The document outlines the expertise of Ulf Mattsson, Chief Security Strategist at Protegrity, and discusses various data security solutions including encryption and tokenization. It highlights the importance of compliance with regulations such as GDPR and CCPA while addressing risks related to data breaches and legal issues that businesses face. Additionally, it covers data protection techniques, cloud security considerations, and emerging privacy standards in managing sensitive information.

1. Copyright ©Protegrity Corp. | Protegrity Confidential
Unlock the Potential of
Data Security
Ulf Mattsson
Chief Security Strategist
www.Protegrity.com

2. Copyright ©Protegrity Corp. | Protegrity Confidential
Ulf Mattsson
• Chief Security Strategist at Protegrity, previously Head of Innovation at
TokenEx and Chief Technology Officer at Atlantic BT, Compliance Engineering,
and IT Architect at IBM
• Products and Services:
• Data Encryption, Tokenization, Data Discovery, Cloud Application Security
Brokers (CASB), Web Application Firewalls (WAF), Robotics, and
Applications
• Security Operation Center (SOC), Managed Security Services (MSSP)
• Inventor of more than 70 issued US Patents and developed Industry
Standards with ANSI X9, CSA and PCI DSS
2

3. Copyright ©Protegrity Corp. | Protegrity Confidential
Unlockthe Potential of Data Security
- Data Security Governance Stakeholders
33

4. Copyright ©Protegrity Corp. | Protegrity Confidential
Opportunities
Controls
&
Tools
Regulations
Policies
RiskManagement
Breaches
Balance
Protect datainwaysthatare transparent to business processes andcompliantto
regulations 4

5. Copyright ©Protegrity Corp. | Protegrity Confidential 5

6. Copyright ©Protegrity Corp. | Protegrity Confidential
Verizon Data Breach Investigations Report (DBIR) 2020
Assetsin breaches
• On-premises assets are still 70% in ourreported breachesdataset.
• Cloud assets were involved inabout 24%of breaches.
• Email or web application server 73% of the time.
6

7. Copyright ©Protegrity Corp. | Protegrity Confidential
American officials aredrawing cellphone location data from mobile advertising firms totrackthe presence of crowds—but not individuals.
• AppleInc.and AlphabetInc.’sGoogle - avoluntaryapp thathealthofficialscan usetoreverse-engineersickenedpatients’recentwhereabouts—providedtheyagreetoprovidesuch information.
Collect personal or anonymized data?
InWesternAustralia,lawmakersapproveda billtoinstall surveillancegadgetsin people’shomes tomonitorthoseplacedunderquarantine.
Authoritiesin HongKongand India areusinggeofencing thatdrawsvirtualfencesaroundquarantinezones.
• Theymonitordigitalsignalsfromsmartphoneorwristbands todeterrulebreakersandnaboffenders,who can besenttojail.
7

8. Copyright ©Protegrity Corp. | Protegrity Confidential
Identity Theft Reports
• The USFEDERAL TRADE COMMISSION
(FTC) received nearly three million
complaints from consumers
• The FTC received morethan 167,000
reports frompeople whosaid their
information was misused on an
existing account or to opena new
credit cardaccount
8

9. Copyright ©Protegrity Corp. | Protegrity Confidential
Legal Compliance and Nation-State Attacks
• Manycompanies have information that is attractive to governments andintelligence services.
• Others worrythat litigation may result in a subpoena forall their data.
Securosis, 2019
Multi-Cloud Data Privacyconsiderations
Jurisdiction
• Cloudservice providers
redundancy is great for
resilience, but regulatory
concerns arises when moving
data across regions which may
have different laws and
jurisdictions.
9

10. Copyright ©Protegrity Corp. | Protegrity Confidential
Securosis, 2019
Consistency
• Most firmsarequite familiar with their on-premises
encryption andkeymanagement systems, so they often
prefer toleverage the same tool and skills across multiple
clouds.
• Firms often adopt a “best of breed”cloud approach.
Examples ofHybrid Cloud considerations
Trust
• Some customers simply donot trusttheir vendors.
Vendor Lock-in and Migration
• A commonconcern is vendorlock-in, andan
inabilitytomigratetoanothercloud serviceprovider.
Google Cloud AWSCloud Azure Cloud
Cloud Gateway
S3 SalesforceData Analytics
BigQuery
10

11. Copyright ©Protegrity Corp. | Protegrity Confidential
Current use or planto use:
Spending byDeploymentModel, DigitalCommercePlatforms,Worldwide
11

12. Copyright ©Protegrity Corp. | Protegrity Confidential
Whichof thefollowing aspectsof dataprivacyare you particularlyconcernedabout?
FTIConsulting- CorporateData
Privacy Today,2020
12

13. Copyright ©Protegrity Corp. | Protegrity Confidential
Global Map Of PrivacyRights And Regulations
13

14. Copyright ©Protegrity Corp. | Protegrity Confidential
GDPR vs. CCPA
14

15. Copyright ©Protegrity Corp. | Protegrity Confidential
TrustArc
Legal and Regulatory Risks Are Exploding
15

16. Copyright ©Protegrity Corp. | Protegrity Confidential
Encryption*and
Tokenization
Discover Data
Assets
Security by
Design
GDPR Security Requirements –Encryption and Tokenization
16

17. Copyright ©Protegrity Corp. | Protegrity Confidential
FindYour Sensitive Datain Cloudand On-Premise
www.protegrity.com
17

