SG
Uploaded bySara Goodison
PPTX, PDF156 views

The New Framework for Modern Data Privacy and Security

The document introduces a new framework for managing data privacy and security, emphasizing discovery, classification, segmentation, and enforcement. It discusses the challenges of data security at scale in the context of rapid digital growth and increasing data volumes, and how organizations can implement this framework effectively. Additionally, it provides an example of an online retail app to illustrate compliance and business analysis needs, along with how Cyral can assist in managing these data security challenges.

Embed presentation

Download to read offline
1 The New Framework for Modern Data Privacy and Security
2 Agenda Dealing with data security at scale A new framework: Discover, Classify, Segment, Enforce How Cyral can help Q&A Online Retail App Example
Introductions 3
4 Introductions Nishant Bhajaria Head of Technical Privacy, Engineering & Architecture Uber Srini Vadlamani Chief Technology Officer, Co-Founder Cyral
The Data Cloud Security Challenge 5
6 Digital Growth Initiatives are Driving Adoption of the Data Cloud Continuous Development • Quickly deliver new experiences • Exponential increase in data Data Democratization • Become a data driven business • IT not the single gateway to data Infrastructure as Code • Platform interoperability • Heterogenous data services
7 Data is growing at an unprecedented rate
8 Personalization leads to massive incremental increase in data Transactions Web Behavior Mobile Activity Email Behavior Social Behavior Preferences Demographics 1% User Growth DataVolume 2-3X Data Growth
9 Data is now everywhere
10 Data is now everywhere I don’t know where my data is Am I collecting the same data many times over? Am I collecting the wrong data? 3rd party data sharing How do legal and product teams work together? How/when to leverage AI/ML and automation?
What is one to do? 11
12 Managing data security and privacy at scale DISCOVER CLASSIFY SEGMENT ENFORCE
13 Step 1: Discover 1 Tribal knowledge-based AI/ML based2 • Lack of a priori models • Training datasets hard to find • Tribal knowledge to get started LESSONS LEARNED • Co-opt both data platform and data science teams
Backend Team Frontend Team 14 Step 2: Classify Classify Minimize Collect Analyze LESSONS LEARNED • Use differential controls for sensitive data (e.g. location data) • Calibrate data collection • Is it the right amount? • Is it the right quality? • Get backend / frontend teams to collaborate
15 Step 3: Segment Policy as Code Engine LESSONS LEARNED • Decouple application code from policy engine • Policy as Code simplifies collaboration, versioning • Compliance / privacy teams own policies • Dictate data collection, storage, retention, access
16 Step 4: Enforce LESSONS LEARNED • Find a happy medium between complete lockdown and the wild west • Build classification/tagging first before enforcing using AI • Rotate / revoke / recertify encryption keys periodically • Time box sensitive data access • Anonymize / aggregate for analytics teams
Applying the Framework 17
18 Online Retail App Example Compliance Needs • Retention capped to order lifetime • Access limited to order fulfillment Business Analysis Needs • Buying patterns • Seasonality • App vs Website traffic
19 Online Retail App Example
How Cyral can help 20
21 Managing data security and privacy at scale DISCOVER CLASSIFY SEGMENT ENFORCE
22 Technology: Stateless Interception for Data Endpoint Requests Sidecars Deployed locally • Stateless interception of data requests • All data and logs remain private • Deployed by DevOps, no change to apps STRUCTURED AND SEMI-STRUCTURED DATA STORES TOOLS, USERS, APPS, SERVICES SaaS Control Plane Observe Protect Control
23 Security as Code Model 1 Deployment as Code Use existing workflows • DevOps deployment • Infra-as-Code model 3 Policies as Code Use existing source code tools • CI/CD integration • ChatOps model 2 Automated observability Use existing dashboards • API-first architecture • No learning curve
• The four-pillar framework to build trust and reduce risk • Discover: Identify where all your sensitive data is • Classify: Calibrate, analyze and minimize data being collected • Segment: Identify rules of access by co-opting compliance, product and business teams • Enforce: Control access using time-boxing, data anonymization and key rotation • Remember to • Exhaust tribal knowledge before starting with AI/ML and automation • Decouple writing and enforcing of security policies • Find a happy medium between complete lockdown and the wild west 24 Summary & Key Takeaways
Q&A 25
26 Q&A Nishant Bhajaria Head of Technical Privacy, Engineering & Architecture Uber Srini Vadlamani Chief Technology Officer, Co-Founder Cyral

