SlideShare a Scribd company logo

Security for iot and cloud aug 25b 2017

•Download as PPTX, PDF•
•
Ulf Mattsson
Ulf Mattsson

IoT and Cloud - Attacks and Solutions

Technology
1 of 70
Security for IOT
02 By year-end 2020, IoT risk and security needs will add an average of 2% to the total IoT project costs, up from 0% today. Supply chain security needs through 2021 will account for 15% of total IoT security spend, up from less than 1% today. IoT security solutions enable organizations to securely manage IoT devices, and ensure IoT endpoint and data security, and asset discovery. IoT security and risk management leaders should use this research to understand how to evaluate and select solutions to meet their IoT security requirements. Source: Gartner
03 Three eclectic types of product vendors are emerging for securing IoT: embedded trust; device identity and key/credential management; and real-time visibility and control. Clients who are performing proof-of-concept trials are getting better clarity about a product's compatibility with their organization's environment and requirements. Low complexity in IoT deployment, flexibility of IoT security controls, ease of integration and competitive product pricing are the main selection criteria for IoT security and risk management leaders. Source: Gartner
04 IoT security and risk management leaders selecting an IoT security solution should: Justify investment in IoT security by evaluating the impact of improved visibility and control on the organization's risk exposure. Engage with vendors that offer technical support and professional services help during proof-of-concept trials to mitigate risks and to ensure a smooth alternative analysis. Determine which security solutions are already installed on the IoT network, and then identify and favor IoT security products that have direct integration with these existing solutions. Source: Gartner
05 The scale of security risks in the Internet of Things (IoT) era is therefore much greater than in the pre-IoT environment, and the "attack surface" is much larger. Most sensor based things have minimal computing resources, and the opportunities for antivirus, encryption and other forms of protection within things are more restricted. Therefore, IoT security products with a variety of capabilities emerged to help dispel some of these challenges. These IoT security products help IoT security and risk management leaders Source: Gartner
06 Device management: Tackle secure cryptographic key provisioning and management challenges in cases in which the mass number of IoT devices deployed simultaneously and their environmental characteristics create a challenge. Provide quick, secure, scalable and device-independent identity, access and relationship management experience that customers, partners and suppliers are looking for. Have a means to provision IoT devices by downloading software, patches, updates and other information periodically (a common requirement for security management systems). Source: Gartner
07 Endpoint and data security: Protect endpoints in cases in which traditional authentication and cryptography cannot be implemented due to resource constraints and long device life cycles outliving encryption effectiveness. Obtain anti-tampering functions for devices used in high-risk environments, as IoT devices require strong device identity and a root of trust as a foundation. Satisfy personal data privacy expectations between individuals and organizations in the IoT era. Source: Gartner
08 Asset discovery: Detect IoT devices in enterprise networks when these devices are part of proprietary or non-IT-standard engineering networks, or if they aren't continuously connected. Build an effective IoT "asset database" complete with attributes and entitlements for access by those devices (a major requirement of identity and access management as well as IT asset management [ITAM] systems). Evaluators and buyers of IoT security products are security and risk management leaders who are trying to establish end-to-end trust — from chip to cloud — in their IoT use cases across all industry verticals and domains. Multiple and wide-ranging IoT security technology providers are evolving to address these technical requirements and the business opportunities. Source: Gartner
09 Product vendors, with varied levels of consulting and professional services capabilities, in the IoT security market involve: Embedded trust vendors that provide a hardware root of trust — that is, a foundation to secure many variety of functions at the endpoint. Device identity and key/credential management vendors that offer IoT-scale- federated and secure device management implementations. Real-time visibility and control vendors that offer complete real-time visibility and control for every network-connected IoT device. Source: Gartner
010 The threat of a limited availability of security skills is also changing the manner in which IoT systems are managed and operated, resulting in more automation and more cognitive security controls. To enable effective automation of functions originally performed by people in security operations centers, vendors are embracing technologies, such as machine learning and artificial intelligence. High-profile cyberattacks and attempted compromises in the connected automobile and medical device industries have driven early security spend (digital as well as IoT-specific) in those verticals. The effects of these attacks also highlight the overlapping safety regulation and general safety management impacts of digital security. Source: Gartner
011 The potential scale of many IoT deployments drives market changes in how security monitoring, detection and response must take place. Cloud-based security services will play an indispensable role in providing IoT security due to the scale of services required: IoT will not be viable in the long term without the cloud. The diversity of IoT devices and their life cycles drive hybrid security solutions for legacy and modern IoT deployments, depending on the vertical industry. Authentication for IoT devices will generate a substantial market opportunity. The support for root of trust in devices and the "identity of things" model will drive centralized and federated key and certificate management services, lightweight encryption adoption, and multifactor authentication in security markets. Source: Gartner
012 Smart city projects are spreading across regions at a fast pace. These projects are developed in close integration with IoT, technology and security related elements from utility, automotive and manufacturing industries as part of advanced metering infrastructure, connected cars and smart home initiatives. The compound spend on IoT security relating to government, utility, building and facilities automation, and manufacturing will continue to grow. From a design and economics perspective, the balance of spending between IoT endpoints and IoT gateways will shift toward a gateway-centric deployment model over time. We project that 2019 will be the tipping point at which gateway security spending surpasses endpoint security spending. Source: Gartner