18. Copyright ©Protegrity Corp. | Protegrity Confidential
PaymentApplication
Payment
Network
Payment
Data
Policy, tokenization,
encryption
and keys
Gateway
Call Center
Application
PI*Data
Salesforce
Analytics
Application
DifferentialPrivacy
AndK-anonymity
PI*Data
Microsoft
ElectionGuard
Election
Data
Homomorphic Encryption
DataWarehouse
PI*Data
Vault-less tokenization
Use-Cases of Some Data Privacy Techniques
Voting
Application
Dev/testSystems
Masking
PI*Data
Vault-less tokenization
18

19. Copyright ©Protegrity Corp. | Protegrity Confidential
A DataSecurityGateway Can Protect Sensitive Datain Cloud and On-premise
19

20. Copyright ©Protegrity Corp. | Protegrity Confidential
Big DataProtectionwith GranularField Level Protectionfor GoogleCloud
20

21. Copyright ©Protegrity Corp. | Protegrity Confidential
Use Case (Financial Services) - Compliance with Cross-Border and Other
Privacy Restrictions
21

22. Copyright ©Protegrity Corp. | Protegrity Confidential
Use this shape toput
copy inside
(you can change the sizing tofit your copy needs)
Protection ofdata
in AWS S3 with Separation ofDuties
• Applications can use de-identified
data or data inthe clear based on
policies
• Protection of data inAWSS3 before
landing in a S3 bucket
Separation ofDuties
• EncryptionKeyManagement
• PolicyEnforcementPoint(PEP)
22

23. Copyright ©Protegrity Corp. | Protegrity Confidential
Examples of Data De-identification
23

24. Copyright ©Protegrity Corp. | Protegrity Confidential
Data protection techniques: Deployment on-premises, and clouds
Data
Warehouse
Centralized Distributed
On-
premises
Public
Cloud
Private
Cloud
Vault-based tokenization y y
Vault-less tokenization y y y y y y
Format preserving
encryption
y y y y y
Homomorphic encryption y y
Masking y y y y y y
Hashing y y y y y y
Server model y y y y y y
Local model y y y y y y
L-diversity y y y y y y
T-closeness y y y y y y
Privacy enhancing data de-identification
terminology and classification of techniques
De-
identification
techniques
Tokenization
Cryptographic
tools
Suppression
techniques
Formal
privacy
measurement
models
Differential
Privacy
K-anonymity
model
24

25. Copyright ©Protegrity Corp. | Protegrity Confidential
2-way
HomomorphicEncryption
(HE) K-anonymity
Tokenization
MaskingHashing
1-way
Analytics andMachine Learning(ML)
Different DataProtectionTechniques
AlgorithmicRandom
Computingon
encrypteddata
Format
Preserving
Fast Slow Very slow Fast Fast
FormatPreserving
DifferentialPrivacy
(DP)
Noise
added
FormatPreserving
Encryption
(FPE)
25

26. Copyright ©Protegrity Corp. | Protegrity Confidential
IS: International Standard
TR: Technical Report
TS: Technical Specification
Guidelines to help
comply with ethical
standards
20889 IS Privacy enhancing de-identification terminology and
classification of techniques
27018 IS Code of practice for protection of PII in public clouds acting
as PII processors
27701 IS Security techniques - Extension to ISO/IEC 27001 and
ISO/IEC 27002 for privacy information management - Requirements
and guidelines
29100 IS Privacy framework
29101 IS Privacy architecture framework
29134 IS Guidelines for Privacy impact assessment
29151 IS Code of Practice for PII Protection
29190 IS Privacy capability assessment model
29191 IS Requirements for partially anonymous, partially un-linkable
authentication
Cloud
11 Published International Privacy Standards
Framewor
k
Manageme
nt
Technique
s
Impact
19608 TS Guidance for developing security and privacy functional
requirements based on 15408
Requirement
s
27550 TR Privacy engineering for system lifecycle processes
Process
ISO Privacy Standards
26

27. Copyright ©Protegrity Corp. | Protegrity Confidential
Risk
Reduction
Source:
INTERNATIONAL
STANDARD ISO/IEC
20889
27

28. Copyright ©Protegrity Corp. | Protegrity Confidential
Reduction of Pain with New
Protection Techniques
28

29. Copyright ©Protegrity Corp. | Protegrity Confidential
Personally Identifiable Information(PII) in compliance with the
EUCross Border Data Protection Laws, specifically
• Datenschutzgesetz 2000(DSG 2000)in Austria, and
• Bundesdatenschutzgesetz inGermany.
This requiredaccess to Austrianand German customer data to
berestricted to onlyrequesters ineach respective country.
• Achieved targeted compliance with EU Cross Border Data
Security laws
• Implemented country-specificdata access restrictions
Datasources
Case Study
Amajor international bankperformed a consolidationofallEuropeanoperationaldatasources toItaly
29

30. Copyright ©Protegrity Corp. | Protegrity Confidential
Speed ofFine-GrainedProtection Methods
10000000-
1000000-
100000-
10000-
1000-
100-
Transactions per second*
I
Format
Preserving
Encryption
I
AESCBC
Encryption
Standard
I
Vault-based
Data
Tokenization
I
Vaultless
Data
Tokenization
30

31. Copyright ©Protegrity Corp. | Protegrity Confidential
Significantly Different Tokenization Approaches
31

32. Copyright ©Protegrity Corp. | Protegrity Confidential
Lower Risk andHigher Productivity with More AccesstoMoreData
32

33. Copyright ©Protegrity Corp. | Protegrity Confidential
UlfMattsson
Chief SecurityStrategist
www.Protegrity.com
Thank You!