Secupi - Veri Maskeleme - Anonimleştirme ve Mantıksal Silme Çözümü

Information Security Level 2 – Sensitive
© 2018 – Proprietary & Confidential Information of SecuPI1
SecuPi Data Centric
Security & Compliance
Introduction

What Gartner Says About SecuPi
User Entity Behavior Analytics (UEBA)
Data-Centric Audit and Protection (DCAP)
Data Masking
“SecuPi incorporates UEBA features for sensitive data usage, analysis and protection. The
solution employs an innovative approach that relies on sensitive data access in high-risk
applications as a key factor in its UEBA model, along with other user activities”
“SecuPi provides Dynamic Data Masking (DDM) at the application tier as part of an offering
that also includes externalized authorization management (EAM), application data access
monitoring, and user behavior analytics.”
Leading Three Markets
Source: Market Guide for Data-Centric Audit and Protection
Published: 21 March 2017
YS

SecuPi Data Subject Privacy Management
Applied across Business Applications, Datawarehouse, Big Data & Tools
Logical Deletion
(e.g., in Big data)
Physical Deletion
Physical
Anonymization &
Masking
SecuPi
Policies
Dynamic Masking
Encryption/
Tokenization
SecuPiData&ProcessDiscovery
Anonymization
& Activity-
Monitoring
SecuPi
Modules
Retention &
Deletion
Personal Data
During Retention
Personal Data
Post Retention
Active
Data Subjects
Data Subject
Status Activity MonitoringRegulation
Consent7 |Conditions for Consent
17|Right to be Forgotten
18|Restriction of processing
21|Right to Object
30| Records of Processing
32 | Security of Processing
...

Addressing GDPR Requirements
Discovery, data-flow mapping
Dynamic Consent Controls
User Behavior Analytics (UBA)
Logical Deletion
Monitoring & Auditing
Physical Deletion
Matching All Technical Compliance Requirements
Processing of Personal Data5
Lawfulness of Processing6
Conditions for Consent7
Conditions of Child's Consent8
Processing Special categories9
Processing of Criminal Records10
Right of Access15
Right to be Forgotten17
Restriction of processing18
Right to Data Portability20
Right to Object21
Protection by Design & Default25
Records of Processing Activities30
Security of Processing32
Notification of Data Breach33
Communication of Data Breach34
Article # |Article Name | SecuPi FeatureArticle # |Article Name | SecuPi Feature
Anonymization & Monitoring
Module
Retention & Deletion Module

SecuPi Platform Enterprise Coverage
Front-Office ERP Finance
HR-App
ERP
Reporting Tools
CRM
e-Commerce
Front-office
Finance
Billing
Business Applications
SecuPi Platform
GDPR enablement capabilities Quick implementation No code changes
Beeline

SecuPi Customer Testimonial
Metro Group Germany (Largest Retail)
Notable SecuPi features applied on Metro applications include:
• Discovery & real-time monitoring
• “Records of processing activity”
• Breach notification, security by design/default
• “Right to be forgotten”
• Data minimization, and more…
Within 4-5 weeks, SecuPi was on-boarded in few customer facing
applications with no development effort

SecuPi Monitoring & Anonymization
> Simple installation, on-prem or on-cloud
> Applying discovery, monitoring and subject-rights on
applications, DW and Big data env.

SecuPi Monitoring & Anonymization Module
An Application Overlay, No DB agents, No Development Effort
Campaign
ERPReporting Tools HR-Apps e-Commerce
Front-officeFinanceCRM
End-Users
Applications
- CONFIDENTIAL --
SecuPi
Central Server
Databases
Discovery, data-flow mapping
Dynamic Consent Controls
User Behavior Analytics (UBA)
Logical Deletion / Pseudonymizat.
Monitoring & Auditing
Physical Deletion / Anonymization

Dynamic Masking in CRM Application (column/row basis)

For Teradata, Oracle Datawarehouse, Hive…
Campaign Mng.Applications
SecuPi Central
Management
Server
CRM
UDBs
BTEQBeeline
HDFS
Hive/
Cassandra