More Related Content

PPTX
Data gravity unlock the value of your data with data aware storage
byVLCM2015
 
PPTX
Accellion SC Congress Chicago Presentation 2014
byProofpoint
 
PPTX
2016 Network Security Outlook
byWestern NRG
 
PPTX
SoftAge ScanE
bySoftAge Information Technology Limited
 
PDF
Internet of Things With Privacy in Mind
byGosia Fraser
 
PDF
Solving Industrial Data Integration with Machine Intelligence
byBit Stew Systems
 
PDF
Trustable Tech Mark / Magic Monday at Casa Jasmina Torino
byPeter Bihr
 
PDF
festival ICT 2013: L’evoluzione della sicurezza verso la nuova era della Smar...
byfestival ICT 2016
 
Data gravity unlock the value of your data with data aware storage
byVLCM2015
 
Accellion SC Congress Chicago Presentation 2014
byProofpoint
 
2016 Network Security Outlook
byWestern NRG
 
SoftAge ScanE
bySoftAge Information Technology Limited
 
Internet of Things With Privacy in Mind
byGosia Fraser
 
Solving Industrial Data Integration with Machine Intelligence
byBit Stew Systems
 
Trustable Tech Mark / Magic Monday at Casa Jasmina Torino
byPeter Bihr
 
festival ICT 2013: L’evoluzione della sicurezza verso la nuova era della Smar...
byfestival ICT 2016
 

What's hot

PPTX
Driving IT Transformation with Agile Analytics
byBit Stew Systems
 
PDF
Inventory of IoT slide sets
byBob Marcus
 
PDF
Ijcis -->cfp
byJonesSmith7
 
PDF
Preventing Data Cloud Breaches with Zero Trust
bySara Goodison
 
PPTX
SharePoint Securely Moblized - webinar with Colligo and Bitzer Mobile
byBitzer Mobile, now part of Oracle
 
PDF
call for papers - International Journal on Cryptography and Information Secur...
byJonesSmith7
 
PPTX
xsecutive infosec 2015 final Eng
byRob Christ
 
PPTX
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
byOnRamp
 
PPT
SouthData | Billing, Scanning, Networking | Print and Electronic Documents
byMichael May
 
PDF
Immuta Overview - February 2016
byJohn Sarazen
 
PPTX
Digital Life of Things
byStan Nazarenko
 
PDF
Azure for Education Ktadeka UCL Cloud Event 2013
byLee Stott
 
PPTX
e-SIDES workshop at EBDVF 2018, Vienna 14/11/2018
bye-SIDES.eu
 
PDF
5 questions to ask before bringing AI to your business
byJOS Group
 
PDF
What is Cloud and what are the best practices?
byIndSightsResearchSG
 
PDF
Content Collaboration - Prevent data loss in a global digital future
byAxway
 
PPTX
International Journal on Cryptography and Information Security ( IJCIS)
byijcisjournal
 
PPTX
Managing Data Breach Communication on The Social Web
byBoyd Neil
 
PDF
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...
bySecureAuth
 
PPTX
dataEstate® - Reimagining data governance for the Legal industry
byMorane Decriem
 
Driving IT Transformation with Agile Analytics
byBit Stew Systems
 
Inventory of IoT slide sets
byBob Marcus
 
Ijcis -->cfp
byJonesSmith7
 
Preventing Data Cloud Breaches with Zero Trust
bySara Goodison
 
SharePoint Securely Moblized - webinar with Colligo and Bitzer Mobile
byBitzer Mobile, now part of Oracle
 
call for papers - International Journal on Cryptography and Information Secur...
byJonesSmith7
 
xsecutive infosec 2015 final Eng
byRob Christ
 
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
byOnRamp
 
SouthData | Billing, Scanning, Networking | Print and Electronic Documents
byMichael May
 
