The document outlines key requirements for data security in Predix, emphasizing the importance of business context in policy definitions, automated enforcement across platforms, and maintaining user experience. It also discusses the rise of enforcement actions and regulatory trends that impact industrial businesses, highlighting the need for centralized policy decisions and visibility over data activities. Bluetalon's approach focuses on data-centric security and consistent policy application to improve efficiency and compliance.

1. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. 1

2. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Outline
2
• Introduction and Context
– Key requirements for data security in Predix
– Managing data rights across platforms
• Principles applied (BlueTalon + Predix Team)
1. Bring business context to policies
2. Distribute enforcement, centralize policy decisions
3. Get visibility over data activities and actions requested
• How BlueTalon Works

3. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Predix: PaaS for the Industrial Internet
3

4. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. 4
Authorization
Encryption
Authentication
Auditing
Masking
Security within PaaS for the Industrial Internet
Data
Network
Application
Endpoint
IaaS

5. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
BlueTalon: Data-Centric Security on Predix PaaS
5
Cloud
management
Edge
enforcement

6. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
6
• Security applied one system at a time
– Inconsistency, duplication, chaos
• Security applied with a central policy
– Consistency, efficiency, simplicity
BlueTalon: Data-Centric Security Across Data Platforms

7. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Security and Regulatory Trends that Affect Industrial Businesses
EAR violations criminal fines increased in excess of 5,000% YTY in 2014 and almost
1,000% in administrative penalties (Source: US DOC BIS)
Enforcement is on the Rise
ITAR violation risks
• Significant Accrual of Fines
• Denial of Export Privileges
• Mandatory Increase in Staffing
• Regular External Audits
• Loss of, or Completely Damaged, Public Reputation
Due to Facebook European Privacy Violations and NSA practices on Oct 6, 2015
European Court of Justice declares Safe Harbor invalid
Facebook is facing daily fines of €250,000 in Belgium after a data protection
court ruling for illegally tracking data from non members
Results of the 2013 Data Breach
• CEO steps down
• 46% drop in profits due to reputational damage
with $1.47 negative affect on EPS
• $100M Cost to upgrade affected systems
• 2014 SEC filing – Total expenses $252M
• On going settlement costs
Fines are Higher
Data Breaches Affect the Bottom Line
5

8. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Data Security Requirements in Predix
1. Data owners and regulatory entities define policies of use
- Definition of policies must be owned by business stakeholders
2. Automated enforcement of policies across data platforms
- Policies managed by business owners must be enforceable independent of data platform
- Enforcement of these policies must be demonstrable to auditors
- Enforcement must distributed and consistent
3. Preserving end user experience is paramount
- End users of the data must be able to use any tool they want
- Policy management processes/applications must be focused on business users
8

9. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Outline
9
• Introduction and Context
– Key requirements for data security in Predix
– Managing data rights across platforms
• Principles applied (BlueTalon + Predix Team)
1. Bring business context to policies
2. Distribute enforcement, centralize policy decisions
3. Get visibility over data activities and actions requested
• How BlueTalon Works

10. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
[1] Policies are Defined by Business within a Context
 “Patient information and exams are sensitive data”
 “Our contracts prohibit the use of machine diagnostics data
to redesign products”
 “Service managers should be able to see only their fleet data”
10

11. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
[1] Policies Applied at the Data Layer Enables Business
 Blocking
 Enabling
11
 “Patient information and exams are sensitive data”
 “Our contracts prohibit the use of customer data outside west coast”

12. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
[1] Controlling Access for Different Users & Needs
Row filtering
Field level
Cell level
Sub-cell level masking
12
Joyce looks up
her data
Her manager looks
up Joyce’s data

13. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
[1] Example of Controls Directly Applied On Data
• Access to client account is conditional, based on zipcode
• Data is partially masked
Results
Rules on Data
13

14. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
[1] Attributes Bring Context to Policies
type
location
title / role
group
function
clearance level
LOB
user session
location
timestamp
application
connection type
data
sensitivity
clearance required
action requested
# of rows returned
data source
• Context helps assess whether the data request is legitimate
14

15. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Outline
15
• Introduction and Context
– Key requirements for data security in Predix
– Managing data rights across platforms
• Principles applied (BlueTalon + Predix Team)
1. Bring business context to policies
2. Distribute enforcement, centralize policy decisions
3. Get visibility over data activities and actions requested
• How BlueTalon Works

16. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
[2] Why Centralizing Policy Decisions, Distributing Enforcement?
• IoT Platforms and Predix are hybrid environments that make
use of multiple modern data management platforms:
– RDBMS
– Hadoop
– Spark
– Cassandra
– Cloud repositories
16
Cloud On-prem

17. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
[2] Centralize Decisions to Manage Polices from One Place
17
 Authorization — what a user or a role can do with the data
 Decision — against all rules, can a user see a data element
 Enforcement — apply the decision at the time of user’s request

18. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Example from Spark on Edge with BlueTalon on Predix
18

19. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Outline
19
• Introduction and Context
– Key requirements for data security in Predix
– Managing data rights across platforms
• Principles applied (BlueTalon + Predix Team)
1. Bring business context to policies
2. Distribute enforcement, centralize policy decisions
3. Get visibility over data activities and actions requested
• How BlueTalon Works

20. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. 20
[3] Visibility Leverage the Same Enforcement Points

21. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Visibility into Data Activity
• Complete audit trail of data usage with contextual information
• Key to detection of unusual data access patterns
• Tracks policy changes to ensure compliance
What policy
was triggered
Original and
modified queriesWhat they
tried to do
21

22. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Feedback Loop with Visibility and Control
22
DATADataVisibility Control

23. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. 23
Examples of Data Security Visibility Reports

24. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Outline
24
• Introduction and Context
– Key requirements for data security in Predix
– Managing data rights across platforms
• Principles applied (BlueTalon + Predix Team)
1. Bring business context to policies
2. Distribute enforcement, centralize policy decisions
3. Get visibility over data activities and actions requested
• How BlueTalon Works

25. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
How BlueTalon Delivers Data-Centric Security
Security
Admins
Hadoop RDBMS
Business Users, Data
Scientists, Developers
BlueTalon Enforcement Points
Any Application
Data Repositories
BlueTalon
Policy Engine
BlueTalon
Audit Engine
CloudSpark NoSQL
25

26. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. 26
High Performance with BlueTalon
Single digit (<3%) overhead. Unnoticeable by end users!
6.9
125.55
7.03
124.98
Teragen
Terasort
Files (1TB, mins)
Without BlueTalon With BlueTalon
Queries
Tested in EMC lab Tested on GE Predix platform

27. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
How BlueTalon Works
Data Repositories
Applications
Business Users, Data Scientists, Developers
BlueTalon Enforcement Points
BlueTalon
Policy
Engine
Active
Directory
USER
REQUEST
2
3 USER
REQUEST
4
MODIFIED,
COMPLIANT
REQUEST
COMPLIANT
RESULTS5
6
BlueTalon
Auditing Security
Admins
1
BlueTalon
Policy
Console
Security
Admins
27

28. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Outline
28
• Introduction and Context
– Key requirements for data security in Predix
– Managing data rights across platforms
• Principles applied (BlueTalon + Predix Team)
1. Bring business context to policies
2. Distribute enforcement, centralize policy decisions
3. Get visibility over data activities and actions requested
• How BlueTalon Works

29. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
“Organizations expecting to implement big
data projects should consider BlueTalon
wherever sensitive data is or may be exposed.”
Merv Adrian, Gartner Group, “Cool Vendors in DBMS”, 2016
29

30. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Contact use today!
30
• What’s your use case?
– Contact us today at 1-888-534-7154 or info@bluetalon.com
• Download BlueTalon today!
• http://pages.bluetalon-security.com/SecureAccess-for-WebHDFS

31. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. 31