SlideShare a Scribd company logo

Ulf mattsson webinar jun 7 2012 slideshare version

Download as PPTX, PDF
Ulf Mattsson
Ulf Mattsson

Webinar about "Choosing the Right Data Security Solution"

TechnologyBusiness
1 of 52
Choosing the Right Data Security Solution Ulf Mattsson, CTO Protegrity June 7th, 2012
Ulf Mattsson, CTO Protegrity 20 years with IBM Research & Development and Global Services Started Protegrity in 1994 (Data Security) Inventor of 25 patents – Encryption and Tokenization Member of • PCI Security Standards Council (PCI SSC) • American National Standards Institute (ANSI) X9 • International Federation for Information Processing (IFIP) WG 11.3 Data and Application Security • ISACA , ISSA and Cloud Security Alliance (CSA) 2
Agenda Data Breaches Data Protection Trends Encryption versus Tokenization Vault-based Tokenization versus Vaultless Tokenization Case studies Summary 03
WE KNOW THAT DATA IS UNDER ATTACK 4
Albert Gonzalez: 20 Years In US Federal Prison US Federal indictments: 1. Dave & Busters 2. TJ Maxx 3. Heartland HPS • $140M in breach expenses Source: http://en.wikipedia.org/wiki/Albert_Gonzalez Source: http://www.youtube.com/user/ProtegrityUSA 5
What about Breaches & PCI? Was Data Protected? 9: Restrict physical access to cardholder data 5: Use and regularly update anti-virus software 4: Encrypt transmission of cardholder data 2: Do not use vendor-supplied defaults for security parameters 12: Maintain a policy that addresses information security 1: Install and maintain a firewall configuration to protect data 8: Assign a unique ID to each person with computer access 6: Develop and maintain secure systems and applications 10: Track and monitor all access to network resources and data 11: Regularly test security systems and processes 7: Restrict access to data by business need-to-know 3: Protect Stored Data % 0 10 20 30 40 50 60 70 80 90 100 Based on post-breach reviews. Relevant Organizations in Compliance with PCI DSS. Verizon Study 6
WHAT TYPES OF DATA ARE UNDER ATTACK NOW? 7
What Data is Compromised? Personal information (Name, SS#, Addr, etc.) Payment card numbers/data Unknown (specific type is not known) Medical records Medical Classified information Trade secrets Copyrighted/Trademarked material System information (config, svcs, sw, etc.) Bank account numbers/data Authentication credentials… 0 20 40 60 80 100 %120 By percent of records. Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/ 8
Today “Hacktivism” is Dominating Activist group Organized criminal group Relative or acquaintance of employee Former employee (no longer had access) Unaffiliated person(s) Unknown 0 10 20 30 40 50 60 70 % By percent of records Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/ 9
Growing Threat of “hacktivism” Attacks by Anonymous include • 2012: CIA and Interpol • 2011: Sony, Stratfor and HBGary Federal Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/, http://en.wikipedia.org/wiki/Timeline_of_events_involving_Anonymous 10
Some Major Data Breaches April 2011 May 2011 Jun 2011 Jul 2011 Aug 2011 Time Impact $ Attack Type Source: IBM 2012 Security Breaches Trend and Risk Report 11
The Sony Breach & The Cloud Lost 100 million passwords and personal details stored in clear Spent $171 million related to the data breach Sony's stock price has fallen 40 percent For three pennies an hour, hackers can rent Amazon.com to wage cyber attacks such as the one that crippled Sony Attack via SQL Injection 12
SQL Injection Attacks are Increasing 25,000 20,000 15,000 10,000 5,000 Q1 2011 Q2 2011 Q3 2011 Source: IBM 2012 Security Breaches Trend and Risk Report 13
WHAT IS SQL INJECTION? 14
What is SQL Injection? SQL Command Injected Application Data Store 15
New Industry Groups are Targets Accommodation and Food Services Retail Trade Finance and Insurance Health Care and Social Assistance Other Information 0 10 20 30 40 50 60 % By percent of breaches Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/ 16
The Changing Threat Landscape Some issues have stayed constant: • Threat landscape continues to gain sophistication • Attackers will always be a step ahead of the defenders We are fighting highly organized, well-funded crime syndicates and nations Move from detective to preventative controls needed Source: http://www.csoonline.com/article/602313/the-changing-threat-landscape?page=2 17
How are Breaches Discovered? Notified by law enforcement Third-party fraud detection (e.g., CPP) Reported by customer/partner affected Brag or blackmail by perpetrator Unknown Witnessed and/or reported by employee Other(s) Internal fraud detection mechanism Financial audit and reconciliation process Log analysis and/or review process Unusual system behavior or performance 0 10 20 30 40 50 60 70 % By percent of breaches . Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/ 18
WHERE IS DATA LOST? 19
What Assets are Compromised? Database server Web/application server Desktop/Workstation Mail server Call Center Staff People Remote Access server Laptop/Netbook File server Pay at the Pump terminal User devices Cashier/Teller/Waiter People Payment card (credit, debit, etc.) Offline… Regular employee/end-user People Automated Teller Machine (ATM) POS terminal User devices POS server (store controller) 0 20 40 60 80 100 % 120 By percent of records Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/ 20
Hacking and Malware are Leading Threat Action Categories Hacking Malware Social Physical Misuse Error Environmental 0 50 100 % 150 By percent of records Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/ 21
Thieves Are Attacking the Data Flow Application Application 22
THIS IS A CATCH 22! 23
How can we Secure The Data Flow? Retail Bank Store Payment 9999 9999 Corporate Network Systems 24
WHAT HAS THE INDUSTRY DONE TO SECURE DATA? 25
What Has The Industry Done? Input Value: 3872 3789 1620 3675 TCO Strong Encryption !@#$%a^.,mhu7///&*B()_+!@ High AES, 3DES Format Preserving Encryption 8278 2789 2990 2789 DTP, FPE Format Preserving Vault-based Tokenization 8278 2789 2990 2789 Greatly reduced Key Management Vaultless Tokenization 8278 2789 2990 2789 Low No Vault 1970 2000 2005 2010 26
Use of Enabling Technologies Access controls 1% 91% Database activity monitoring 18% 47% Database encryption 30% 35% Backup / Archive encryption 21% 39% Data masking 28% 28% Application-level encryption 7% 29% Tokenization 22% 23% Evaluating 27
WHAT IS THE DIFFERENCE BETWEEN VAULT-BASED AND VAULTLESS TOKENIZATION? 28
We Started with Vault-Based Tokenization … 29
Issues with Vault-based Tokenization 30
Miniaturization of the Tokenization Server Evolution Vault-less Tokenization Server Vault-based Tokenization Server 31
Protegrity Tokenization Differentiators Vault-based Tokenization Vaultless Tokenization Footprint Large, Expanding. Small, Static. High Availability, Complex, expensive No replication required. Disaster Recovery replication required. Distribution Practically impossible to Easy to deploy at different distribute geographically. geographically distributed locations. Reliability Prone to collisions. No collisions. Performance, Will adversely impact Little or no latency. Fastest industry Latency, and performance & scalability. tokenization. Scalability Extendibility Practically impossible. Unlimited Tokenization Capability. 32