Immuta Overview - February 2016
byJohn Sarazen
 
Digital Life of Things
byStan Nazarenko
 
Azure for Education Ktadeka UCL Cloud Event 2013
byLee Stott
 
e-SIDES workshop at EBDVF 2018, Vienna 14/11/2018
bye-SIDES.eu
 
5 questions to ask before bringing AI to your business
byJOS Group
 
What is Cloud and what are the best practices?
byIndSightsResearchSG
 
Content Collaboration - Prevent data loss in a global digital future
byAxway
 
International Journal on Cryptography and Information Security ( IJCIS)
byijcisjournal
 
Managing Data Breach Communication on The Social Web
byBoyd Neil
 
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...
bySecureAuth
 
dataEstate® - Reimagining data governance for the Legal industry
byMorane Decriem
 

Similar to The New Framework for Modern Data Privacy and Security

PDF
Modern Methods for Managing Data Security
byEnterprise Knowledge
 
PPTX
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
bySirius
 
PDF
Privacera and Northwestern Mutual - Scaling Privacy in a Spark Ecosystem
byPrivacera
 
PDF
White Paper: The Age of Data
byKim Cook
 
PPTX
Safeguarding customer and financial data in analytics and machine learning
byUlf Mattsson
 
PDF
Microsoft 365 Compliance
byDavid J Rosenthal
 
PDF
Scaling Privacy in a Spark Ecosystem
byDatabricks
 
PPTX
Emerging Data Privacy and Security for Cloud
byUlf Mattsson
 
PDF
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
bySymantec
 
PPTX
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
byCloudera, Inc.
 
PDF
eBook: 5 Steps to Secure Cloud Data Governance
byKim Cook
 
PDF
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
bydsapps
 
PPTX
ISACA Houston - Practical data privacy and de-identification techniques
byUlf Mattsson
 
PDF
How to Build a Privacy Program
bysecratic
 
PPTX
Bridging the Gap Between Privacy and Retention
byInfoGoTo
 
PPTX
User management - the next-gen of authentication meetup 27012022
bylior mazor
 
PDF
AI and Data Privacy in 2025: Global Trends
byInData Labs
 
PPTX
Secure Your High Risk Data
byNaveed Ahmed
 
PDF
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
bySymantec
 
PDF
Isaca new delhi india - privacy and big data
byUlf Mattsson
 
Modern Methods for Managing Data Security
byEnterprise Knowledge
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
bySirius
 
Privacera and Northwestern Mutual - Scaling Privacy in a Spark Ecosystem
byPrivacera
 
White Paper: The Age of Data
byKim Cook
 
Safeguarding customer and financial data in analytics and machine learning
byUlf Mattsson
 
Microsoft 365 Compliance
byDavid J Rosenthal
 
Scaling Privacy in a Spark Ecosystem
byDatabricks
 
Emerging Data Privacy and Security for Cloud
byUlf Mattsson
 
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
bySymantec
 
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
byCloudera, Inc.
 
eBook: 5 Steps to Secure Cloud Data Governance
byKim Cook
 
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
bydsapps
 
ISACA Houston - Practical data privacy and de-identification techniques
byUlf Mattsson
 
How to Build a Privacy Program
bysecratic
 
Bridging the Gap Between Privacy and Retention
byInfoGoTo
 
User management - the next-gen of authentication meetup 27012022
bylior mazor
 
AI and Data Privacy in 2025: Global Trends
byInData Labs
 
Secure Your High Risk Data
byNaveed Ahmed
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
bySymantec
 
Isaca new delhi india - privacy and big data
byUlf Mattsson
 

Recently uploaded

PPTX
ISO 13485.2016 Awareness's Training material
byPrakashSivan
 
PDF
Module 4 python programming-1BPLCK105B-2025 by Dr.SV.pdf
bySURESHA V
 
PPTX
Unit 1_Importance of modelling(Object oriented concepts).pptx
byVidyaranichougule
 
PPTX
The Most Controversial TPM Debate in Maintenance Today Checklist TPM vs Outco...
byMaintWiz Technologies Private Limited
 
