It is shocking to note that about 3.5 billion people saw their
personal data stolen in the top two of the 15 biggest breaches
of this century alone. With the average cost of a data breach
exceeding $8 million, it is no wonder that safeguarding
confidential business and customer information has become
more important than ever. Furthermore, with stricter laws and governance requirements, data security is now everyone’s
responsibility across the entire enterprise.
However, that is easier said than done, and for that reason, an
an increasing number of organizations are relying heavily on data masking to proactively protect their data, avoid the cost of security breaches, and ensure compliance.
Presented at ISACA Indonesia Monthly Technical Meeting, 11 Dec 2019 at Telkom Landmark.
Key takeaways from my presentation:
1. Cloud customers have to understand the share responsibilities between customer and cloud provider
2. Different cloud service model (IaaS, PaaS, SaaS) has different audit methodology
3. Customer’s IT Auditor have to be trained to have the skills needed to audit the cloud service
4. Understanding IAM in Cloud is very important. Each Cloud Service Provider has different IAM mechanism
5. Understanding different type of audit logs in cloud platform is important for IT Auditor
Isaca global journal - choosing the most appropriate data security solution ...Ulf Mattsson
Recent breaches demonstrate the urgent need to secure enterprise identities against cyberthreats that target today’s hybrid IT environment of cloud, mobile and on-premises. The rapid rise of cloud databases, storage and applications has led to unease among adopters over the security of their data. Whether it is data stored in a public, private or hybrid cloud, or used in third party SaaS applications, companies have good reason to be concerned. The biggest challenge in this interconnected world is merging data security with data value and productivity. If we are to realize the benefits promised by these new ways of doing business, we urgently need a data-centric strategy to protect the sensitive data flowing through these digital business systems.
Presented at National Webinar of ISACA Student Group, Universitas Kristen Satya Wacana, indonesia.
Title: Cyber Resilience: Post COVID-19 - Welcoming New Normal
2 July 2020
Presented at ISACA Indonesia Monthly Technical Meeting, 11 Dec 2019 at Telkom Landmark.
Key takeaways from my presentation:
1. Cloud customers have to understand the share responsibilities between customer and cloud provider
2. Different cloud service model (IaaS, PaaS, SaaS) has different audit methodology
3. Customer’s IT Auditor have to be trained to have the skills needed to audit the cloud service
4. Understanding IAM in Cloud is very important. Each Cloud Service Provider has different IAM mechanism
5. Understanding different type of audit logs in cloud platform is important for IT Auditor
Isaca global journal - choosing the most appropriate data security solution ...Ulf Mattsson
Recent breaches demonstrate the urgent need to secure enterprise identities against cyberthreats that target today’s hybrid IT environment of cloud, mobile and on-premises. The rapid rise of cloud databases, storage and applications has led to unease among adopters over the security of their data. Whether it is data stored in a public, private or hybrid cloud, or used in third party SaaS applications, companies have good reason to be concerned. The biggest challenge in this interconnected world is merging data security with data value and productivity. If we are to realize the benefits promised by these new ways of doing business, we urgently need a data-centric strategy to protect the sensitive data flowing through these digital business systems.
Presented at National Webinar of ISACA Student Group, Universitas Kristen Satya Wacana, indonesia.
Title: Cyber Resilience: Post COVID-19 - Welcoming New Normal
2 July 2020
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
Presented at APTIKNAS (Indonesia ICT Business Association) DKI Jakarta regular webinar.
Title:Data Loss Prevention: Fundamental Concept in Enabling DLP System
2 July 2020
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...Ulf Mattsson
Not too long ago, many security experts believed that the best way to defend data was to apply the strongest possible technological protections to all of the data, all of the time. While that plan may work perfectly in theory, in the real world of business this model creates unacceptable costs, performance and availability problems.
What works from both IT and management standpoints? Risk-adjusted data security. Protecting data according to risk enables organizations to determine their most significant security exposures, target their budgets towards addressing the most critical issues, strengthen their security and compliance profile, and achieve the right balance between business needs and security demands.
