Election
Data
Homomorphic Encryption
Data Warehouse
PI* Data
Vault-less tokenization
Example of Use-Cases & Data Privacy Techniques
Voting
Application
Dev/test
Systems
Masking
PI* Data
Vault-less tokenization
35

36. Examples
of Data
De-
identification
36

37. Risks and Productivity with Access to More Data
37

38. Random
differential
privacy
Probabilistic
differential
privacy
Concentrated
differential
privacy
Noise is very low.
Used in practice.
Tailored to large numbers
of computations.
Approximate
differential
privacy
More useful analysis can be performed.
Well-studied.
Can lead to unlikely outputs.
Widely used
Computational
differential privacy
Multiparty
differential
privacy
Can ensure the privacy of individual contributions.
Aggregation is performed locally.
Strong degree of protection.
High accuracy
6 Differential
Privacy
Models
A pure model provides protection even against attackers with
unlimited computational power.
In differential
privacy, the
concern is about
privacy as the
relative difference
in the result
whether a
specific individual
or entity is
included in the
input or excluded
38

39. Hybrid cloud and
security policies

40. 40

41. Data protection techniques: Deployment on-premises, and clouds
Data
Warehouse
Centralized Distributed
On-
premises
Public
Cloud
Private
Cloud
Vault-based tokenization y y
Vault-less tokenization y y y y y y
Format preserving
encryption
y y y y y
Homomorphic encryption y y
Masking y y y y y y
Hashing y y y y y y
Server model y y y y y y
Local model y y y y y y
L-diversity y y y y y y
T-closeness y y y y y y
Privacy enhancing data de-identification
terminology and classification of techniques
De-
identification
techniques
Tokenization
Cryptographic
tools
Suppression
techniques
Formal
privacy
measurement
models
Differential
Privacy
K-anonymity
model
41

42. Hype Cycle for Cloud Security, Gartner 2020

43. A Data Security Gateway Can Protect Sensitive Data in Cloud and On-premise
43

45. Big Data Protection with Granular Field Level Protection for Google Cloud
45

46. Use Case (Financial Services) - Compliance with Cross-Border and Other
Privacy Restrictions
46

47. Use this shape toput
copy inside
(you can change the sizing tofit your copy needs)
Protection of data
in AWS S3 with Separation
of Duties
• Applications can use de-
identified data or data in the
clear based on policies
• Protection of data in AWS S3
before landing in a S3 bucket
Separation of Duties
• Encryption Key Management
• Policy Enforcement Point (PEP)
47

48. Securosis, 2019
Consistency
• Most firms are quite familiar with their on-
premises encryption and key management
systems, so they often prefer to leverage the same
tool and skills across multiple clouds.
• Firms often adopt a “best of breed” cloud
approach.
Examples of Hybrid Cloud considerations
Trust
• Some customers simply do not trust their
vendors.
Vendor Lock-in and Migration
• A common concern is vendor lock-in, and
an inability to migrate to another cloud
service provider.
Google Cloud AWS Cloud Azure Cloud
Cloud Gateway
S3 Salesforce
Data Analytics
BigQuery
48

49. 20889 IS Privacy enhancing de-identification terminology and
classification of techniques
27018 IS Code of practice for protection of PII in public clouds acting
as PII processors
27701 IS Security techniques - Extension to ISO/IEC 27001 and
ISO/IEC 27002 for privacy information management - Requirements
and guidelines
29100 IS Privacy framework
29101 IS Privacy architecture framework
29134 IS Guidelines for Privacy impact assessment
29151 IS Code of Practice for PII Protection
29190 IS Privacy capability assessment model
29191 IS Requirements for partially anonymous, partially unlinkable
authentication
Cloud
11 Published International Privacy Standards
Framework
Management
Techniques
Impact
19608 TS Guidance for developing security and privacy functional
requirements based on 15408
Requirements
27550 TR Privacy engineering for system lifecycle processes
Process
ISO Privacy
Standards
49

50. References:
1. California Consumer Privacy Act, OCT 4, 2019, https://www.csoonline.com/article/3182578/california-consumer-privacy-act-what-
you-need-to-know-to-be-compliant.html
2. GDPR and Tokenizing Data, https://tdwi.org/articles/2018/06/06/biz-all-gdpr-and-tokenizing-data-3.aspx
3. GDPR VS CCPA, https://wirewheel.io/wp-content/uploads/2018/10/GDPR-vs-CCPA-Cheatsheet.pdf
4. General Data Protection Regulation, https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
5. IBM Framework Helps Clients Prepare for the EU's General Data Protection Regulation, https://ibmsystemsmag.com/IBM-
Z/03/2018/ibm-framework-gdpr
6. INTERNATIONAL STANDARD ISO/IEC 20889, https://webstore.ansi.org/Standards/ISO/ISOIEC208892018?gclid=EAIaIQobChMIvI-
k3sXd5gIVw56zCh0Y0QeeEAAYASAAEgLVKfD_BwE
7. Machine Learning and AI in a Brave New Cloud World https://www.brighttalk.com/webcast/14723/357660/machine-learning-and-
ai-in-a-brave-new-cloud-world
8. Emerging Data Privacy and Security for Cloud https://www.brighttalk.com/webinar/emerging-data-privacy-and-security-for-cloud/
9. New Application and Data Protection Strategies https://www.brighttalk.com/webinar/new-application-and-data-protection-
strategies-2/
10. The Day When 3rd Party Security Providers Disappear into Cloud https://www.brighttalk.com/webinar/the-day-when-3rd-party-
security-providers-disappear-into-cloud/
11. Advanced PII/PI Data Discovery https://www.brighttalk.com/webinar/advanced-pii-pi-data-discovery/
12. Emerging Application and Data Protection for Cloud https://www.brighttalk.com/webinar/emerging-application-and-data-
protection-for-cloud/
13. Practical Data Security and Privacy for GDPR and CCPA, ISACA Journal, May 2020
14. Data Security: On Premise or in the Cloud, ISSA Journal, December 2019, ulf@ulfmattsson.com
15. Data Privacy: De-Identification Techniques, ISSA Journal, May 2020
50

51. Ulf Mattsson
Chief Security Strategist
www.Protegrity.com
Thank You!