PDF
Shear Strength of Soil/Mohr Coulomb Failure Criteria-1.pdf
byMahmoodKhalid11
 
PDF
BOQ LESSON 1-INTRODUCTION TO BOQs AND PROJECT.pdf
byGabrielTambwe1
 
PDF
Chris Elwell Woburn - An Experienced IT Executive
byChris Elwell Woburn
 
PPTX
Designing Work for Humans, Not Machines: Human-Centered Maintenance Excellence
byMaintWiz Technologies Private Limited
 
PDF
Rajesh Prasad- Brief Profile with educational, professional highlights
byRajesh Prasad
 
PPTX
This Bearing Didn’t Fail Suddenly — How Vibration Data Predicts Failure Month...
byMaintWiz Technologies Private Limited
 
PDF
comprehensive analysis of cross-chain bridges in the DeFi - Garima Singh
byGarima Singh
 
PDF
Chad Ayach - An Accomplished Mechanical Engineer
byChad Ayach
 
PPTX
Energy_Conservation_in_Cement_Factories.pptx
bysibirajmurugan8
 
PDF
0.39 Inch Micro-OLED Display 1024×768 XGA Panel Silicon OLED
bySyluxdisplay
 
DOCX
yearly Management report for Engineering and maintenance
bylamoushalhaj
 
PDF
Python programming basics Unit-1 for R25 regulation
byssuser492e7f
 
PPTX
Week 2.1.pptxdynamics particle kinetics introduction 2
byfmsalih06
 
PDF
Computer Graphics Fundamentals (v0p1) - DannyJiang
byDanny Jiang
 
PDF
BOQ LESSON 2-QUANTITY TAKE-OFF & RATE BUILD-UP.pdf
byGabrielTambwe1
 
PPTX
How Does LNG Regasification Work | INOXCVA
byINOXCVA
 
ISO 13485.2016 Awareness's Training material
byPrakashSivan
 
Module 4 python programming-1BPLCK105B-2025 by Dr.SV.pdf
bySURESHA V
 
Unit 1_Importance of modelling(Object oriented concepts).pptx
byVidyaranichougule
 
The Most Controversial TPM Debate in Maintenance Today Checklist TPM vs Outco...
byMaintWiz Technologies Private Limited
 
Shear Strength of Soil/Mohr Coulomb Failure Criteria-1.pdf
byMahmoodKhalid11
 
BOQ LESSON 1-INTRODUCTION TO BOQs AND PROJECT.pdf
byGabrielTambwe1
 
Chris Elwell Woburn - An Experienced IT Executive
byChris Elwell Woburn
 
Designing Work for Humans, Not Machines: Human-Centered Maintenance Excellence
byMaintWiz Technologies Private Limited
 
Rajesh Prasad- Brief Profile with educational, professional highlights
byRajesh Prasad
 
This Bearing Didn’t Fail Suddenly — How Vibration Data Predicts Failure Month...
byMaintWiz Technologies Private Limited
 
comprehensive analysis of cross-chain bridges in the DeFi - Garima Singh
byGarima Singh
 