Other issues that risk-adjusted security addresses are the unnecessary expenses, availability problems and system performance lags that result when data is over-protected. And cloud-based technologies, mobile devices and the distributed enterprise require a risk-mitigation approach to security, focused on securing mission critical data, rather than the now-unachievable ‘protect all the data at all costs’ model of years past.
Here’s how to develop and deploy a risk-adjusted data protection plan
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
Presented on PHPID Online Learning 35.
Komunitas PHP Indonesia
Title: Enabling Data Governance - The Journey through Data Trust, Ethics, and Quality
Eryk B. Pratama
Global IT & Cybersecurity Advisor
Extending Information Security to Non-Production EnvironmentsLindaWatson19
This paper discusses the threats that non-production environments pose to database security and provides practical advice and multiple options for ensuring data assets remain secure against unauthorized access.
Data-Centric Security for the Extended EnterpriseNextLabs, Inc.
Yesterday’s security is no match for the challenge of protecting data across the extended enterprise, with sensitive data increasingly shared across organizations, over external systems, and with unknown users and devices.
A basic shift towards data-centric thinking must replace conventional device- and container-based models. But where do organizations start? What assumptions must change?
This white paper outlines FOUR changes organizations must make to achieve data-centric security, and explains why IT Leaders, Security Professionals, and Compliance Officers should care. This paper then provides a brief overview of the NextLabs approach to Information Risk Management.
This material was presented at Orang Siber Indonesia regular webinar.
Content:
> Understanding privacy management
> Global privacy news
> Understanding privacy regulations and frameworks
> Data Privacy Program Management practices
Today’s organizations give predominant importance to increased privacy regulations, stakeholder’s profitability demands and the ever so changing consumer privacy expectations. As a result, the emphasis on personal data is growing and the companies are facing complicated reputational, regulatory and data privacy risk environment. It’s a sad fact that the frequency of critical data breaches are increasing and as a result the management administration and the IT departments focus on safeguarding their data systems more than ever before. Our experienced and expertise data security, privacy and information governance experts in UAE helps you to reduce the risks associated with various privacy compliance frameworks along with recognizing the value of your personal data.
California Consumer Protection Act (CCPA) is
one such law that empowers the residents of
California, United States to have enhanced
privacy rights & consumer protection. It is the
most comprehensive US state privacy law to
date.
The objective of this workshop is to show existing Oracle Database (Enterprise
Edition, Exadata, Autonomous Database, EXACS, DBCS) customers how to
attach your Database to Data safe and gain valuable understanding of
potential risks. Using user Assessment, understand rights and entitlement of
users and review activity auditing which provides powerful insight to database
interaction. The workshop will finish with a full sensitive data discovery and
then how to anonymize date with sensitive data masking.
The workshop is delivered in an interactive way with Presentations and Hands on
Labs to ensure complete understanding.
How prepared are you when it comes to Data Privacy? Take the enterprise data privacy quiz to find out. Follow along and mark your answers to see how you stack against your peers or read the report here: http://bit.ly/1DUGMfH.
Protect your confidential information while improving servicesCloudMask inc.
Over the last few decades, the financial sector has outgrown banks, as financial engineering, digital money and regulatory changes have evolved. Assets managed by financial firms (equity and various types of debt) are larger, as corporate debt has surpassed federal, state and local government’s debt. The US banks’ share of assets under management (AUM) accordingly declined from 58% in 1907 to 27% in 2008, while pension, mutual funds and non-depository firms (e.g., private equity and hedge funds) have grown substantially.
Malicious or accidental disclosure of confidential information by trusted insiders is a threat to any organization. Insiders include employees, contractors, consultants and business partners that have access to your sensitive information. Since relationships don't last forever, a trusted person today may be a competitor tomorrow. See how Fasoo customers protect sensitive information by controlling access and use at the data level through continuous encryption and persistent security policies.