External Validation for Protegrity Vaultless Tokenization “The Protegrity tokenization scheme offers excellent security, since it is based on fully randomized tables. This is a fully distributed tokenization approach with no need for synchronization and there is no risk for collisions.“ Prof. Dr. Ir. Bart Preneel Katholieke University Leuven, Belgium * Bart Preneel is a Belgian cryptographer and cryptanalyst. He is a professor at Katholieke Universiteit Leuven, president of the International Association for Cryptologic Research * The Katholieke University Leuven in Belgium is where Advanced Encryption Standard (AES) was invented. 33
SPEED & SECURITY 34
Speed of Different Protection Methods Transactions per second 10 000 000 - 1 000 000 - 100 000 - 10 000 - 1 000 - 100 - I I I I Basic Format AES CBC Vaultless Data Preserving Encryption Data Speed will depend on Tokenization Encryption Standard Tokenization the configuration 35
Security of Different Protection Methods Security Level High Low I I I I Basic Format AES CBC Vaultless Data Preserving Encryption Data Tokenization Encryption Standard Tokenization 36
CASE STUDIES 37
Case Study: Large Chain Store Why? Reduce compliance cost by 50% • 50 million Credit Cards, 700 million daily transactions • Performance Challenge: 30 days with Basic to 90 minutes with Vaultless Tokenization • End-to-End Tokens: Started with the D/W and expanding to stores • Lower maintenance cost – don’t have to apply all 12 requirements • Better security – able to eliminate several business and daily reports • Qualified Security Assessors had no issues • “With encryption, implementations can spawn dozens of questions” • “There were no such challenges with tokenization” 38
Case Study: Energy Industry Why? Reduce PCI Scope • Best way to handle legacy, we got most of it out of PCI – Get rid of unwanted paper copies – No need to rewrite/redevelop or restructure business applications – A VERY efficient way of PCI Reduction of Scope • Better understanding of your data flow – Better understanding of business flow – Opportunity to clean up a few business oddities 39
Case Studies: Retail Customer 1: Why? Three major concerns solved • Performance Challenge; Initial tokenization • Vendor Lock-In: What if we want to switch payment processor • Extensive Enterprise End-to-End Credit Card Data Protection Customer 2: Why? Desired single vendor to provide data protection • Combined use of tokenization and encryption • Looking to expand tokens beyond CCN to PII Customer 3: Why? Remove compensating controls from the mainframe • Tokens on the mainframe to avoid compensating controls 40
PCI DSS GUIDELINES 41
Tokenization and Encryption are Different 42
Tokenization and “PCI Out Of Scope” De-tokenization No Available? Yes Random Number Tokens? No: FPE Yes Isolated from Card Holder Data Yes Environment? No Out of Scope No Scope Scope Reduction Reduction Source: http://www.securosis.com 43
PII DATA 44
How Should I Secure Different Data? File Field Encryption Tokenization Use Case Card Simple - PII Holder PCI Data PHI Protected Health Complex - Information Type of I I Data Un-structured Structured 45
Flexibility in Token Format Controls Type of Data Input Token Comment Credit Card 3872 3789 1620 3675 8278 2789 2990 2789 Numeric Credit Card 3872 3789 1620 3675 8278 2789 2990 3675 Numeric, Last 4 digits exposed Credit Card 3872 3789 1620 3675 3872 qN4e 5yPx 3675 Alpha-Numeric, Digits exposed Medical ID 29M2009ID 497HF390D Alpha-Numeric Date 10/30/1955 12/25/2034 Date - multiple date formats E-mail Address yuri.gagarin@protegrity.com empo.snaugs@svtiensnni.snk Alpha Numeric SSN 075672278 or 075-67-2278 287382567 or 287-38-2567 Numeric, delimiters in input Invalid Luhn 5105 1051 0510 5100 8278 2789 2990 2782 Luhn check will fail Binary 0x010203 0x123296910112 Alphanumeric Position to place alpha is 5105 1051 0510 5100 8278 2789 299A 2781 Indicator configurable Decimal 123.45 9842.56 Non length preserving Deliver a different token to different Merchant 1: 8278 2789 2990 2789 Multi-Merchant 3872 3789 1620 3675 merchant based on the same credit Merchant 2: 9302 8999 2662 6345 card number.
What are the benefits of Tokenization? Reduces complexity of key management. Reduces the number of hacker targets. What are the benefits of Tokenisation? Reduces the remediation for protecting systems. Reduces the cost of PCI Compliance. Additional benefits with Protegrity Vaultless Tokenization Infinitely Scalable Fastest tokenization method in the world Simplicity and Security: No replication, No collisions Flexible and easy to deploy and distribute Lower Total Cost of Ownership than Basic Tokenization
ABOUT PROTEGRITY 48
About Protegrity Proven enterprise data security software and innovation leader • Sole focus on the protection of data • Patented Technology, Continuing to Drive Innovation Growth driven by compliance and risk management • PCI (Payment Card Industry) • PII (Personally Identifiable Information) • PHI (Protected Health Information) – HIPAA • State and Foreign Privacy Laws, Breach Notification Laws • Requirements to eliminate the threat of data breach and non-compliance Cross-industry applicability • Retail, Hospitality, Travel and Transportation • Financial Services, Insurance and Banking • Healthcare, Telecommunications, Media and Entertainment • Manufacturing and Government 49
What are Industry Analyst’s Saying? “Protegrity has a comprehensive approach to a range of data security problems, while most vendors only have one stovepipe solution with no coherent strategy.” - Scott Crawford, EMA “I’m really impressed that you’ve expanded your Tokenization solution to include PII and HIPAA. I haven’t seen this from other vendors. It’s really nice to see that vendors are driving innovation, before there’s a big demand from customers.” - Derek Brink, Aberdeen “Tokenizing payment data holds the promise of improving security while reducing auditing costs, generating great demand amongst the merchant community. Tokenization is a simple technology with a clear value proposition.” - Adrian Lane, Analyst and CTO, Securosis “Protegrity’s approach to tokenization is very elegant and it’s clear your solution is very fast and flexible.” – A leading Industry Analyst Firm 50
Summary Optimal support of complex enterprise requirements • Heterogeneous platform supports all operating systems and databases • Flexible protectors (Database, Application, File) • Risk Adjusted Data Protection offers the options for protection data with the appropriate strength. • Built-in Key Management • Consistent Enterprise policy enforcement and audit logging Innovative • Pushing data protection with industry leading Proven • Proven platform currently protects the worlds largest companies Experienced • Experienced staff will be there with support along the way to complete data protection 51
Questions and Answers Elaine Evans Protegrity Marketing elaine.evans@protegrity.com www.protegrity.com