013 Most IoT security products from established traditional IT security vendors or small/midsize new entrants are only in their development or proof-of-concept stage. While vendors are working on improving their product and service offerings, IoT leaders, and security and risk management leaders should work with IoT security consultants to: Assess integration points in their networks for IoT implementations, and determine gaps in capability and infrastructure. Assess risk exposure from IoT-related initiatives, and assess their organization's security posture. Keep a record of all of their IoT assets, from sensors to large industrial equipment, and have visibility into their whole IoT networks and topologies. Analyze regulatory exposure to IoT security requirements. Work on developing in-house IoT security expertise, and familiarize themselves with successful implementations in their verticals (with the help of partnerships or consortia activities). Assign enterprise ownership for IoT technologies that are not already claimed by a business unit. Join neutral consortia activities to gain access to IoT ecosystems. Source: Gartner
014 IoT leaders should use a scenario-driven approach in selecting discovery and provisioning solutions, and should not attempt to acquire a "one size fits all" product or service at this stage. The number and type of IoT devices and support systems will continue to resist clear classification until at least 2018. IoT leaders should not make large-scale investments in discovery, provisioning, access and data protection at this stage until product and service boundaries are more clearly defined. Where possible, consider short-term, service-based leasing and minimal customization. Adopt authentication frameworks that are flexible and meet the interoperability requirements for all classes of devices in operation. Use trusted computing techniques, such as hardware root of trust (HRoT), for device authentication to achieve the highest possible identity assurance. Press the device manufacturers and authentication solution providers to explore new context data points — derived at various operational stages — and utilize them in determining the risks associated with a particular device operation. Assess product and service providers' preparedness for significant shifts in their product and service roadmaps, depending on their target markets.Significant integration may be required, and more specific choices in industry vertical solutions could result. Source: Gartner
Security for IOT and Cloud
IoT is a Paradise for Hackers 16 Source: HP Security Research Almost 90 percent of the devices collect personal information such as name, address, date of birth, email, credit card number, etc. Un-encrypted format on to the cloud and big data, thus endangering the privacy of users
26 billion devices on the Internet of Things by 2020 (Gartner) 15 Billion existing devices connected to the internet (Intel) Not adequately protected at the device level • Cannot wait for a new generation of secure devices to be developed Require robust and layered security controls 90% of world's data generated over last two years 17
Ecosystems will transform fragmented wearables market 18
The Department of Homeland Security • Investigating 2 dozen cases of suspected cyber security flaws in medical devices that could be exploited • Can be detrimental to the patient, creating problems such as instructing an infusion pump to overdose a patient with drugs or forcing a heart implant to deliver a deadly jolt of electricity • Encrypt medical data that’s stored PricewaterhouseCoopers study • $30billion annual cost hit to the U.S. healthcare system due to inadequate medical-device interoperability Security Threats of Connected Medical Devices 19 www.computing.co.uk/ctg/opinion/2390029/security-threats-of-connected- medical-devices#
Security for Cloud
021 95% of cloud security failures will be the customer's fault Source: Gartner
Sensitive Data in the Cloud 22 82%Of organizations currently (or plan to) transfer sensitive/confidential data to the cloud in next 24 mo.
23 Lack of Cloud Confidence 2/3Number of survey respondents that either agree or are unsure that cloud services used by their organization are NOT thoroughly vetted for security
24 Data Breach: Cloud Multiplier Effect 2xA data breach in the cloud can be 2x more costly. 66 percent of respondents say their organization’s use of cloud resources diminishes its ability to protect confidential or sensitive information and 64 percent believe it makes it difficult to secure business-critical applications
25 What Is Your No. 1 Issue Slowing Adoption of Public Cloud Computing?
26 Threat Vector Inheritance
Data Security Holding Back Cloud Projects 27 Source: Cloud Adoption Practices & Priorities Survey Report January 2015
Security of Data in Cloud at Board-level 28 Source: Cloud Adoption Practices & Priorities Survey Report January 2015
High-profile Cyber Attacks 29 49% recommended Database security 40% of budget still on Network security only 19% to Database security Conclusion: Organizations have traditionally spent money on network security and so it is earmarked in the budget and requires no further justification
30 How can we Secure Data in the new Perimeter-less Environments? CHALLENGE
Security Solutions
Fine Grained Data Security 32 SOLUTION
Data–Centric Audit and Protection (DCAP) 033 Source: Gartner – Market Guide for Data – Centric Audit and Protection (DCAP), Nov 21 2014 Organizations that have not developed data-centric security policies to coordinate management processes and security controls across data silos need to act By 2018, data-centric audit and protection strategies will replace disparate siloed data security governance approaches in 25% of large enterprises, up from less than 5% today Confidential
034 Centrally managed security policy Across unstructured and structured silos Classify data, control access and monitoring Protection – encryption, tokenization and masking Segregation of duties – application users and privileged users Auditing and reporting Source: Gartner – Market Guide for Data – Centric Audit and Protection (DCAP), Nov 21 2014 Confidential Data–Centric Audit and Protection (DCAP)
Centralized Policy Management - Example 35 Application File Servers RDBMS Big Data Gateway Servers MPP HP NonStop Base24 IBM Mainframe Protector Audit Log Audit Log Audit Log Audit Log Audit Log Audit Log Audit Log Enterprise Security Administrator PolicyPolicyPolicyPolicyPolicyPolicyPolicyPolicyPolicy Cloud Protection Servers Audit Log Security Officer Audit Log Audit Log Audit Log Audit Log
Enterprise Data Security Policy What is the sensitive data that needs to be protected. How you want to protect and present sensitive data. There are several methods for protecting sensitive data. Who should have access to sensitive data and who should not. Security access control. When should sensitive data access be granted to those who have access. Day of week, time of day. Where is the sensitive data stored? This will be where the policy is enforced. Audit authorized or un-authorized access to sensitive data. What Who When Where How Audit 36
37 Securing Cloud Data
Rather than making the protection platform based, the security is applied directly to the data Protecting the data wherever it goes, in any environment Cloud environments by nature have more access points and cannot be disconnected Data-centric protection reduces the reliance on controlling the high number of access points Data-Centric Protection Increases Security in Cloud Computing 38
039 Through 2020, 95% of cloud security failures will be the customer's fault. By year-end 2018, 50% of organizations with more than 2,500 users will use a cloud access security broker (CASB) product to control SaaS usage, up from less than 5% today. By 2020, 85% of large enterprises will use a CASB product, up from less than 5% today. Source: Gartner Clouds Are Secure: Are You Using Them Securely?