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
Presented at APTIKNAS (Indonesia ICT Business Association) DKI Jakarta regular webinar.
Title:Data Loss Prevention: Fundamental Concept in Enabling DLP System
2 July 2020
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...Ulf Mattsson
Not too long ago, many security experts believed that the best way to defend data was to apply the strongest possible technological protections to all of the data, all of the time. While that plan may work perfectly in theory, in the real world of business this model creates unacceptable costs, performance and availability problems.
What works from both IT and management standpoints? Risk-adjusted data security. Protecting data according to risk enables organizations to determine their most significant security exposures, target their budgets towards addressing the most critical issues, strengthen their security and compliance profile, and achieve the right balance between business needs and security demands.
Other issues that risk-adjusted security addresses are the unnecessary expenses, availability problems and system performance lags that result when data is over-protected. And cloud-based technologies, mobile devices and the distributed enterprise require a risk-mitigation approach to security, focused on securing mission critical data, rather than the now-unachievable ‘protect all the data at all costs’ model of years past.
Here’s how to develop and deploy a risk-adjusted data protection plan
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
Presented on PHPID Online Learning 35.
Komunitas PHP Indonesia
Title: Enabling Data Governance - The Journey through Data Trust, Ethics, and Quality
Eryk B. Pratama
Global IT & Cybersecurity Advisor
Extending Information Security to Non-Production EnvironmentsLindaWatson19
This paper discusses the threats that non-production environments pose to database security and provides practical advice and multiple options for ensuring data assets remain secure against unauthorized access.
Data-Centric Security for the Extended EnterpriseNextLabs, Inc.
Yesterday’s security is no match for the challenge of protecting data across the extended enterprise, with sensitive data increasingly shared across organizations, over external systems, and with unknown users and devices.
A basic shift towards data-centric thinking must replace conventional device- and container-based models. But where do organizations start? What assumptions must change?
This white paper outlines FOUR changes organizations must make to achieve data-centric security, and explains why IT Leaders, Security Professionals, and Compliance Officers should care. This paper then provides a brief overview of the NextLabs approach to Information Risk Management.
This material was presented at Orang Siber Indonesia regular webinar.
Content:
> Understanding privacy management
> Global privacy news
> Understanding privacy regulations and frameworks
> Data Privacy Program Management practices
Today’s organizations give predominant importance to increased privacy regulations, stakeholder’s profitability demands and the ever so changing consumer privacy expectations. As a result, the emphasis on personal data is growing and the companies are facing complicated reputational, regulatory and data privacy risk environment. It’s a sad fact that the frequency of critical data breaches are increasing and as a result the management administration and the IT departments focus on safeguarding their data systems more than ever before. Our experienced and expertise data security, privacy and information governance experts in UAE helps you to reduce the risks associated with various privacy compliance frameworks along with recognizing the value of your personal data.
California Consumer Protection Act (CCPA) is
one such law that empowers the residents of
California, United States to have enhanced
privacy rights & consumer protection. It is the
most comprehensive US state privacy law to
date.
The objective of this workshop is to show existing Oracle Database (Enterprise
Edition, Exadata, Autonomous Database, EXACS, DBCS) customers how to
attach your Database to Data safe and gain valuable understanding of
potential risks. Using user Assessment, understand rights and entitlement of
users and review activity auditing which provides powerful insight to database
interaction. The workshop will finish with a full sensitive data discovery and
then how to anonymize date with sensitive data masking.
The workshop is delivered in an interactive way with Presentations and Hands on
Labs to ensure complete understanding.
How prepared are you when it comes to Data Privacy? Take the enterprise data privacy quiz to find out. Follow along and mark your answers to see how you stack against your peers or read the report here: http://bit.ly/1DUGMfH.
Protect your confidential information while improving servicesCloudMask inc.