SecuPi Application Overlay Monitors & Applies Data Subject Rights
No Database agents nor development effort required
SecuPi Central
Management Servers
Data Sources
Application UI
& Other Interfaces
SecuPi Overlay
installed on
Application
Servers
Documents
Logs
Classification
and Labeling
Monitoring
Masking
Data flow
Discovery
Monitoring
Masking/encryption/
tokenization
Discovery and
Classification
Monitoring
Masking
Encryption/
tokenization
Data Deletion
Consent Controls
User Request Data Request
Application Server
(Java/.Net)
User Response Data Response
Encryption/
tokenization

SecuPi Solution For Datawarehouse
Field-level decryption and anonymization for Teradata, Oracle etc.,
Installed on Reporting tools
(Tableau, Business objects, Excel, etc.)
Discovery, Mapping & UEBA Comprehensive Policy Engine
- CONFIDENTIAL -
SecuPi Logical
Deletion policy
999-999-9999JXXXX XXX
SecuPi Central
Management Servers

HDFS
Hive servers
SecuPi Data-Centric Approach For Big Data
Field-level decryption & anonymization for HDFS
Beeline
Installed on the Hive
Servers
Discovery, Mapping & UEBA Comprehensive Policy Engine
JDBC
ODBC
CLI
- CONFIDENTIAL -
SecuPi Logical
Deletion policy
SecuPi Central
Management Servers

Fat Client &
Excel & DBA tools
SecuPi Central
Management
SecuPi wraps the
JDBC/ODBC/OCI drivers – on Fat
clients running on desktops, Citrix
servers and DBA’s PC
Installed where the
database drivers are used It discovers and classifies sensitive data by
entering data values from the screens.
It also monitors and audits sensitive user
activity coupled with anomaly detection
using behavior analytics models
Discovery, Mapping & UEBA
SecuPi policy can use
LDAP/AD/Kerberos to apply
field/record level encryption,
redaction, masking or blocking
sensitive data-flows
Comprehensive Policy
Engine
JDBC
ODBC
OCI
Data Source Applications running C, C++
With SecuPi Policies
SecuPi DB Driver Wrapper For Fat-clients & DBA/Dev tools
Logically deleted data
Anonymized data
Original data

SecuPi Discovery & Data-Flow Mapping
For applications in scope end-users simply mark personal data in screens &
reports, having SecuPi identify the source database objects
Initiate Discovery
Mouse click the “Select field”
button that SecuPi appends to
the screen
1
Select field
Simply click on a sensitive
VALUE on the screen
2
SecuPi Classifies the
Data
SecuPi identifies the source
table/column containing the
VALUE. Just add classifications &
risk.
3

Comply with “Security by design/default” (article 25)
using Data-centric Behavior Analytics (UBA)
- CONFIDENTIAL -
Detects Suspicious User
Behavior in Real-time
Detect abnormal/inappropriate data access, as might be
attempted by a Malicious Insider or External Attacker using
stolen credentials or subverting the application
Data protection by
design and by default
Article
25

Comply with “records of processing” & breach
notification articles (articles 30, 33)
- CONFIDENTIAL -
Comprehensive real-time
Monitoring & Forensics
Obtain real-time monitoring & full audit for all requests to any
sensitive data / sensitive transactions. Obtain a risk analysis of
data flow
Records of Processing
Activities
Article
30
Notification of a personal
data breach
Article
33

Apply Subject Rights
Mask and obscure data
Pseudonymization policies dynamically
masked sensitive information to ensure
“need-to-know” access
Data Minimization
Minimize data access at finer level than
an application might inherently support
remove or obscure data a user does not
require
Pseudonymized
field
Logical Deletion
Permit ‘logical deletion’ by hiding data
records although still retained in the data-
source (data cannot easily be physically
deleted for technical or legal reasons)