040 Gartner released the report “Simplify Operations and Compliance in the Cloud by Protecting Sensitive Data” in June 2015 that highlighted key challenges as “cloud increases the risks of noncompliance through unapproved access and data breach.” The report recommended CIOs and CISOs to address data residency and compliance issues by “applying encryption or tokenization,” and to also “understand when data appears in clear text, where keys are made available and stored, and who has access to the keys.” Another recent Gartner report concluded that “Cloud Data Protection Gateways” provides a “High Benefit Rating” and “offer a way to secure sensitive enterprise data and files.” Source: Gartner – xxxx Confidential Cloud Security
041 Protect the Entire Flow of Sensitive Data Cloud Gateway
Corporate Network Security Gateway Deployment – Hybrid Cloud 042 Client System Enterprise Security Administrator Security Officer Public Cloud Cloud Gateway Private Cloud Out-sourced
Corporate Network Security Gateway Deployment – Hybrid Cloud 043 Client System Enterprise Security Administrator Security Officer Private Cloud Public Cloud Cloud Gateway Out-sourced
Corporate Network 044 Client System Cloud Gateway Enterprise Security Administrator Security Officer Security Gateway – Searchable Encryption RDBMS Query re-write Order preserving encryption
Corporate Network 045 Client System Cloud Gateway Enterprise Security Administrator Security Officer Security Gateway – Search & Indexing RDBMS IndexIndex Query re-write
Risk Adjusted Data Leakage 46 Index Index Data Trust Elasticity Out-sourcedIn-house H L Index Leaking Sensitive Data Index NOT Leaking Sensitive Data Sort Order Preserving Encryption Algorithms Leaking Sensitive Data
47 Computational Usefulness Risk Adjusted Storage – Data Leaking Formats Data Leakage Strong-encryption Truncation Sort-order-preserving-encryption Indexing H L I I I I
Comparing Fine Grained Data Protection Methods 48
Reduction of Pain with New Protection Techniques 1970 2000 2005 2010 High Low Pain & TCO Strong Encryption Output: AES, 3DES Format Preserving Encryption DTP, FPE Vault-based Tokenization Vaultless Tokenization Input Value: 3872 3789 1620 3675 !@#$%a^.,mhu7///&*B()_+!@ 8278 2789 2990 2789 8278 2789 2990 2789 Format Preserving Greatly reduced Key Management No Vault 8278 2789 2990 2789 49
Cloud Gateway - Requirements Adjusted Protection Data Protection Methods Scalability Storage Security Transparency System without data protection Weak Encryption (1:1 mapping) Searchable Gateway Index (IV) Vaultless Tokenization Partial Encryption Data Type Preservation Encryption Strong Encryption (AES CBC, IV) Best Worst 50
10 000 000 - 1 000 000 - 100 000 - 10 000 - 1 000 - 100 - Transactions per second* I Format Preserving Encryption Speed of Fine Grained Protection Methods I Vaultless Data Tokenization I AES CBC Encryption Standard I Vault-based Data Tokenization *: Speed will depend on the configuration 51
52 What is Data Tokenization?
Fine Grained Data Security Methods Tokenization and Encryption are Different Used Approach Cipher System Code System Cryptographic algorithms Cryptographic keys Code books Index tokens Source: McGraw-HILL ENCYPLOPEDIA OF SCIENCE & TECHNOLOGY TokenizationEncryption 53
Significantly Different Tokenization Approaches 54 Property Dynamic Pre-generated Vault-based Vaultless
Examples of Protected Data Field Real Data Tokenized / Pseudonymized Name Joe Smith csu wusoj Address 100 Main Street, Pleasantville, CA 476 srta coetse, cysieondusbak, CA Date of Birth 12/25/1966 01/02/1966 Telephone 760-278-3389 760-389-2289 E-Mail Address joe.smith@surferdude.org eoe.nwuer@beusorpdqo.org SSN 076-39-2778 076-28-3390 CC Number 3678 2289 3907 3378 3846 2290 3371 3378 Business URL www.surferdude.com www.sheyinctao.com Fingerprint Encrypted Photo Encrypted X-Ray Encrypted Healthcare / Financial Services Dr. visits, prescriptions, hospital stays and discharges, clinical, billing, etc. Financial Services Consumer Products and activities Protection methods can be equally applied to the actual data, but not needed with de-identification 55
56 Cost of Application Changes All-16-hidden Only-middle-6-hidden All-16-clear High - Low - I I I Partial Protection of Data Fields Risk Exposure Cost Example: 16 digit credit card number
57 Access to Sensitive Data in Clear Low Access to Data High Access to Data High - Low - I I Risk Exposure User Productivity and Creativity Traditional Access Control
58 Access to Tokenized Data Low Access to Data High Access to Data High - Low - I I Risk Exposure User Productivity and Creativity Fine Grained Protection of Data Fields
Securing Big Data 59
060 CISOs should not treat big data security in isolation, but require policies that encompass all data New data-centric audit and protection solutions and management approaches are required Big data initiatives require data to move between structured and unstructured data silos, exposing incoherent data security policies that CISOs must address to avoid security chaos Source: Gartner – Big Data Needs a Data-Centric Security Focus, 2014 Confidential Big Data Needs a Data-Centric Security Focus
Oracle’s Big Data Platform 061
62 Oracle’s Exadata
Many Ways to Hack Big Data Source: http://nosql.mypopescu.com/post/1473423255/apache-hadoop-and-hbase 63 HDFS (Hadoop Distributed File System) MapReduce (Job Scheduling/Execution System) Hbase (Column DB) Pig (Data Flow) Hive (SQL) Sqoop ETL Tools BI Reporting RDBMS Avro(Serialization) Zookeeper(Coordination) Hackers Privileged Users Unvetted Applications Or Ad Hoc Processes
64 Securing Big Data 3. Volume encryption in Hadoop 4. Hbase, Pig, Hive, Flume and Scope using protection API 5. MapReduce using protection API 6. File and folder encryption in HDFS 8. Export de-identified data 1. Data protection at database, application or file 2. Data protection in a staging area 7. Import de-identified data 9. Export identifiable data 10. Export audit s for reporting
65 Critical Data Asset Discovery and Protection
Thank you! Questions? Ulf Mattsson, CTO Compliance Engineering umattsson@complianceengineers.com
67 Tokenization Reducing Attack Surface 123456 123456 1234 Tokenization on Each Node
The global shortage of technical skills in information security is by now well documented, but an equally concerning shortage of soft skills "I need people who understand that they are here to help the business make money and enable the business to succeed -- that's the bottom line. But it's very hard to find information security professionals who have that mindset," a CISO at a leading technology company told us Security & Business Skills 68 Source: www.informationweek.com/strategic-cio/enterprise-agility/the-security-skills-shortage-no- one-talks-about/a/d-id/1315690
Balancing Data Security & Utility 69 Index Data Leaking Sensitive Data ? Value Preserving Encoding Leaking Sensitive Data ? Classification of Sensitive Data Granular Protection of Sensitive Data
Exponential growth of data generation • New business models fueled by Big Data, cloud computing and the Internet of Things • Creating cybercriminal's paradise Challenge in this interconnected world • Merging data security with data value and productivity. Urgently need a data-centric strategy • Protect the sensitive data flowing through digital business systems Solutions to bring together data insight & security • Safely unlock the power of digital business Summary 70

