New york oracle users group 2013 spring general meeting ulf mattsson


Published on

My presentation at the New York Oracle Users Group 2013 Spring General Meeting "Bridging the Gap Between Privacy and Data Insight"

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Risk Adjusted Data Protection simply means that you should protect data based on the risk of the sensitive data.You can determine your risk by deciding what is the value of the data to the bad guys and what is its exposure. For valuable data with wide exposure, such as a credit card number or SSN, you can protect with strong encryption like AES or by tokenizing. For your data that might have little or no value, but is still widely exposed, you can protect with monitoring or Data Type Preserving Encryption.This chart shows several approaches to protect sensitive data along with a set of criteria that we have found useful when comparing the merits of each method.- Performance and security are self explanatory Storage refers to the impact that a method has on storage. For example, strong encryption will require adding padding to the crypto text so that the final data will be larger than the original. When a data store is billions of records this can have an impact on the cost of the solution. Transparency refers to the degree to which a protection method effects business processes, applications, databases and any architecture. A protection method that is not transparent will require remediation to systems that are being protected. This could translate to higher protection costs. Tokenization has been gaining popularity due to it’s high transparent characteristics that are seen to reduce protection costs.For example, a system that has no data protection will have optimal performance because you’re not protecting anything and there’s no increased storage. It will require no system remediation, but it will have no security. This is basically the status quo.By contrast, using tokenization, you are not going to have any performance impact, or any increased storage because we are creating a unique token of the same type and length as the original data. With regard to security, tokenization gives you optimum security, and we’ll get into this later. From a transparency perspective, while it is not as transparent as using no protection, among other things, you are not introducing changes to your database schema.The message here really is that, as you change your security profile, there are a number of other factors that you’ll need to take into account.
  • Joel – what do you do with the nodes - elastic
  • Joel – what do you do with the nodes - elastic
  • Joel – what do you do with the nodes - elastic
  • Everything we do depends on the policy. The security policy is the foundation for protecting data. It is usually managed by the Security Officer. Think of it as the glue that binds distributed data protection throughout the enterprise. You can have one policy or many policies , but every policy includes the following core components:What: First you need to identify what you need to protect, i.e. credit card data, social security number and user names and passwords . This is the data element. And you can think of a data element as simply a label, such as CCN. It simply says I’m protecting credit card data.Who: This is your access control. Once you know what you want to protect, the “Who” determines who has access to the data and who doesn’t. We do this through Roles and we associate Members with Roles. We can take members from a number of sources, such as LDAP or Active Directory, a database or a flat file.When: We have a time parameter in our policy that enables us to control the day and the time of day when sensitive data can and cannot be accessed. It is completely customizable by role.Where: Where does the data exist? This is an important property that sets up apart. We need to know this to be able to deploy policy to our agent that enforces policy on the protection point. You might have many, many protection points, so we need to know where the policy needs to be deployed. It also enables us to pinpoint where unauthorized attempts at accessing sensitive data are taking place. And, when we talk about key management, we are the only platform that tracks where keys have been deployed.How: This is what everyone focuses on – how data is protected. This is another differentiator for us. We are not just a strong encryption vendor. We expanded our capabilities and we have a whole host of methods for protecting sensitive data. We do something that we call Risk Adjusted Data Protection that allows you to scale up or scale down your data protection based on the sensitivity of the data you’re trying to protect. We will discuss this later.Audit: Lastly, we have an auditing function. In the policy, the security officer sets up audit requirements that are carried out by the policy enforcement process. You can audit authorized or unauthorized users in addition to controlling operations such as insert, update and delete in a database scenario. You can make the Policy is as customized as you want it to be.This is policy based data security.
  • Joel – what do you do with the nodes - elastic
  • New york oracle users group 2013 spring general meeting ulf mattsson

    1. 1. Bridging the Gap BetweenPrivacy and Data InsightUlf MattssonCTO, Protegrityulf . mattsson [at] protegrity . com
    2. 2. 2SecurityAnalysisCustomerSupportCustomerProfilesSales &MarketingSocialMediaBusinessImprovementBigDataRegulations& Breaches IncreasedprofitsIncreasedprofitsIncreasedprofitsIncreasedprofitsIncreasedprofitsBalancing security and data insight
    3. 3. Balancing security and data insightTug of war between security and data insightBig Data is designed for access, not securityPrivacy regulations require de-identification whichcreates problems with privileged users in an accesscontrol security modelOnly way to truly protect data is to provide data-level protectionTraditional means of security don’t offer granularprotection that allows for seamless data use3
    4. 4. 41. Classify 2. Discovery 3. Protect 4. Enforce 5. MonitorFive Point Data ProtectionMethodology
    5. 5. 51ClassifyDetermine what data issensitive to your organization.