Recommended

Choosing the Right Data Security Solution
Choosing the Right Data Security SolutionChoosing the Right Data Security Solution
Choosing the Right Data Security SolutionProtegrity
 
ISACA New York Metro April 30 2012
ISACA New York Metro April 30 2012ISACA New York Metro April 30 2012
ISACA New York Metro April 30 2012Ulf Mattsson
 
ISACA Dallas Texas 2010 - Ulf Mattsson
ISACA Dallas Texas 2010 - Ulf MattssonISACA Dallas Texas 2010 - Ulf Mattsson
ISACA Dallas Texas 2010 - Ulf MattssonUlf Mattsson
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsUlf Mattsson
 
Case study on JP Morgan Chase & Co
Case study on JP Morgan Chase & CoCase study on JP Morgan Chase & Co
Case study on JP Morgan Chase & CoVictor Oluwajuwon Badejo
 
Emerging application and data protection for cloud
Emerging application and data protection for cloudEmerging application and data protection for cloud
Emerging application and data protection for cloudUlf Mattsson
 
A Case study scenario on collaborative Portal Risk Assessment
A Case study scenario on collaborative Portal Risk Assessment A Case study scenario on collaborative Portal Risk Assessment
A Case study scenario on collaborative Portal Risk Assessment Victor Oluwajuwon Badejo
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperNetIQ
 

Recommended

Choosing the Right Data Security Solution
Choosing the Right Data Security SolutionChoosing the Right Data Security Solution
Choosing the Right Data Security SolutionProtegrity
 
ISACA New York Metro April 30 2012
ISACA New York Metro April 30 2012ISACA New York Metro April 30 2012
ISACA New York Metro April 30 2012Ulf Mattsson
 