Unstructured Data Protection
SecuPi protects excel, CSV & PDF files
created in LoB applications:
Automatic & accurate labeling
Automatically labels documents at creation
Data Protection
RMS encryption is applied on file exports to secure
sensitive data
Enhanced Monitoring
Provides visibility on which sensitive data was
exported
Dynamic controls
Apply dynamic masking or data redaction to secure
sensitive data at source

Classification of Unstructured Content
The exported file contains the classifications that are derived both from
the AIP and the SecuPi classifications
Automatic and accurate labeling

Install SecuPi on business
applications
Discover personal data & map personal
data-flows from source to destination
Define policies to apply data
minimization, consent & “Forgotten”
Enforce subject rights while auditing
and monitoring in real-time all
personal data flows and processes
Install
4 Steps to GDPR
Get your business applications GDPR ready
in days and with no development effort
Start!
01
02
03
04
Ready!
Discover
Set
Go Live

SecuPi Retention & Deletion
> Simple installation, on-prem or on-cloud
> No agent required anywhere!
> Discovery of personal data (to be anonymized)
> Recording and parsing of existing customer deletion
processes for faster and safer implementation

SecuPi Implementation Options for “Right to be forgotten”
SecuPi Deletion Methods
Value at source
213-436-5723John Smith
After ~10 years
of Retention
999-999-9999JXXXX XXX
Logical Deletion
on data-flows & processes
Physical Anonymization
on databases
App.
Screen/
APIs
On DB
Level
Physical Deletion
on databases1 2 3
XXX-XXX-XXXXABCD EF
During ~10 years
of Retention
On DB
Level
Use During Retention Period or
when physical deletion not feasible
(e.g., Big Data)
Use After Retention Period Use For SalesForce/when
App. deletion API exist

SecuPi Retention and Deletion Module
Logical
Anonymization &
Masking (Big data)
Physical Deletion
SecuPi
Policies
Retention Workbench
Record & Analyze Existing
Personal Data Changes
and Deletion Processes
Retention Orchestration Workflow
1
2
3
Auditability Operability Scalability
Physical
Anonymization &
Masking

Retention & Deletion Workbench
Define retention & physical/logical deletion or pseudonymization action

Retention Orchestration Workflow Server
Graphical workflow engine for deletion orchestration across data silos

EnterpriseCompliance
Time
Wave-2 Wave-3Wave-1
Get Your Top-Risk Applications GDPR Ready in Few Weeks
It is Fast to Deploy, No DB Agents, No Code-Changes
CRM
Marketing
e-Commerce
Compliance
Ready!
SQL-Plus Toad
Campaign Mng.
• Fast to Deploy
• No DB Agents
• Minimal Code-Changes
• Agile implementation
Business
Applications
Business
Applications
Analytics
Environments
* Order of waves is subject
to DPO preference
Privileged
Access Tools

SecuPi Capabilities Addressing Additional Use Cases
Monitor real-time activity,
Data-flow visibility
Audit Data Access
(both Views/Reads & Writes)
Anomaly Detection/UEBA
for insider threat
Data-minimization (masking,
hiding, blocking access)
Audit
Monitor
Control
Detect
Cloud Onboarding Security
DBA/Dev. Access Control
Preventing Insider-threat
Big-data Data Protection
Capabilities Use Cases

SecuPi Benefits
Centralized, quick and wide GDPR coverage across applications
- CONFIDENTIAL -
Most comprehensive GDPR
solution, covering all GDPR
articles across wide LoB
applications
Agile solution meeting
current & future compliance
requirements
Quick and scalable
implementation with
no code changes
CRM
e-Commerce
Front-officeBI Tool Dev. Tools
ERP
Finance
HR-App

Secupi - Veri Maskeleme - Anonimleştirme ve Mantıksal Silme Çözümü

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Secupi - Veri Maskeleme - Anonimleştirme ve Mantıksal Silme Çözümü

Similar to Secupi - Veri Maskeleme - Anonimleştirme ve Mantıksal Silme Çözümü (20)

Recently uploaded

Recently uploaded (20)

Secupi - Veri Maskeleme - Anonimleştirme ve Mantıksal Silme Çözümü