Recommended

Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issuesAnastasios Economides
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoTgr9293
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and ChallengesOWASP Delhi
 
Iot Security
Iot SecurityIot Security
Iot SecurityMAITREYA MISRA
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITYThe Avi Sharma
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of ThingsBryan Len
 
Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough? Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough? Ravindra Dastikop
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
 

Recommended

Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issuesAnastasios Economides
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoTgr9293
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and ChallengesOWASP Delhi
 
Iot Security
Iot SecurityIot Security
Iot SecurityMAITREYA MISRA
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITYThe Avi Sharma
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of ThingsBryan Len
 
Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough? Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough? Ravindra Dastikop
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
IoT Security
IoT SecurityIoT Security
IoT SecurityPeter Waher
 
IOT privacy and Security
IOT privacy and SecurityIOT privacy and Security
IOT privacy and Securitynoornabi16
 
A survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTA survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTUniversity of Ontario Institute of Technology (UOIT)
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoTVasco Veloso
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)Sanjay Kumar (Seeking options outside India)
 
Security Requirements in IoT Architecture
Security Requirements in IoT Architecture Security Requirements in IoT Architecture
Security Requirements in IoT Architecture Vrince Vimal
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIntelÂŽ Software
 
Security challenges in IoT
Security challenges in IoTSecurity challenges in IoT
Security challenges in IoTVishnupriya T H
 
Raspberry Pi IoT Projects
Raspberry Pi IoT ProjectsRaspberry Pi IoT Projects
Raspberry Pi IoT ProjectsRachardy Andriyanto
 
IoT Security
IoT SecurityIoT Security
IoT SecurityNarudom Roongsiriwong, CISSP
 
Iot(security)
Iot(security)Iot(security)
Iot(security)Shreya Pohekar
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networksantoniomorancardenas
 
Elements of IoT connectivity technologies
Elements of IoT connectivity technologiesElements of IoT connectivity technologies
Elements of IoT connectivity technologiesusman sarwar
 
Introduction to Internet of Things (IoT)
Introduction to Internet of Things (IoT) Introduction to Internet of Things (IoT)
Introduction to Internet of Things (IoT) Francesco Felicetta
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
IOT-internet of thing
IOT-internet of thingIOT-internet of thing
IOT-internet of thingVISHALJAT3
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
 
CHAPTER 4.pptx
CHAPTER 4.pptxCHAPTER 4.pptx
CHAPTER 4.pptxttyu2
 
Frost Entrust Datacard-award-write-up-final
Frost Entrust Datacard-award-write-up-finalFrost Entrust Datacard-award-write-up-final
Frost Entrust Datacard-award-write-up-finalWendy Murphy
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecurityCigniti Technologies Ltd
 

More Related Content

What's hot

IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
IoT Security
IoT SecurityIoT Security
IoT SecurityPeter Waher
 
IOT privacy and Security
IOT privacy and SecurityIOT privacy and Security
IOT privacy and Securitynoornabi16
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoTVasco Veloso
 
Security Requirements in IoT Architecture
Security Requirements in IoT Architecture Security Requirements in IoT Architecture
Security Requirements in IoT Architecture Vrince Vimal
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIntelÂŽ Software
 
Security challenges in IoT
Security challenges in IoTSecurity challenges in IoT
Security challenges in IoTVishnupriya T H
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networksantoniomorancardenas
 
Elements of IoT connectivity technologies
Elements of IoT connectivity technologiesElements of IoT connectivity technologies
Elements of IoT connectivity technologiesusman sarwar
 
Introduction to Internet of Things (IoT)
Introduction to Internet of Things (IoT) Introduction to Internet of Things (IoT)
Introduction to Internet of Things (IoT) Francesco Felicetta
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
IOT-internet of thing
IOT-internet of thingIOT-internet of thing
IOT-internet of thingVISHALJAT3
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
 
CHAPTER 4.pptx
CHAPTER 4.pptxCHAPTER 4.pptx
CHAPTER 4.pptxttyu2
 

What's hot (20)

IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
IOT privacy and Security
IOT privacy and SecurityIOT privacy and Security
IOT privacy and Security
 
A survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTA survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOT
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoT
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)
 
Security Requirements in IoT Architecture
Security Requirements in IoT Architecture Security Requirements in IoT Architecture
Security Requirements in IoT Architecture
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
 
Security challenges in IoT
Security challenges in IoTSecurity challenges in IoT
Security challenges in IoT
 
Raspberry Pi IoT Projects
Raspberry Pi IoT ProjectsRaspberry Pi IoT Projects
Raspberry Pi IoT Projects
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networks
 
Elements of IoT connectivity technologies
Elements of IoT connectivity technologiesElements of IoT connectivity technologies
Elements of IoT connectivity technologies
 
Introduction to Internet of Things (IoT)
Introduction to Internet of Things (IoT) Introduction to Internet of Things (IoT)
Introduction to Internet of Things (IoT)
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
IOT-internet of thing
IOT-internet of thingIOT-internet of thing
IOT-internet of thing
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
 