Over the last few decades, the financial sector has outgrown banks, as financial engineering, digital money and regulatory changes have evolved. Assets managed by financial firms (equity and various types of debt) are larger, as corporate debt has surpassed federal, state and local government’s debt. The US banks’ share of assets under management (AUM) accordingly declined from 58% in 1907 to 27% in 2008, while pension, mutual funds and non-depository firms (e.g., private equity and hedge funds) have grown substantially.
Malicious or accidental disclosure of confidential information by trusted insiders is a threat to any organization. Insiders include employees, contractors, consultants and business partners that have access to your sensitive information. Since relationships don't last forever, a trusted person today may be a competitor tomorrow. See how Fasoo customers protect sensitive information by controlling access and use at the data level through continuous encryption and persistent security policies.
Module 02 Performance Risk-based Analytics With all the advancemIlonaThornburg83
Module 02 Performance Risk-based Analytics
With all the advancements in technology and encryption levels, some methods are faster or slower than others. In most cases a cybersecurity professional must weigh cost, performance, and security. Risk is a powerful tool used by all cybersecurity professionals to assist in making these decisions, and in influencing appropriate stakeholders by providing appropriate information with regard to these three elements.
Risk analysis or risk base analytics helps determine the level of risk to an organization. The first step in this process is to determine the sensitivity of the data being processed. The example below is a common data classification for many organizations; however, depending on how the data will be used, these data fields may vary due to classification levels.
· Public: Data available to the general public and approved for distribution outside the organization.
· Examples: press releases, directory information (not subject to a government regulations or blocks), product catalogs, application and request forms, and other general information that is openly shared. The type of information an organization would choose to post on its website offers a good example of Public data.
· Internal: Data necessary for the operation of the business and generally available to all internal users, users of that particular customer, and potentially interested third-parties if appropriate and when authorized.
· Examples: Some memos, correspondence, and meeting minutes; contact lists that contain information that is not publicly available; and procedural documentation that should remain internal.
· Confidential: Data generally not made available outside the organization and the unauthorized access, use, disclosure, duplication, modification, or destruction of which could adversely impact the organization and/or customers. All confidential information is sensitive in nature and must be restricted to those with a legitimate business need to know.
· Examples:
· Information covered by the Family Educational Rights and Privacy Act (FERPA), which requires protection of records for current and former students. This includes pictures of students kept for official purposes.
· Personally identifiable information entrusted to the organization’s care that is not restricted use data, such as information regarding applicants, donors, potential donors, or competitive marketing research data.
· Information covered by the Gramm-Leach-Bliley Act (GLB), which requires protection of certain financial records.
· Individual employment information, including salary, benefits and performance appraisals for current, former, and prospective employees.
· Legally privileged information.
· Information that is the subject of a confidentiality agreement.
· Restricted: Data that MUST be specifically protected via various access, confidentiality, integrity and/or non-repudiation controls in order to comply with legislative, regulatory, con ...
In this work we highlighted some of the concepts of data privacy, techniques used in data privacy, and some techniques used in data privacy in the cloud plus some new research trends.
This new document explores how Accenture can help financial services firms use a holistic data-centric approach to compliance and to respond to the requirements and challenges to the General Data Protection Regulation. Learn more: https://accntu.re/2uq8ANV
3 guiding priciples to improve data securityKeith Braswell
The information explosion, the proliferation of endpoint devices, growing user volumes, and new computing models like cloud, social business, and big data have created new security vulnerabilities. To secure sensitive data and address compliance requirements, organizations need to adopt a more proactive and systematic approach. Read this white paper to learn three simple guiding principles to help your organization achieve better security and compliance without impacting production systems or straining already-tight budgets.
To implement data-centric security, while simultaneously empowering your business to compete and win in today’s nano-second world, you need to understand your data flows and your business needs from your data. Begin by answering some important questions:
•
What does your organization need from your data in order to extract the maximum business value and gain a competitive advantage?
•
What opportunities might be leveraged by improving the security posture of the data?