ISACA Dallas Texas 2010 - Ulf Mattsson
ISACA Dallas Texas 2010 - Ulf MattssonISACA Dallas Texas 2010 - Ulf Mattsson
ISACA Dallas Texas 2010 - Ulf MattssonUlf Mattsson
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsUlf Mattsson
 
Case study on JP Morgan Chase & Co
Case study on JP Morgan Chase & CoCase study on JP Morgan Chase & Co
Case study on JP Morgan Chase & CoVictor Oluwajuwon Badejo
 
Emerging application and data protection for cloud
Emerging application and data protection for cloudEmerging application and data protection for cloud
Emerging application and data protection for cloudUlf Mattsson
 
A Case study scenario on collaborative Portal Risk Assessment
A Case study scenario on collaborative Portal Risk Assessment A Case study scenario on collaborative Portal Risk Assessment
A Case study scenario on collaborative Portal Risk Assessment Victor Oluwajuwon Badejo
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperNetIQ
 
ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010Ulf Mattsson
 
How to Secure Your Files with DLP and FAM
How to Secure Your Files with DLP and FAMHow to Secure Your Files with DLP and FAM
How to Secure Your Files with DLP and FAMImperva
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data securityUlf Mattsson
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the worldSeqrite
 
Why cyber-criminals target Healthcare - Panda Security
Why cyber-criminals target Healthcare - Panda Security Why cyber-criminals target Healthcare - Panda Security
Why cyber-criminals target Healthcare - Panda Security Panda Security
 
Anti-Fraud Datasheet
Anti-Fraud DatasheetAnti-Fraud Datasheet
Anti-Fraud DatasheetMani Rai
 
[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention[Infographic] Data Loss Prevention
[Infographic] Data Loss PreventionSeqrite
 
Configuration File of Trojan Targets Organization
Configuration File of Trojan Targets OrganizationConfiguration File of Trojan Targets Organization
Configuration File of Trojan Targets OrganizationDigital Shadows
 
Neira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira Jones
 
INSECURE Magazine - 42
INSECURE Magazine - 42INSECURE Magazine - 42
INSECURE Magazine - 42Felipe Prado
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
Top 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in BankingTop 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in BankingSeqrite
 
Multimodal Biometric endorsement for secure Internet banking using Skin Spect...
Multimodal Biometric endorsement for secure Internet banking using Skin Spect...Multimodal Biometric endorsement for secure Internet banking using Skin Spect...
Multimodal Biometric endorsement for secure Internet banking using Skin Spect...IRJET Journal
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesUlf Mattsson
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyChukwunonso Okoro, CFE, CAMS, CRISC
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaEMC
 
Countering Cross-Channel Fraud Threats
Countering Cross-Channel Fraud ThreatsCountering Cross-Channel Fraud Threats
Countering Cross-Channel Fraud ThreatsVivastream
 
Cloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowCloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowAct-On Software
 
Dealing with the insider threat.
Dealing with the insider threat.Dealing with the insider threat.
Dealing with the insider threat.Matt Lemon
 
Cloud Privacy
Cloud PrivacyCloud Privacy
Cloud PrivacyAct-On Software
 
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonUlf Mattsson
 
Isaca e symposium understanding your data flow jul 6
Isaca e symposium understanding your data flow jul 6Isaca e symposium understanding your data flow jul 6
Isaca e symposium understanding your data flow jul 6Ulf Mattsson
 

More Related Content

What's hot

ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010Ulf Mattsson
 
How to Secure Your Files with DLP and FAM
How to Secure Your Files with DLP and FAMHow to Secure Your Files with DLP and FAM
How to Secure Your Files with DLP and FAMImperva
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data securityUlf Mattsson
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the worldSeqrite
 
Why cyber-criminals target Healthcare - Panda Security
Why cyber-criminals target Healthcare - Panda Security Why cyber-criminals target Healthcare - Panda Security
Why cyber-criminals target Healthcare - Panda Security Panda Security
 
Anti-Fraud Datasheet
Anti-Fraud DatasheetAnti-Fraud Datasheet
Anti-Fraud DatasheetMani Rai
 
[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention[Infographic] Data Loss Prevention
[Infographic] Data Loss PreventionSeqrite
 
Configuration File of Trojan Targets Organization
Configuration File of Trojan Targets OrganizationConfiguration File of Trojan Targets Organization
Configuration File of Trojan Targets OrganizationDigital Shadows
 
Neira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira Jones
 
INSECURE Magazine - 42
INSECURE Magazine - 42INSECURE Magazine - 42
INSECURE Magazine - 42Felipe Prado
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
Top 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in BankingTop 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in BankingSeqrite
 
Multimodal Biometric endorsement for secure Internet banking using Skin Spect...
Multimodal Biometric endorsement for secure Internet banking using Skin Spect...Multimodal Biometric endorsement for secure Internet banking using Skin Spect...
Multimodal Biometric endorsement for secure Internet banking using Skin Spect...IRJET Journal
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesUlf Mattsson
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaEMC
 
Countering Cross-Channel Fraud Threats
Countering Cross-Channel Fraud ThreatsCountering Cross-Channel Fraud Threats
Countering Cross-Channel Fraud ThreatsVivastream
 
Cloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowCloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowAct-On Software
 