CHAPTER 4.pptx
CHAPTER 4.pptxCHAPTER 4.pptx
CHAPTER 4.pptx
 

Similar to Security for iot and cloud aug 25b 2017

Frost Entrust Datacard-award-write-up-final
Frost Entrust Datacard-award-write-up-finalFrost Entrust Datacard-award-write-up-final
Frost Entrust Datacard-award-write-up-finalWendy Murphy
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecurityCigniti Technologies Ltd
 
Security Implications of Accenture Technology Vision 2015 - Executive Report
Security Implications of Accenture Technology Vision 2015 - Executive ReportSecurity Implications of Accenture Technology Vision 2015 - Executive Report
Security Implications of Accenture Technology Vision 2015 - Executive ReportAccenture Technology
 
Securing the internet of things: The conversation you need to have with your CEO
Securing the internet of things: The conversation you need to have with your CEOSecuring the internet of things: The conversation you need to have with your CEO
Securing the internet of things: The conversation you need to have with your CEOThe Economist Media Businesses
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati
 
Safeguarding the Internet of Things
Safeguarding the Internet of ThingsSafeguarding the Internet of Things
Safeguarding the Internet of ThingsCognizant
 
Reinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsReinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsNirmal Misra
 
151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1p151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1pStĂŠphane Roule
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enKarel Van Isacker
 
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...Dark Bears
 
Security for the IoT - Report Summary
Security for the IoT - Report SummarySecurity for the IoT - Report Summary
Security for the IoT - Report SummaryAccenture Technology
 
Io t business-index-2020-securing-iot
Io t business-index-2020-securing-iotIo t business-index-2020-securing-iot
Io t business-index-2020-securing-iotramesh209
 
Io t security market
Io t security marketIo t security market
Io t security marketdanishsmith01
 
IoT and security
IoT and securityIoT and security
IoT and securityIET India
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperMartin Ruubel
 
5G-and-IoT-vs-cyber-security.pdf internet
5G-and-IoT-vs-cyber-security.pdf internet5G-and-IoT-vs-cyber-security.pdf internet
5G-and-IoT-vs-cyber-security.pdf internetsuperintendingengine17
 
Security and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical SystemsSecurity and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical SystemsBob Marcus
 
assignment help experts
assignment help expertsassignment help experts
assignment help experts#essaywriting
 

Similar to Security for iot and cloud aug 25b 2017 (20)

Frost Entrust Datacard-award-write-up-final
Frost Entrust Datacard-award-write-up-finalFrost Entrust Datacard-award-write-up-final
Frost Entrust Datacard-award-write-up-final
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application Security
 
Code of practice_for_consumer_io_t_security_october_2018
Code of practice_for_consumer_io_t_security_october_2018Code of practice_for_consumer_io_t_security_october_2018
Code of practice_for_consumer_io_t_security_october_2018
 
Security Implications of Accenture Technology Vision 2015 - Executive Report
Security Implications of Accenture Technology Vision 2015 - Executive ReportSecurity Implications of Accenture Technology Vision 2015 - Executive Report
Security Implications of Accenture Technology Vision 2015 - Executive Report
 
Securing the internet of things: The conversation you need to have with your CEO
Securing the internet of things: The conversation you need to have with your CEOSecuring the internet of things: The conversation you need to have with your CEO
Securing the internet of things: The conversation you need to have with your CEO
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
 
Safeguarding the Internet of Things
Safeguarding the Internet of ThingsSafeguarding the Internet of Things
Safeguarding the Internet of Things
 
Reinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsReinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of Things
 
151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1p151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1p
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
 
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...
 
Security for the IoT - Report Summary
Security for the IoT - Report SummarySecurity for the IoT - Report Summary
Security for the IoT - Report Summary
 
Io t business-index-2020-securing-iot
Io t business-index-2020-securing-iotIo t business-index-2020-securing-iot
Io t business-index-2020-securing-iot
 
Io t security market
Io t security marketIo t security market
Io t security market
 
IoT and security
IoT and securityIoT and security
IoT and security
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
 
5G-and-IoT-vs-cyber-security.pdf internet
5G-and-IoT-vs-cyber-security.pdf internet5G-and-IoT-vs-cyber-security.pdf internet
5G-and-IoT-vs-cyber-security.pdf internet
 
Security and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical SystemsSecurity and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical Systems
 
assignment help experts
assignment help expertsassignment help experts
assignment help experts
 
Cybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - SkillmineCybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - Skillmine
 

More from Ulf Mattsson

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Ulf Mattsson
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Ulf Mattsson
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...Ulf Mattsson
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021Ulf Mattsson
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesUlf Mattsson
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Ulf Mattsson
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeUlf Mattsson
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchainUlf Mattsson
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protectionUlf Mattsson
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsUlf Mattsson
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaUlf Mattsson
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningUlf Mattsson
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKUlf Mattsson
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonUlf Mattsson
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAUlf Mattsson
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?Ulf Mattsson
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bUlf Mattsson
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020Ulf Mattsson
 

More from Ulf Mattsson (20)

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
 
Book
BookBook
Book
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use cases
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicode
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchain
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protection
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA Atlanta
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UK
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS London
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACA
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020
 

Recently uploaded

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 

Recently uploaded (20)