•
What risks exist based upon your current security posture? What would the impact of a data breach be on the organization? Be specific!
•
Have you clearly defined which data (both structured and unstructured) residing across your extended enterprise is most important to your business? Where is it?
•
What people, processes and technology are currently employed to protect your business sensitive information?
•
Who in your organization requires access to data and for what specific purposes?
•
What time constraints exist upon the organization that might affect the technical infrastructure?
•
What must you do to comply with the myriad government and industry regulations relevant to your business?
Finally, ask yourself what a successful data-centric protection program should look like in your organization. What’s most appropriate for your organization?
The answers to these and other related questions would provide you with a clearer picture of your enterprise’s “data attack surface,” which in turn will provide you with a well-documented risk profile. By answering these questions and thinking holistically about where your data is, how it’s being used and by whom, you’ll be well positioned to design and implement a robust, business-enabling data-centric protection plan that is tailored to the unique requirements of your organization.
Global Security Certification for GovernmentsCloudMask inc.
Government endeavors to expand and make available the range of services to the largest possible numbers of users. At the same time, the public sector also works hard to improve its own internal operations and use the best possible talent it can get. Increasingly, there is also a need to improve the collaboration between different sectors of the government while ensuring that data privacy and security are not affected
Securing sensitive data for the health care industryCloudMask inc.
Both 1) the growing adoption of Electronic Health Records (EHR) and personal health records and 2) technologies that ensure better patient safety, improved care and inputs for clinical decision-making are being made possible by the adoption of cloud technology in health care. It has become critical to ensure that complete medical data is made available to health care providers irrespective of where the patient or clinician is located
Cashing in on the public cloud with total confidenceCloudMask inc.
Banks have always been targets for attack. The year 2011 appears to have been a critical tipping point for bank related cybercrime. Attacks grew at a rate of nearly 300 to 400% that year, and innovative attacks cost banks and customers a lot of money.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
2. 1.
2.
Overview
Why Data Masking?
3. The Challenges
4. Our Solution
5. Where to Apply Data Masking
6. How to Apply Data Masking
7. Data Masking in Action
8. Conclusion
CONTENTS
3. Overview
It is shocking to note that about 3.5 billion people saw their
personal data stolen in the top two of the 15 biggest breaches
of this century alone. With the average cost of a data breach
exceeding $8 million, it is no wonder that safeguarding
confidential business and customer information has become
more important than ever. Furthermore, with stricter laws and
governance requirements, data security is now everyone’s
responsibility across the entire enterprise.
However, that is easier said than done, and for that reason, an
increasing number of organizations are relying heavily on data
masking to proactively protect their data, avoid the cost of
security breaches, and ensure compliance.
This whitepaper aims to give an overview of the world of data
masking by uncovering the types, techniques, strategies, and
use cases of custom implementations that will help you
understand its enterprise potential.
As the name implies, data masking (also known as data
obfuscation, data anonymization, data munging, data
pseudonymization, data scrambling, data scrubbing, etc.), is a
process that organizations use to secure their data. The real data
is obscured by random characters or other data that covers
classified data points from those who do not have permission to
view it.
1
4. Why Data Masking?
Let us consider the following instances:
The primary function of masking data is to protect sensitive, private
information in situations where it might be visible to someone without
clearance to the information. Organizations copy millions of sensitive data
to non-production environments and very few succeed in protecting this
data when sharing with external and third-party systems too.
Health care organizations share patient data with medical sys-
tems or healthcare providers for enhanced availability, the integrity
of data on electronic Health Records (eHR), research on clinical
trials, efficient medical treatments, etc.
Enterprises share data from their production applications with
other systems for various business needs, data & business analytics,
or to allow a system administrator to test, apply patches, fixes, and
run upgrades.
Application developers need an environment-mimicking
production setting to build and test new features. This helps
businesses achieve a competitive advantage and stay up to date.