Dealing with the insider threat.
Dealing with the insider threat.Dealing with the insider threat.
Dealing with the insider threat.Matt Lemon
 

What's hot (20)

ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010ISACA Houston Texas Chapter 2010
ISACA Houston Texas Chapter 2010
 
How to Secure Your Files with DLP and FAM
How to Secure Your Files with DLP and FAMHow to Secure Your Files with DLP and FAM
How to Secure Your Files with DLP and FAM
 
ISSA: Cloud data security
ISSA: Cloud data securityISSA: Cloud data security
ISSA: Cloud data security
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world
 
Why cyber-criminals target Healthcare - Panda Security
Why cyber-criminals target Healthcare - Panda Security Why cyber-criminals target Healthcare - Panda Security
Why cyber-criminals target Healthcare - Panda Security
 
Anti-Fraud Datasheet
Anti-Fraud DatasheetAnti-Fraud Datasheet
Anti-Fraud Datasheet
 
[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention
 
Configuration File of Trojan Targets Organization
Configuration File of Trojan Targets OrganizationConfiguration File of Trojan Targets Organization
Configuration File of Trojan Targets Organization
 
Neira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf ready
 
INSECURE Magazine - 42
INSECURE Magazine - 42INSECURE Magazine - 42
INSECURE Magazine - 42
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
 
Top 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in BankingTop 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in Banking
 
Multimodal Biometric endorsement for secure Internet banking using Skin Spect...
Multimodal Biometric endorsement for secure Internet banking using Skin Spect...Multimodal Biometric endorsement for secure Internet banking using Skin Spect...
Multimodal Biometric endorsement for secure Internet banking using Skin Spect...
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best Practices
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business Ready
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - China
 
Countering Cross-Channel Fraud Threats
Countering Cross-Channel Fraud ThreatsCountering Cross-Channel Fraud Threats
Countering Cross-Channel Fraud Threats
 
Cloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowCloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to Know
 
Dealing with the insider threat.
Dealing with the insider threat.Dealing with the insider threat.
Dealing with the insider threat.
 
Cloud Privacy
Cloud PrivacyCloud Privacy
Cloud Privacy
 

Similar to Ulf mattsson webinar jun 7 2012 slideshare version

ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonUlf Mattsson
 
Isaca e symposium understanding your data flow jul 6
Isaca e symposium understanding your data flow jul 6Isaca e symposium understanding your data flow jul 6
Isaca e symposium understanding your data flow jul 6Ulf Mattsson
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Ulf Mattsson
 
Tokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and ComplianceTokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and ComplianceUlf Mattsson
 
Cacs na isaca session 414 ulf mattsson may 10 final
Cacs na isaca session 414 ulf mattsson may 10 finalCacs na isaca session 414 ulf mattsson may 10 final
Cacs na isaca session 414 ulf mattsson may 10 finalUlf Mattsson
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachUlf Mattsson
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
2013 PMA Business Security Insights
2013 PMA Business Security Insights2013 PMA Business Security Insights
2013 PMA Business Security Insightsgotopaz
 
ISACA Los Angeles 2010 Compliance - Ulf Mattsson
ISACA Los Angeles 2010 Compliance - Ulf MattssonISACA Los Angeles 2010 Compliance - Ulf Mattsson
ISACA Los Angeles 2010 Compliance - Ulf MattssonUlf Mattsson
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect stormUlf Mattsson
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterPatricia M Watson
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilityDFickett
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaIBM Danmark
 
AnevaluationofsecurestorageofauthenticationdataIJISR.pdf
AnevaluationofsecurestorageofauthenticationdataIJISR.pdfAnevaluationofsecurestorageofauthenticationdataIJISR.pdf
AnevaluationofsecurestorageofauthenticationdataIJISR.pdftonkung6
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
 
Cyber & Privacy Liability for Health Care Industry
Cyber & Privacy Liability for Health Care IndustryCyber & Privacy Liability for Health Care Industry
Cyber & Privacy Liability for Health Care IndustryFerrariT1
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceJeff Lemmermann
 
The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachUlf Mattsson
 
SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15haney888
 

Similar to Ulf mattsson webinar jun 7 2012 slideshare version (20)

ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
 
Isaca e symposium understanding your data flow jul 6
Isaca e symposium understanding your data flow jul 6Isaca e symposium understanding your data flow jul 6
Isaca e symposium understanding your data flow jul 6
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0
 
Tokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and ComplianceTokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and Compliance
 
Cacs na isaca session 414 ulf mattsson may 10 final
Cacs na isaca session 414 ulf mattsson may 10 finalCacs na isaca session 414 ulf mattsson may 10 final
Cacs na isaca session 414 ulf mattsson may 10 final
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breach
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
2013 PMA Business Security Insights
2013 PMA Business Security Insights2013 PMA Business Security Insights
2013 PMA Business Security Insights
 
ISACA Los Angeles 2010 Compliance - Ulf Mattsson
ISACA Los Angeles 2010 Compliance - Ulf MattssonISACA Los Angeles 2010 Compliance - Ulf Mattsson
ISACA Los Angeles 2010 Compliance - Ulf Mattsson
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect storm
 