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 

Security for iot and cloud aug 25b 2017

  • 2. 02 By year-end 2020, IoT risk and security needs will add an average of 2% to the total IoT project costs, up from 0% today. Supply chain security needs through 2021 will account for 15% of total IoT security spend, up from less than 1% today. IoT security solutions enable organizations to securely manage IoT devices, and ensure IoT endpoint and data security, and asset discovery. IoT security and risk management leaders should use this research to understand how to evaluate and select solutions to meet their IoT security requirements. Source: Gartner
  • 3. 03 Three eclectic types of product vendors are emerging for securing IoT: embedded trust; device identity and key/credential management; and real-time visibility and control. Clients who are performing proof-of-concept trials are getting better clarity about a product's compatibility with their organization's environment and requirements. Low complexity in IoT deployment, flexibility of IoT security controls, ease of integration and competitive product pricing are the main selection criteria for IoT security and risk management leaders. Source: Gartner
  • 4. 04 IoT security and risk management leaders selecting an IoT security solution should: Justify investment in IoT security by evaluating the impact of improved visibility and control on the organization's risk exposure. Engage with vendors that offer technical support and professional services help during proof-of-concept trials to mitigate risks and to ensure a smooth alternative analysis. Determine which security solutions are already installed on the IoT network, and then identify and favor IoT security products that have direct integration with these existing solutions. Source: Gartner
  • 5. 05 The scale of security risks in the Internet of Things (IoT) era is therefore much greater than in the pre-IoT environment, and the "attack surface" is much larger. Most sensor based things have minimal computing resources, and the opportunities for antivirus, encryption and other forms of protection within things are more restricted. Therefore, IoT security products with a variety of capabilities emerged to help dispel some of these challenges. These IoT security products help IoT security and risk management leaders Source: Gartner
  • 6. 06 Device management: Tackle secure cryptographic key provisioning and management challenges in cases in which the mass number of IoT devices deployed simultaneously and their environmental characteristics create a challenge. Provide quick, secure, scalable and device-independent identity, access and relationship management experience that customers, partners and suppliers are looking for. Have a means to provision IoT devices by downloading software, patches, updates and other information periodically (a common requirement for security management systems). Source: Gartner
  • 7. 07 Endpoint and data security: Protect endpoints in cases in which traditional authentication and cryptography cannot be implemented due to resource constraints and long device life cycles outliving encryption effectiveness. Obtain anti-tampering functions for devices used in high-risk environments, as IoT devices require strong device identity and a root of trust as a foundation. Satisfy personal data privacy expectations between individuals and organizations in the IoT era. Source: Gartner
  • 8. 08 Asset discovery: Detect IoT devices in enterprise networks when these devices are part of proprietary or non-IT-standard engineering networks, or if they aren't continuously connected. Build an effective IoT "asset database" complete with attributes and entitlements for access by those devices (a major requirement of identity and access management as well as IT asset management [ITAM] systems). Evaluators and buyers of IoT security products are security and risk management leaders who are trying to establish end-to-end trust — from chip to cloud — in their IoT use cases across all industry verticals and domains. Multiple and wide-ranging IoT security technology providers are evolving to address these technical requirements and the business opportunities. Source: Gartner
  • 9. 09 Product vendors, with varied levels of consulting and professional services capabilities, in the IoT security market involve: Embedded trust vendors that provide a hardware root of trust — that is, a foundation to secure many variety of functions at the endpoint. Device identity and key/credential management vendors that offer IoT-scale- federated and secure device management implementations. Real-time visibility and control vendors that offer complete real-time visibility and control for every network-connected IoT device. Source: Gartner
  • 10. 010 The threat of a limited availability of security skills is also changing the manner in which IoT systems are managed and operated, resulting in more automation and more cognitive security controls. To enable effective automation of functions originally performed by people in security operations centers, vendors are embracing technologies, such as machine learning and artificial intelligence. High-profile cyberattacks and attempted compromises in the connected automobile and medical device industries have driven early security spend (digital as well as IoT-specific) in those verticals. The effects of these attacks also highlight the overlapping safety regulation and general safety management impacts of digital security. Source: Gartner
  • 11. 011 The potential scale of many IoT deployments drives market changes in how security monitoring, detection and response must take place. Cloud-based security services will play an indispensable role in providing IoT security due to the scale of services required: IoT will not be viable in the long term without the cloud. The diversity of IoT devices and their life cycles drive hybrid security solutions for legacy and modern IoT deployments, depending on the vertical industry. Authentication for IoT devices will generate a substantial market opportunity. The support for root of trust in devices and the "identity of things" model will drive centralized and federated key and certificate management services, lightweight encryption adoption, and multifactor authentication in security markets. Source: Gartner
  • 12. 012 Smart city projects are spreading across regions at a fast pace. These projects are developed in close integration with IoT, technology and security related elements from utility, automotive and manufacturing industries as part of advanced metering infrastructure, connected cars and smart home initiatives. The compound spend on IoT security relating to government, utility, building and facilities automation, and manufacturing will continue to grow. From a design and economics perspective, the balance of spending between IoT endpoints and IoT gateways will shift toward a gateway-centric deployment model over time. We project that 2019 will be the tipping point at which gateway security spending surpasses endpoint security spending. Source: Gartner