Financial services institutions such as banking, mortgage,
insurance, etc. depend on rapid transaction speed and global
interconnectivity. Unfortunately, all of their critical support
infrastructures like trading platforms, central security depositories,
payment and settlement systems, and central counterparties each
serve as a single point of failure. Therefore, a security breach at any
one of those infrastructures could have far-reaching consequences.
2
5. As you can see, data masking is essential in many regulated industries
where business-confidential information must be protected from
overexposure. With data masking, sensitive data categories that include
protection of intellectual property, personally identifiable information,
protected health information, financial information, and payment card
information can only be viewed by the people who are authorized to see it
and can see only what they should. By masking data, the organization can
expose the data as needed to test teams or database administrators
without compromising the data or getting out of compliance. The primary
benefit of data masking is reduced security risk.
Government Laws & Regulations
The need to protect data and mitigate the risk of compromising
critical and confidential information is at the forefront of
governments and enterprises, which is why laws, regulations, and
business policies have been built around processes. Data
masking is the first step to being in compliance with privacy laws,
discretion, and fulfilling the obligations of confidentiality.
Some of the regulatory efforts that have been put forth are - The
Health Insurance Portability and Accountability Act (HIPAA) which
alludes to the protection and confidential handling of protected
health information, the Sarbanes-Oxley Act (or SOX Act) aims to
protect investors by making corporate disclosures more reliable
and accurate and the Payment Card Industry (PCI) Data Security
Standard (DSS) which is enforced by Visa and Master Card
ensures cardholder data security and adopts data security
measures globally.
3
6. The Challenges
Organizations have started taking threats to data breaches very seriously
and have set out to address these issues as quickly as possible. The typical
approaches to data protection such as firewalls, encryption, and
passwords fail to sufficiently lock down data. Enterprises today must go
beyond traditional security measures and instead opt for a comprehensive
data security solution that includes proactive security monitoring at the
data level.
The idea of merely removing sensitive information from the non-production
environment seems to be a simple ask, However, it can pose serious
challenges in various aspects. The immediate challenge lies in finding the
perfect balance between conformance with privacy laws, discretion, and
the obligations of confidentiality. Ensuring data integrity between support
and the production environment delivers more value to the business and
speeds up releases.
Some of the immediate challenges are:
Applications are getting more complex and integrated. Knowing
where the sensitive information resides and what applications are
referencing this information becomes difficult. Because of the
ever-evolving nature of applications, maintaining meta-data
knowledge of the application architecture throughout its lifecycle also
is of concern.
Maintaining application integrity, auditing needs, acceptable
performance, and reliability while formulating a flexible solution.
Since application design is usually not built with the intent of ‘hiding’
sensitive data from specific environments, the analysis of the
dependencies on each of the sensitive elements (such as
development and testing needs, target user community, location and
compliance mandates to name a few), has to be considered.
4
7. Repeated masking and synchronizing poses a challenge when
auditing is concerned. Keeping track of what has been changed
becomes an important business control requirement to prove
compliance with regulations and laws. To implement these types of
controls, reporting becomes paramount, along with the separation of
duties and role-based permissions.
Complexity in introducing data security as a part of the development
life cycle as data models and data stores have evolved with time.
Providing a flexible solution that can evolve with the application and
can be extended beyond the database to logs, XML files, JSON data
within an enterprise becomes an important challenge to address.
Inherent complexities due to referential nature of data, availability of
data in multiple tables in de-normalized databases, distributed data
sources.
Diversity in environments with a single point of ownership for each
application.
5
8. Our Solution
Our solution to these challenges regardless of the industry is to apply our
Masking Approach that is carried out in the following stages:
Discover: Do a thorough discovery of understanding the
business, go through the data model, relationship, usage, etc
to identify the sensitive data.
Assess: : Define the type, the technique, and where to apply
the masking to be adopted for the use case and derive the
masking definition for each of the data categories.
Validate: Utilize the application test suite/automation testing
framework to validate the system behavior and security of
information.