A6704d01
A6704d01A6704d01
A6704d01
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise Chapter
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liability
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 
AnevaluationofsecurestorageofauthenticationdataIJISR.pdf
AnevaluationofsecurestorageofauthenticationdataIJISR.pdfAnevaluationofsecurestorageofauthenticationdataIJISR.pdf
AnevaluationofsecurestorageofauthenticationdataIJISR.pdf
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS Deck
 
Cyber & Privacy Liability for Health Care Industry
Cyber & Privacy Liability for Health Care IndustryCyber & Privacy Liability for Health Care Industry
Cyber & Privacy Liability for Health Care Industry
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 Conference
 
The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breach
 
SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15
 

More from Ulf Mattsson

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Ulf Mattsson
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Ulf Mattsson
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...Ulf Mattsson
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021Ulf Mattsson
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesUlf Mattsson
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Ulf Mattsson
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeUlf Mattsson
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchainUlf Mattsson
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protectionUlf Mattsson
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsUlf Mattsson
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaUlf Mattsson
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningUlf Mattsson
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKUlf Mattsson
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonUlf Mattsson
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAUlf Mattsson
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?Ulf Mattsson
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bUlf Mattsson
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020Ulf Mattsson
 

More from Ulf Mattsson (20)

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
 
Book
BookBook
Book
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use cases
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicode
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchain
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protection
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA Atlanta
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UK
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS London
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACA
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020
 

Recently uploaded

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 

Recently uploaded (20)