    6. 6. 1. Classify6Data is classified as sensitive and must be protectedin response to Laws and regulations such as PCIDSS, HIPAA, State Privacy Laws and others.Companies may also have Intellectual Property andother Company Secrets that must be secured againstthe competition.All companies have sensitive data about theirCustomers and about their Employees.
    7. 7. 1. Classify: Examples of Sensitive Data7Sensitive Information Compliance Regulation / LawsCredit Card Numbers PCI DSSNames HIPAA, State Privacy LawsAddress HIPAA, State Privacy LawsDates HIPAA, State Privacy LawsPhone Numbers HIPAA, State Privacy LawsPersonal ID Numbers HIPAA, State Privacy LawsPersonally owned property numbers HIPAA, State Privacy LawsPersonal Characteristics HIPAA, State Privacy LawsAsset Information HIPAA, State Privacy LawsBreach notification laws are often the catalyst for a deepaudit in companies resulting in large fines.
    8. 8. HIPAA PHI: List of 18 Identifiers1. Names2. All geographical subdivisionssmaller than a State3. All elements of dates (exceptyear) related to individual4. Phone numbers5. Fax numbers6. Electronic mail addresses7. Social Security numbers8. Medical record numbers9. Health plan beneficiarynumbers10. Account numbers811. Certificate/license numbers12. Vehicle identifiers and serialnumbers13. Device identifiers and serialnumbers14. Web Universal Resource Locators(URLs)15. Internet Protocol (IP) addressnumbers16. Biometric identifiers, includingfinger prints17. Full face photographic images18. Any other unique identifyingnumber
    9. 9. PCI DSS (Payment Card Industry Data Security Standard)Build and maintain a securenetwork.1. Install and maintain a firewall configuration to protectdata2. Do not use vendor-supplied defaults for systempasswords and other security parametersProtect cardholder data. 3. Protect stored data4. Encrypt transmission of cardholder data andsensitive information across public networksMaintain a vulnerabilitymanagement program.5. Use and regularly update anti-virus software6. Develop and maintain secure systems andapplicationsImplement strong accesscontrol measures.7. Restrict access to data by business need-to-know8. Assign a unique ID to each person with computeraccess9. Restrict physical access to cardholder dataRegularly monitor and testnetworks.10. Track and monitor all access to network resourcesand cardholder data11. Regularly test security systems and processesMaintain an informationsecurity policy.12. Maintain a policy that addresses information security9
    10. 10. 102DiscoveryDiscover where the sensitivedata is located, how itflows, who can access it, theperformance requirements andother requirements forprotection.
    11. 11. The Discovery process peers into theenterprise to find sensitive data inpreparation for delivering an optimalprotection solution.• Existing Sensitive Data• New Sensitive Data• Archived Data2. Discovery11
    12. 12. 2. Discovery in a large enterprise with many systems012SystemSystemCorporate FirewallSystemSystemSystemSystemSystem012SystemSystemSystem SystemSystemSystemFocus onsystems thatcontainsensitive data
    13. 13. 2. Discovery: Determine the context to the Business013SystemSystemCorporate FirewallSystemSystem013SystemSystemSystemRetailEmployeesCorporate IPHealthcare
    14. 14. 2. Discover: Context to the Business and to Security014Stores &EcommerceCorporate FirewallApplicationsProcessing RetailTransactionsResearchDatabasesCustomerData ProtectionSolutionRequirementsFile Servercontaining IPFile Server landingzone for store and e-commercetransactionsSensitive datain columns indatabasesSensitive datain HadoopStores ande-commercecollectingtransactions
    15. 15. 153ProtectProtect the sensitive data atrest and in transit.