Chad Ayach - An Accomplished Mechanical Engineer
byChad Ayach
 
Energy_Conservation_in_Cement_Factories.pptx
bysibirajmurugan8
 
0.39 Inch Micro-OLED Display 1024×768 XGA Panel Silicon OLED
bySyluxdisplay
 
yearly Management report for Engineering and maintenance
bylamoushalhaj
 
Python programming basics Unit-1 for R25 regulation
byssuser492e7f
 
Week 2.1.pptxdynamics particle kinetics introduction 2
byfmsalih06
 
Computer Graphics Fundamentals (v0p1) - DannyJiang
byDanny Jiang
 
BOQ LESSON 2-QUANTITY TAKE-OFF & RATE BUILD-UP.pdf
byGabrielTambwe1
 
How Does LNG Regasification Work | INOXCVA
byINOXCVA
 

The New Framework for Modern Data Privacy and Security

  • 1.
    1 The New Frameworkfor Modern Data Privacy and Security
  • 2.
    2 Agenda Dealing with datasecurity at scale A new framework: Discover, Classify, Segment, Enforce How Cyral can help Q&A Online Retail App Example
  • 3.
  • 4.
    4 Introductions Nishant Bhajaria Head ofTechnical Privacy, Engineering & Architecture Uber Srini Vadlamani Chief Technology Officer, Co-Founder Cyral
  • 5.
    The Data CloudSecurity Challenge 5
  • 6.
    6 Digital Growth Initiativesare Driving Adoption of the Data Cloud Continuous Development • Quickly deliver new experiences • Exponential increase in data Data Democratization • Become a data driven business • IT not the single gateway to data Infrastructure as Code • Platform interoperability • Heterogenous data services
  • 7.
    7 Data is growingat an unprecedented rate
  • 8.
    8 Personalization leads tomassive incremental increase in data Transactions Web Behavior Mobile Activity Email Behavior Social Behavior Preferences Demographics 1% User Growth DataVolume 2-3X Data Growth
  • 9.
    9 Data is noweverywhere
  • 10.
    10 Data is noweverywhere I don’t know where my data is Am I collecting the same data many times over? Am I collecting the wrong data? 3rd party data sharing How do legal and product teams work together? How/when to leverage AI/ML and automation?
  • 11.
    What is oneto do? 11
  • 12.
    12 Managing data securityand privacy at scale DISCOVER CLASSIFY SEGMENT ENFORCE
  • 13.
    13 Step 1: Discover 1Tribal knowledge-based AI/ML based2 • Lack of a priori models • Training datasets hard to find • Tribal knowledge to get started LESSONS LEARNED • Co-opt both data platform and data science teams
  • 14.
    Backend Team Frontend Team 14 Step 2: Classify ClassifyMinimize Collect Analyze LESSONS LEARNED • Use differential controls for sensitive data (e.g. location data) • Calibrate data collection • Is it the right amount? • Is it the right quality? • Get backend / frontend teams to collaborate
  • 15.
    15 Step 3: Segment Policyas Code Engine LESSONS LEARNED • Decouple application code from policy engine • Policy as Code simplifies collaboration, versioning • Compliance / privacy teams own policies • Dictate data collection, storage, retention, access
  • 16.
    16 Step 4: Enforce LESSONSLEARNED • Find a happy medium between complete lockdown and the wild west • Build classification/tagging first before enforcing using AI • Rotate / revoke / recertify encryption keys periodically • Time box sensitive data access • Anonymize / aggregate for analytics teams
  • 17.
  • 18.
    18 Online Retail AppExample Compliance Needs • Retention capped to order lifetime • Access limited to order fulfillment Business Analysis Needs • Buying patterns • Seasonality • App vs Website traffic
  • 19.
  • 20.
  • 21.
    21 Managing data securityand privacy at scale DISCOVER CLASSIFY SEGMENT ENFORCE
  • 22.
    22 Technology: Stateless Interceptionfor Data Endpoint Requests Sidecars Deployed locally • Stateless interception of data requests • All data and logs remain private • Deployed by DevOps, no change to apps STRUCTURED AND SEMI-STRUCTURED DATA STORES TOOLS, USERS, APPS, SERVICES SaaS Control Plane Observe Protect Control
  • 23.
    23 Security as CodeModel 1 Deployment as Code Use existing workflows • DevOps deployment • Infra-as-Code model 3 Policies as Code Use existing source code tools • CI/CD integration • ChatOps model 2 Automated observability Use existing dashboards • API-first architecture • No learning curve
  • 24.
    • The four-pillarframework to build trust and reduce risk • Discover: Identify where all your sensitive data is • Classify: Calibrate, analyze and minimize data being collected • Segment: Identify rules of access by co-opting compliance, product and business teams • Enforce: Control access using time-boxing, data anonymization and key rotation • Remember to • Exhaust tribal knowledge before starting with AI/ML and automation • Decouple writing and enforcing of security policies • Find a happy medium between complete lockdown and the wild west 24 Summary & Key Takeaways
  • 25.
  • 26.
    26 Q&A Nishant Bhajaria Head ofTechnical Privacy, Engineering & Architecture Uber Srini Vadlamani Chief Technology Officer, Co-Founder Cyral