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 

Ulf mattsson webinar jun 7 2012 slideshare version

  • 1. Choosing the Right Data Security Solution Ulf Mattsson, CTO Protegrity June 7th, 2012
  • 2. Ulf Mattsson, CTO Protegrity 20 years with IBM Research & Development and Global Services Started Protegrity in 1994 (Data Security) Inventor of 25 patents – Encryption and Tokenization Member of • PCI Security Standards Council (PCI SSC) • American National Standards Institute (ANSI) X9 • International Federation for Information Processing (IFIP) WG 11.3 Data and Application Security • ISACA , ISSA and Cloud Security Alliance (CSA) 2
  • 3. Agenda Data Breaches Data Protection Trends Encryption versus Tokenization Vault-based Tokenization versus Vaultless Tokenization Case studies Summary 03
  • 4. WE KNOW THAT DATA IS UNDER ATTACK 4
  • 5. Albert Gonzalez: 20 Years In US Federal Prison US Federal indictments: 1. Dave & Busters 2. TJ Maxx 3. Heartland HPS • $140M in breach expenses Source: http://en.wikipedia.org/wiki/Albert_Gonzalez Source: http://www.youtube.com/user/ProtegrityUSA 5
  • 6. What about Breaches & PCI? Was Data Protected? 9: Restrict physical access to cardholder data 5: Use and regularly update anti-virus software 4: Encrypt transmission of cardholder data 2: Do not use vendor-supplied defaults for security parameters 12: Maintain a policy that addresses information security 1: Install and maintain a firewall configuration to protect data 8: Assign a unique ID to each person with computer access 6: Develop and maintain secure systems and applications 10: Track and monitor all access to network resources and data 11: Regularly test security systems and processes 7: Restrict access to data by business need-to-know 3: Protect Stored Data % 0 10 20 30 40 50 60 70 80 90 100 Based on post-breach reviews. Relevant Organizations in Compliance with PCI DSS. Verizon Study 6
  • 7. WHAT TYPES OF DATA ARE UNDER ATTACK NOW? 7
  • 8. What Data is Compromised? Personal information (Name, SS#, Addr, etc.) Payment card numbers/data Unknown (specific type is not known) Medical records Medical Classified information Trade secrets Copyrighted/Trademarked material System information (config, svcs, sw, etc.) Bank account numbers/data Authentication credentials… 0 20 40 60 80 100 %120 By percent of records. Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/ 8
  • 9. Today “Hacktivism” is Dominating Activist group Organized criminal group Relative or acquaintance of employee Former employee (no longer had access) Unaffiliated person(s) Unknown 0 10 20 30 40 50 60 70 % By percent of records Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/ 9
  • 10. Growing Threat of “hacktivism” Attacks by Anonymous include • 2012: CIA and Interpol • 2011: Sony, Stratfor and HBGary Federal Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/, http://en.wikipedia.org/wiki/Timeline_of_events_involving_Anonymous 10
  • 11. Some Major Data Breaches April 2011 May 2011 Jun 2011 Jul 2011 Aug 2011 Time Impact $ Attack Type Source: IBM 2012 Security Breaches Trend and Risk Report 11
  • 12. The Sony Breach & The Cloud Lost 100 million passwords and personal details stored in clear Spent $171 million related to the data breach Sony's stock price has fallen 40 percent For three pennies an hour, hackers can rent Amazon.com to wage cyber attacks such as the one that crippled Sony Attack via SQL Injection 12
  • 13. SQL Injection Attacks are Increasing 25,000 20,000 15,000 10,000 5,000 Q1 2011 Q2 2011 Q3 2011 Source: IBM 2012 Security Breaches Trend and Risk Report 13
  • 14. WHAT IS SQL INJECTION? 14
  • 15. What is SQL Injection? SQL Command Injected Application Data Store 15
  • 16. New Industry Groups are Targets Accommodation and Food Services Retail Trade Finance and Insurance Health Care and Social Assistance Other Information 0 10 20 30 40 50 60 % By percent of breaches Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/ 16
  • 17. The Changing Threat Landscape Some issues have stayed constant: • Threat landscape continues to gain sophistication • Attackers will always be a step ahead of the defenders We are fighting highly organized, well-funded crime syndicates and nations Move from detective to preventative controls needed Source: http://www.csoonline.com/article/602313/the-changing-threat-landscape?page=2 17
  • 18. How are Breaches Discovered? Notified by law enforcement Third-party fraud detection (e.g., CPP) Reported by customer/partner affected Brag or blackmail by perpetrator Unknown Witnessed and/or reported by employee Other(s) Internal fraud detection mechanism Financial audit and reconciliation process Log analysis and/or review process Unusual system behavior or performance 0 10 20 30 40 50 60 70 % By percent of breaches . Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/ 18
  • 19. WHERE IS DATA LOST? 19
  • 20. What Assets are Compromised? Database server Web/application server Desktop/Workstation Mail server Call Center Staff People Remote Access server Laptop/Netbook File server Pay at the Pump terminal User devices Cashier/Teller/Waiter People Payment card (credit, debit, etc.) Offline… Regular employee/end-user People Automated Teller Machine (ATM) POS terminal User devices POS server (store controller) 0 20 40 60 80 100 % 120 By percent of records Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/ 20
  • 21. Hacking and Malware are Leading Threat Action Categories Hacking Malware Social Physical Misuse Error Environmental 0 50 100 % 150 By percent of records Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/ 21
  • 22. Thieves Are Attacking the Data Flow Application Application 22
  • 23. THIS IS A CATCH 22! 23
  • 24. How can we Secure The Data Flow? Retail Bank Store Payment 9999 9999 Corporate Network Systems 24
  • 25. WHAT HAS THE INDUSTRY DONE TO SECURE DATA? 25
  • 26. What Has The Industry Done? Input Value: 3872 3789 1620 3675 TCO Strong Encryption !@#$%a^.,mhu7///&*B()_+!@ High AES, 3DES Format Preserving Encryption 8278 2789 2990 2789 DTP, FPE Format Preserving Vault-based Tokenization 8278 2789 2990 2789 Greatly reduced Key Management Vaultless Tokenization 8278 2789 2990 2789 Low No Vault 1970 2000 2005 2010 26
  • 27. Use of Enabling Technologies Access controls 1% 91% Database activity monitoring 18% 47% Database encryption 30% 35% Backup / Archive encryption 21% 39% Data masking 28% 28% Application-level encryption 7% 29% Tokenization 22% 23% Evaluating 27
  • 28. WHAT IS THE DIFFERENCE BETWEEN VAULT-BASED AND VAULTLESS TOKENIZATION? 28
  • 29. We Started with Vault-Based Tokenization … 29
  • 30. Issues with Vault-based Tokenization 30
  • 31. Miniaturization of the Tokenization Server Evolution Vault-less Tokenization Server Vault-based Tokenization Server 31
  • 32. Protegrity Tokenization Differentiators Vault-based Tokenization Vaultless Tokenization Footprint Large, Expanding. Small, Static. High Availability, Complex, expensive No replication required. Disaster Recovery replication required. Distribution Practically impossible to Easy to deploy at different distribute geographically. geographically distributed locations. Reliability Prone to collisions. No collisions. Performance, Will adversely impact Little or no latency. Fastest industry Latency, and performance & scalability. tokenization. Scalability Extendibility Practically impossible. Unlimited Tokenization Capability. 32