Parameters for Solution Identification
Parameters for Solution Identification
Apply: Apply the derived masking definition to the data source.
Roles Involved: This process will involve the expertise and coordinated effort of DB
Admin, Security Admin, Application Development, and Testing team.
Business rule
Business rule
Analyze the underlying business rules of the use
case of information.
Referential
integrity
Referential
integrity
Must maintain the data integrity across tables,
databases, and systems.
6
9. Row-Internal
synchronization
requirement
Row-Internal
synchronization
requirement
Similar to referential integrity, however integrity
within the row or tuple.
Ex. PersonName is the concatenation of FirstName,
MiddleName, LastName.
Application
type
Application
type
COTS or Custom-built: Analyse if there is any
ready solution in the market for business case.
Cost
Cost Must be a cost-effective, yet efficient solution.
Turn-around
time
Turn-around
time
Ready solution masking might be generic and
custom solution can target for a specific case,
hence might support reduced cycle time.
7
10. Where to Apply
Data Masking
Based on where we apply masking, there are two major types:
Static and Dynamic data masking
Static data masking - This kind is applied to the copy of a
single source of data, however, does not limit to the DB but
also evolves with log files, XML, JSON, payload files, etc. Admins,
typically load data backup into an integrated environment,
carry out filtering on the dataset to limit the necessary data
needed for testing or business operation, and apply data
masking at static and then push to the intended environment.
Dynamic data masking - Dynamic Data Masking, applied on
one record at a time, at runtime, dynamically, and
on-demand. This process is crucial in enabling continuous
deployment for huge integrated applications by avoiding the
time spent on creating backup and load to a special copy of
the database.
Systems where there are feeds from production at a constant
pace to development making it complex to remain compliant,
on-the-fly data masking becomes essential in such cases.
Further, on-the-Fly data masking happens in the process of
transferring data from environment to environment without
data touching the disk on its way.
8
11. How to Apply Data Masking
Data Masking depends on your business needs and rules, as well as
applicable data privacy law(s). At a technical level, that usually means
deciding how the resulting masked data or, ciphertext needs to appear, if it
needs to be reversible or unique, how secure it is, and possibly, what kind of
resources and time are available for the process.
Some of the various techniques are:
Substitution
Shuffling
Number and
Data Variance
Encryption
Masking Out
Nulling out
or Deletion
1. Preserves the authentic look and feel of the data records
2. Ability to apply customized data substitution sets.
1. Derives the subsititution set from the same column of
data that is being masked.
2. Data is randomly shuffled within the column.
1. Number variance applied could br around =/- 10%.
2. Applying a random numeric variance of +/-120 days to
date fields.
1. Requires that a “key” be applied to view the data
based on user rights.
1. Applying null value to a perticular field.
2. Lessens the degree of data integrity that is maintained
in the masked data set.
1. Character scrambling or masking out of certain
fields, SSN: XXX-XX-1234
9
12. Data Masking in
Action
Opteamix successfully performed the Data Masking Analysis and defined
strategies for one of the leading US-based Human and Health Services
providers whose business involved crucial and critical rules and regulations
for the protection of PII/PHI information. The business needed a solution that
would mask sensitive information, retain referential integrity, maintain row
internal synchronization, enable continuous deployment of the applications
all while reducing time and DBA workload.
A number of their existing applications were data masked as a
security-related solution provided by their vendors. However, because of
the sheer size of the application, problems arose in the form of high
turnaround time and restrictions on certain data records which were either
nullified or filtered out even though they were crucial in running the business
in onsite-offshore model.
To find a solution to the above-mentioned problem, it was important to
recognize the fact that a single solution might not be feasible in this
situation. We had to come up with a solution that can leverage people,
processes, and technology for easy integration. Our study
included-analysis of production issues, mimicking systems for an exact
production-like environment of test and dev, covering tests for
patch/fixes/upgrades, quick turn-around test, and development
environment provisioning, etc
With the out-of-the-box pre-defined masking algorithms, masking
common sensitive information, such as social security numbers, emails,
credit card numbers, etc. reduced significant time in constructing from
scratch. COTS applications can be masked with ready market solutions.