  • 13. 013 Most IoT security products from established traditional IT security vendors or small/midsize new entrants are only in their development or proof-of-concept stage. While vendors are working on improving their product and service offerings, IoT leaders, and security and risk management leaders should work with IoT security consultants to: Assess integration points in their networks for IoT implementations, and determine gaps in capability and infrastructure. Assess risk exposure from IoT-related initiatives, and assess their organization's security posture. Keep a record of all of their IoT assets, from sensors to large industrial equipment, and have visibility into their whole IoT networks and topologies. Analyze regulatory exposure to IoT security requirements. Work on developing in-house IoT security expertise, and familiarize themselves with successful implementations in their verticals (with the help of partnerships or consortia activities). Assign enterprise ownership for IoT technologies that are not already claimed by a business unit. Join neutral consortia activities to gain access to IoT ecosystems. Source: Gartner
  • 14. 014 IoT leaders should use a scenario-driven approach in selecting discovery and provisioning solutions, and should not attempt to acquire a "one size fits all" product or service at this stage. The number and type of IoT devices and support systems will continue to resist clear classification until at least 2018. IoT leaders should not make large-scale investments in discovery, provisioning, access and data protection at this stage until product and service boundaries are more clearly defined. Where possible, consider short-term, service-based leasing and minimal customization. Adopt authentication frameworks that are flexible and meet the interoperability requirements for all classes of devices in operation. Use trusted computing techniques, such as hardware root of trust (HRoT), for device authentication to achieve the highest possible identity assurance. Press the device manufacturers and authentication solution providers to explore new context data points — derived at various operational stages — and utilize them in determining the risks associated with a particular device operation. Assess product and service providers' preparedness for significant shifts in their product and service roadmaps, depending on their target markets.Significant integration may be required, and more specific choices in industry vertical solutions could result. Source: Gartner
  • 16. IoT is a Paradise for Hackers 16 Source: HP Security Research Almost 90 percent of the devices collect personal information such as name, address, date of birth, email, credit card number, etc. Un-encrypted format on to the cloud and big data, thus endangering the privacy of users
  • 17. 26 billion devices on the Internet of Things by 2020 (Gartner) 15 Billion existing devices connected to the internet (Intel) Not adequately protected at the device level • Cannot wait for a new generation of secure devices to be developed Require robust and layered security controls 90% of world's data generated over last two years 17
  • 18. Ecosystems will transform fragmented wearables market 18
  • 19. The Department of Homeland Security • Investigating 2 dozen cases of suspected cyber security flaws in medical devices that could be exploited • Can be detrimental to the patient, creating problems such as instructing an infusion pump to overdose a patient with drugs or forcing a heart implant to deliver a deadly jolt of electricity • Encrypt medical data that’s stored PricewaterhouseCoopers study • $30billion annual cost hit to the U.S. healthcare system due to inadequate medical-device interoperability Security Threats of Connected Medical Devices 19 www.computing.co.uk/ctg/opinion/2390029/security-threats-of-connected- medical-devices#
  • 21. 021 95% of cloud security failures will be the customer's fault Source: Gartner
  • 22. Sensitive Data in the Cloud 22 82%Of organizations currently (or plan to) transfer sensitive/confidential data to the cloud in next 24 mo.
  • 23. 23 Lack of Cloud Confidence 2/3Number of survey respondents that either agree or are unsure that cloud services used by their organization are NOT thoroughly vetted for security
  • 24. 24 Data Breach: Cloud Multiplier Effect 2xA data breach in the cloud can be 2x more costly. 66 percent of respondents say their organization’s use of cloud resources diminishes its ability to protect confidential or sensitive information and 64 percent believe it makes it difficult to secure business-critical applications
  • 25. 25 What Is Your No. 1 Issue Slowing Adoption of Public Cloud Computing?
  • 27. Data Security Holding Back Cloud Projects 27 Source: Cloud Adoption Practices & Priorities Survey Report January 2015
  • 28. Security of Data in Cloud at Board-level 28 Source: Cloud Adoption Practices & Priorities Survey Report January 2015
  • 29. High-profile Cyber Attacks 29 49% recommended Database security 40% of budget still on Network security only 19% to Database security Conclusion: Organizations have traditionally spent money on network security and so it is earmarked in the budget and requires no further justification
  • 30. 30 How can we Secure Data in the new Perimeter-less Environments? CHALLENGE
  • 33. Data–Centric Audit and Protection (DCAP) 033 Source: Gartner – Market Guide for Data – Centric Audit and Protection (DCAP), Nov 21 2014 Organizations that have not developed data-centric security policies to coordinate management processes and security controls across data silos need to act By 2018, data-centric audit and protection strategies will replace disparate siloed data security governance approaches in 25% of large enterprises, up from less than 5% today Confidential
  • 34. 034 Centrally managed security policy Across unstructured and structured silos Classify data, control access and monitoring Protection – encryption, tokenization and masking Segregation of duties – application users and privileged users Auditing and reporting Source: Gartner – Market Guide for Data – Centric Audit and Protection (DCAP), Nov 21 2014 Confidential Data–Centric Audit and Protection (DCAP)
  • 35. Centralized Policy Management - Example 35 Application File Servers RDBMS Big Data Gateway Servers MPP HP NonStop Base24 IBM Mainframe Protector Audit Log Audit Log Audit Log Audit Log Audit Log Audit Log Audit Log Enterprise Security Administrator PolicyPolicyPolicyPolicyPolicyPolicyPolicyPolicyPolicy Cloud Protection Servers Audit Log Security Officer Audit Log Audit Log Audit Log Audit Log
  • 36. Enterprise Data Security Policy What is the sensitive data that needs to be protected. How you want to protect and present sensitive data. There are several methods for protecting sensitive data. Who should have access to sensitive data and who should not. Security access control. When should sensitive data access be granted to those who have access. Day of week, time of day. Where is the sensitive data stored? This will be where the policy is enforced. Audit authorized or un-authorized access to sensitive data. What Who When Where How Audit 36
  • 38. Rather than making the protection platform based, the security is applied directly to the data Protecting the data wherever it goes, in any environment Cloud environments by nature have more access points and cannot be disconnected Data-centric protection reduces the reliance on controlling the high number of access points Data-Centric Protection Increases Security in Cloud Computing 38
  • 39. 039 Through 2020, 95% of cloud security failures will be the customer's fault. By year-end 2018, 50% of organizations with more than 2,500 users will use a cloud access security broker (CASB) product to control SaaS usage, up from less than 5% today. By 2020, 85% of large enterprises will use a CASB product, up from less than 5% today. Source: Gartner Clouds Are Secure: Are You Using Them Securely?