  • 33. External Validation for Protegrity Vaultless Tokenization “The Protegrity tokenization scheme offers excellent security, since it is based on fully randomized tables. This is a fully distributed tokenization approach with no need for synchronization and there is no risk for collisions.“ Prof. Dr. Ir. Bart Preneel Katholieke University Leuven, Belgium * Bart Preneel is a Belgian cryptographer and cryptanalyst. He is a professor at Katholieke Universiteit Leuven, president of the International Association for Cryptologic Research * The Katholieke University Leuven in Belgium is where Advanced Encryption Standard (AES) was invented. 33
  • 34. SPEED & SECURITY 34
  • 35. Speed of Different Protection Methods Transactions per second 10 000 000 - 1 000 000 - 100 000 - 10 000 - 1 000 - 100 - I I I I Basic Format AES CBC Vaultless Data Preserving Encryption Data Speed will depend on Tokenization Encryption Standard Tokenization the configuration 35
  • 36. Security of Different Protection Methods Security Level High Low I I I I Basic Format AES CBC Vaultless Data Preserving Encryption Data Tokenization Encryption Standard Tokenization 36
  • 37. CASE STUDIES 37
  • 38. Case Study: Large Chain Store Why? Reduce compliance cost by 50% • 50 million Credit Cards, 700 million daily transactions • Performance Challenge: 30 days with Basic to 90 minutes with Vaultless Tokenization • End-to-End Tokens: Started with the D/W and expanding to stores • Lower maintenance cost – don’t have to apply all 12 requirements • Better security – able to eliminate several business and daily reports • Qualified Security Assessors had no issues • “With encryption, implementations can spawn dozens of questions” • “There were no such challenges with tokenization” 38
  • 39. Case Study: Energy Industry Why? Reduce PCI Scope • Best way to handle legacy, we got most of it out of PCI – Get rid of unwanted paper copies – No need to rewrite/redevelop or restructure business applications – A VERY efficient way of PCI Reduction of Scope • Better understanding of your data flow – Better understanding of business flow – Opportunity to clean up a few business oddities 39
  • 40. Case Studies: Retail Customer 1: Why? Three major concerns solved • Performance Challenge; Initial tokenization • Vendor Lock-In: What if we want to switch payment processor • Extensive Enterprise End-to-End Credit Card Data Protection Customer 2: Why? Desired single vendor to provide data protection • Combined use of tokenization and encryption • Looking to expand tokens beyond CCN to PII Customer 3: Why? Remove compensating controls from the mainframe • Tokens on the mainframe to avoid compensating controls 40
  • 41. PCI DSS GUIDELINES 41
  • 42. Tokenization and Encryption are Different 42
  • 43. Tokenization and “PCI Out Of Scope” De-tokenization No Available? Yes Random Number Tokens? No: FPE Yes Isolated from Card Holder Data Yes Environment? No Out of Scope No Scope Scope Reduction Reduction Source: http://www.securosis.com 43
  • 44. PII DATA 44
  • 45. How Should I Secure Different Data? File Field Encryption Tokenization Use Case Card Simple - PII Holder PCI Data PHI Protected Health Complex - Information Type of I I Data Un-structured Structured 45
  • 46. Flexibility in Token Format Controls Type of Data Input Token Comment Credit Card 3872 3789 1620 3675 8278 2789 2990 2789 Numeric Credit Card 3872 3789 1620 3675 8278 2789 2990 3675 Numeric, Last 4 digits exposed Credit Card 3872 3789 1620 3675 3872 qN4e 5yPx 3675 Alpha-Numeric, Digits exposed Medical ID 29M2009ID 497HF390D Alpha-Numeric Date 10/30/1955 12/25/2034 Date - multiple date formats E-mail Address yuri.gagarin@protegrity.com empo.snaugs@svtiensnni.snk Alpha Numeric SSN 075672278 or 075-67-2278 287382567 or 287-38-2567 Numeric, delimiters in input Invalid Luhn 5105 1051 0510 5100 8278 2789 2990 2782 Luhn check will fail Binary 0x010203 0x123296910112 Alphanumeric Position to place alpha is 5105 1051 0510 5100 8278 2789 299A 2781 Indicator configurable Decimal 123.45 9842.56 Non length preserving Deliver a different token to different Merchant 1: 8278 2789 2990 2789 Multi-Merchant 3872 3789 1620 3675 merchant based on the same credit Merchant 2: 9302 8999 2662 6345 card number.
  • 47. What are the benefits of Tokenization? Reduces complexity of key management. Reduces the number of hacker targets. What are the benefits of Tokenisation? Reduces the remediation for protecting systems. Reduces the cost of PCI Compliance. Additional benefits with Protegrity Vaultless Tokenization Infinitely Scalable Fastest tokenization method in the world Simplicity and Security: No replication, No collisions Flexible and easy to deploy and distribute Lower Total Cost of Ownership than Basic Tokenization
  • 48. ABOUT PROTEGRITY 48
  • 49. About Protegrity Proven enterprise data security software and innovation leader • Sole focus on the protection of data • Patented Technology, Continuing to Drive Innovation Growth driven by compliance and risk management • PCI (Payment Card Industry) • PII (Personally Identifiable Information) • PHI (Protected Health Information) – HIPAA • State and Foreign Privacy Laws, Breach Notification Laws • Requirements to eliminate the threat of data breach and non-compliance Cross-industry applicability • Retail, Hospitality, Travel and Transportation • Financial Services, Insurance and Banking • Healthcare, Telecommunications, Media and Entertainment • Manufacturing and Government 49
  • 50. What are Industry Analyst’s Saying? “Protegrity has a comprehensive approach to a range of data security problems, while most vendors only have one stovepipe solution with no coherent strategy.” - Scott Crawford, EMA “I’m really impressed that you’ve expanded your Tokenization solution to include PII and HIPAA. I haven’t seen this from other vendors. It’s really nice to see that vendors are driving innovation, before there’s a big demand from customers.” - Derek Brink, Aberdeen “Tokenizing payment data holds the promise of improving security while reducing auditing costs, generating great demand amongst the merchant community. Tokenization is a simple technology with a clear value proposition.” - Adrian Lane, Analyst and CTO, Securosis “Protegrity’s approach to tokenization is very elegant and it’s clear your solution is very fast and flexible.” – A leading Industry Analyst Firm 50
  • 51. Summary Optimal support of complex enterprise requirements • Heterogeneous platform supports all operating systems and databases • Flexible protectors (Database, Application, File) • Risk Adjusted Data Protection offers the options for protection data with the appropriate strength. • Built-in Key Management • Consistent Enterprise policy enforcement and audit logging Innovative • Pushing data protection with industry leading Proven • Proven platform currently protects the worlds largest companies Experienced • Experienced staff will be there with support along the way to complete data protection 51
  • 52. Questions and Answers Elaine Evans Protegrity Marketing elaine.evans@protegrity.com www.protegrity.com