Solution Options
1. Data Masking Solution for COTS like ATS, ERP, and/or CRM products:
Usage of ready market solutions like: DATPROF Data Masking Tool, Delphix,
Oracle solution.
10
13. Scenarios where applications have free text of audit notes, logged
information, operation team’s & application’s notes, structured text like
Payload, JSON and/or XML, etc.
Due to this complexity, there is a strong need for an Inhouse custom or
Hybrid solution after performing the various stages of masking approach of
discovery and assessment
We recommended, Static data masking considering the complexity,
cumbersome steps, and tools involved in other types for similar products for
one of the Product for supporting US Health Care services.
2. Data Masking Solution for Inhouse Products & Applications with Free
text and Structured JSON/XML
Analysis of existing
scripts if any
Approach based on
recommendation
Prepare masking scripts using
tool and/or custom process
Validate masking
scripts
Baseline scripts
ready
Initial Iteration
Representation of Incremental approach
Identified Techniques to be used are: Substitution, Masking, Numeric/Date
Variance and Nulling.
11
14. Take a scenario where application production support is performed by
offshore consultants, lending their expertise towards batch job executions,
patches, DB upgrades, and data fixes to resolve issues for the operations
team. During this process, people who are not authorized to see certain data
are privy to lots of information that most often is of a sensitive nature. Due to
the ongoing Pandemic and remote working, this process has become more
vulnerable to security threats. To mitigate this risk, we carried out the various
stages of the masking approach of discovery and assessment and provided
the following options to solve the problem:
Data Redaction: Users working on Data fixes are provided with specialized
user role and access and rendered with redacted data from DB Client on
the execution of SQL queries against the PII/PHI information holding DB
tables.
Example: Email Address of JohnMary123@abc.com can be rendered as
JxxxMxxxxx@abc.com or xxxxxxx@xxx.com for the unauthorized user.
Use of Datebase Views: Designed exclusive user roles and permissions for
the DB access users and created DB views for the tables which are needed,
without the PII/PHI holding columns for Production Support.
Application code changes: Application side code changes for the UI layer
to use CSS styles and HTML and JavaScript functions to render masked
data for the sensitive information on to the web-application.
Validate masking scripts
Incremental scripts
ready
Subsequent Iteration
Analyse baseline scripts
and identify gaps
Prepare scripts using tools
and/or custom process
12
15. Conclusion
With stricter laws and governance requirements, data security is
now a concern across industries. Data masking is not domain-
specific and offers organizations of all sizes a highly effective
method to address data protection. It can be adopted to suit any
business needs, enabling organizations to proactively secure
corporate data, improve data security compliance, and lower costs
associated with data breaches that are simply too great for any
organization to ignore.
While it may require a change in mindset in how data is secured,
data masking can swiftly reduce the risk of data breaches.
Organizations must have a well-defined strategy in place to
discover, assess, apply, and validate the right Data Masking process
based on business needs.
As customer and organization data and other sensitive information
are hidden, a large number of malicious and accidental threats are
simply eliminated, helping to protect organizations from the very
real threats of insider data leakage or theft.
13
16. www.opteamix.com
Visit us at
USA
9609 S. University Blvd.,
#631994
Littleton
CO 80163
++1 303 683 6454 +91 80 4667 1666
INDIA
Brigade Software Park
A Block, 2nd Floor
#42, 27th Cross Road
Banashankari Stage II
Bengaluru 560070
Opteamix is a digital automation technology consulting firm with
deep expertise in Application Development, Robotic Process
Automation, AI, DevOps, Enterprise Mobility, and Test Automation
Services. We are headquartered in Denver, Colorado with a
wholly-owned delivery center in Bangalore, India.
Contact Us