  • 40. 040 Gartner released the report “Simplify Operations and Compliance in the Cloud by Protecting Sensitive Data” in June 2015 that highlighted key challenges as “cloud increases the risks of noncompliance through unapproved access and data breach.” The report recommended CIOs and CISOs to address data residency and compliance issues by “applying encryption or tokenization,” and to also “understand when data appears in clear text, where keys are made available and stored, and who has access to the keys.” Another recent Gartner report concluded that “Cloud Data Protection Gateways” provides a “High Benefit Rating” and “offer a way to secure sensitive enterprise data and files.” Source: Gartner – xxxx Confidential Cloud Security
  • 41. 041 Protect the Entire Flow of Sensitive Data Cloud Gateway
  • 42. Corporate Network Security Gateway Deployment – Hybrid Cloud 042 Client System Enterprise Security Administrator Security Officer Public Cloud Cloud Gateway Private Cloud Out-sourced
  • 43. Corporate Network Security Gateway Deployment – Hybrid Cloud 043 Client System Enterprise Security Administrator Security Officer Private Cloud Public Cloud Cloud Gateway Out-sourced
  • 44. Corporate Network 044 Client System Cloud Gateway Enterprise Security Administrator Security Officer Security Gateway – Searchable Encryption RDBMS Query re-write Order preserving encryption
  • 46. Risk Adjusted Data Leakage 46 Index Index Data Trust Elasticity Out-sourcedIn-house H L Index Leaking Sensitive Data Index NOT Leaking Sensitive Data Sort Order Preserving Encryption Algorithms Leaking Sensitive Data
  • 47. 47 Computational Usefulness Risk Adjusted Storage – Data Leaking Formats Data Leakage Strong-encryption Truncation Sort-order-preserving-encryption Indexing H L I I I I
  • 49. Reduction of Pain with New Protection Techniques 1970 2000 2005 2010 High Low Pain & TCO Strong Encryption Output: AES, 3DES Format Preserving Encryption DTP, FPE Vault-based Tokenization Vaultless Tokenization Input Value: 3872 3789 1620 3675 !@#$%a^.,mhu7///&*B()_+!@ 8278 2789 2990 2789 8278 2789 2990 2789 Format Preserving Greatly reduced Key Management No Vault 8278 2789 2990 2789 49
  • 50. Cloud Gateway - Requirements Adjusted Protection Data Protection Methods Scalability Storage Security Transparency System without data protection Weak Encryption (1:1 mapping) Searchable Gateway Index (IV) Vaultless Tokenization Partial Encryption Data Type Preservation Encryption Strong Encryption (AES CBC, IV) Best Worst 50
  • 51. 10 000 000 - 1 000 000 - 100 000 - 10 000 - 1 000 - 100 - Transactions per second* I Format Preserving Encryption Speed of Fine Grained Protection Methods I Vaultless Data Tokenization I AES CBC Encryption Standard I Vault-based Data Tokenization *: Speed will depend on the configuration 51
  • 53. Fine Grained Data Security Methods Tokenization and Encryption are Different Used Approach Cipher System Code System Cryptographic algorithms Cryptographic keys Code books Index tokens Source: McGraw-HILL ENCYPLOPEDIA OF SCIENCE & TECHNOLOGY TokenizationEncryption 53
  • 54. Significantly Different Tokenization Approaches 54 Property Dynamic Pre-generated Vault-based Vaultless
  • 55. Examples of Protected Data Field Real Data Tokenized / Pseudonymized Name Joe Smith csu wusoj Address 100 Main Street, Pleasantville, CA 476 srta coetse, cysieondusbak, CA Date of Birth 12/25/1966 01/02/1966 Telephone 760-278-3389 760-389-2289 E-Mail Address joe.smith@surferdude.org eoe.nwuer@beusorpdqo.org SSN 076-39-2778 076-28-3390 CC Number 3678 2289 3907 3378 3846 2290 3371 3378 Business URL www.surferdude.com www.sheyinctao.com Fingerprint Encrypted Photo Encrypted X-Ray Encrypted Healthcare / Financial Services Dr. visits, prescriptions, hospital stays and discharges, clinical, billing, etc. Financial Services Consumer Products and activities Protection methods can be equally applied to the actual data, but not needed with de-identification 55
  • 56. 56 Cost of Application Changes All-16-hidden Only-middle-6-hidden All-16-clear High - Low - I I I Partial Protection of Data Fields Risk Exposure Cost Example: 16 digit credit card number
  • 57. 57 Access to Sensitive Data in Clear Low Access to Data High Access to Data High - Low - I I Risk Exposure User Productivity and Creativity Traditional Access Control
  • 58. 58 Access to Tokenized Data Low Access to Data High Access to Data High - Low - I I Risk Exposure User Productivity and Creativity Fine Grained Protection of Data Fields
  • 60. 060 CISOs should not treat big data security in isolation, but require policies that encompass all data New data-centric audit and protection solutions and management approaches are required Big data initiatives require data to move between structured and unstructured data silos, exposing incoherent data security policies that CISOs must address to avoid security chaos Source: Gartner – Big Data Needs a Data-Centric Security Focus, 2014 Confidential Big Data Needs a Data-Centric Security Focus
  • 61. Oracle’s Big Data Platform 061
  • 63. Many Ways to Hack Big Data Source: http://nosql.mypopescu.com/post/1473423255/apache-hadoop-and-hbase 63 HDFS (Hadoop Distributed File System) MapReduce (Job Scheduling/Execution System) Hbase (Column DB) Pig (Data Flow) Hive (SQL) Sqoop ETL Tools BI Reporting RDBMS Avro(Serialization) Zookeeper(Coordination) Hackers Privileged Users Unvetted Applications Or Ad Hoc Processes
  • 64. 64 Securing Big Data 3. Volume encryption in Hadoop 4. Hbase, Pig, Hive, Flume and Scope using protection API 5. MapReduce using protection API 6. File and folder encryption in HDFS 8. Export de-identified data 1. Data protection at database, application or file 2. Data protection in a staging area 7. Import de-identified data 9. Export identifiable data 10. Export audit s for reporting
  • 65. 65 Critical Data Asset Discovery and Protection
  • 66. Thank you! Questions? Ulf Mattsson, CTO Compliance Engineering umattsson@complianceengineers.com
  • 67. 67 Tokenization Reducing Attack Surface 123456 123456 1234 Tokenization on Each Node
  • 68. The global shortage of technical skills in information security is by now well documented, but an equally concerning shortage of soft skills "I need people who understand that they are here to help the business make money and enable the business to succeed -- that's the bottom line. But it's very hard to find information security professionals who have that mindset," a CISO at a leading technology company told us Security & Business Skills 68 Source: www.informationweek.com/strategic-cio/enterprise-agility/the-security-skills-shortage-no- one-talks-about/a/d-id/1315690
  • 69. Balancing Data Security & Utility 69 Index Data Leaking Sensitive Data ? Value Preserving Encoding Leaking Sensitive Data ? Classification of Sensitive Data Granular Protection of Sensitive Data
  • 70. Exponential growth of data generation • New business models fueled by Big Data, cloud computing and the Internet of Things • Creating cybercriminal's paradise Challenge in this interconnected world • Merging data security with data value and productivity. Urgently need a data-centric strategy • Protect the sensitive data flowing through digital business systems Solutions to bring together data insight & security • Safely unlock the power of digital business Summary 70