    16. 16. Big Data and The Insider Threat16
    17. 17. Privacy Laws (See Appendix)54 International Privacy Laws30 United States Privacy Laws17
    18. 18. Financial Services - Gramm-Leach-Bliley Act (GLBA),Sarbanes-Oxley Act (SARBOX), USA PATRIOT ACT, PCIData Security Standard, and the Basel II Accord (EU)Healthcare and Pharmaceuticals - HIPAA (Health InsurancePortability and Accountability Act of 1996) and FDA 21 CFRPart 11Infrastructure and Energy - Guidelines for FERC and NERCCybersecurity Standards, the Chemical Sector Cyber SecurityProgram and Customs-Trade Partnership Against Terrorism(C-TPAT)Federal Government - Compliance with FISMA and relatedNSA Guidelines and NIST StandardsSelect US Regulations for Security and Privacy18
    19. 19. Oracle’s Big Data Platform019Source:
    20. 20. Software on Oracle Big Data Appliance20Source:
    21. 21. Software Layout - Oracle Big Data Appliance21Source: 04_Oracle_Big_Data_Appliance_Deep_Dive.pdf
    22. 22. Hadoop - Protection Beyond KerberosData Access FrameworkPig HiveSqoop AvroData Storage Framework(HDFS)Data Processing Framework(MapReduce)BI Applications22Volume Encryption with Policy based accesscontrol of Files and Monitoring.Field level data protection with Policy basedaccess control and Monitoring; existing andnew data.API enabled Field level data protection withPolicy based access control and Monitoring.API enabled Field level data protection withPolicy based access control and Monitoring.
    23. 23. Many Ways to Hack Big DataSource: Distributed File System)MapReduce(Job Scheduling/Execution System)Hbase (Column DB)Pig (Data Flow) Hive (SQL) SqoopETL Tools BI Reporting RDBMSAvro(Serialization)Zookeeper(Coordination)HackersPrivilegedUsersUnvettedApplicationsOrAd HocProcesses
    24. 24. Table scansEncryption• Data Size• Data type• Performance (SLA)AnalyticsInter-node data movementWhat’s the Problem with Securing Data?24
    25. 25. Reduction of Pain with New Protection Techniques251970 2000 2005 2010HighLowPain& TCOStrong EncryptionAES, 3DESFormat Preserving EncryptionDTP, FPEVault-based TokenizationVaultless TokenizationInput Value: 3872 3789 1620 3675!@#$%a^.,mhu7///&*B()_+!@8278 2789 2990 27898278 2789 2990 2789Format PreservingGreatly reduced KeyManagementNo Vault8278 2789 2990 2789
    26. 26. Protection Granularity: Field Protection26Production SystemsNon-Production SystemsEncryption• Reversible• Policy Control (authorized / Unauthorized Access)• Lacks Integration Transparency• Complex Key Management• ExampleMasking• Not reversible• No Policy, Everyone can access the data• Integrates Transparently• No Complex Key Management• Example 0389 3778 3652 0038Vaultless Tokenization / Pseudonymization• Reversible• Policy Control (Authorized / Unauthorized Access)• Not Reversible• Integrates Transparently• No Complex Key Management• Business Intelligence Credit Card: 0389 3778 3652 0038!@#$%a^.,mhu7///&*B()_+!@
    27. 27. Research Brief“Tokenization Gets Traction”Aberdeen has seen a steady increase in enterpriseuse of tokenization for protecting sensitive data overencryptionNearly half of the respondents (47%) are currentlyusing tokenization for something other than cardholderdataOver the last 12 months, tokenization users had 50%fewer security-related incidents than tokenization non-users28 Author: Derek Brink, VP and Research Fellow, IT Security and IT GRC
    28. 28. Enterprise Flexibility in Token Format ControlsType of Data Input Token CommentCredit Card 3872 3789 1620 3675 8278 2789 2990 2789 NumericCredit Card 3872 3789 1620 3675 3872 3789 2990 3675 Numeric, First 6, Last 4 digits exposedCredit Card 3872 3789 1620 3675 3872 qN4e 5yPx 3675 Alpha-Numeric, Digits exposedAccount Num 29M2009ID 497HF390D Alpha-NumericDate 10/30/1955 12/25/2034 Date - multiple date formatsE-mail Address empo.snaugs@svtiensnni.snkAlpha Numeric, delimiters in inputpreservedSSN 075672278 or 075-67-2278 287382567 or 287-38-2567 Numeric, delimiters in inputBinary 0x010203 0x123296910112Decimal 123.45 9842.56 Non length preservingAlphanumericIndicator5105 1051 0510 5100 8278 2789 299A 2781 Position to place alpha is configurableInvalid Luhn 5105 1051 0510 5100 8278 2789 2990 2782 Luhn check will failMulti-MerchantorMulti-Client ID3872 3789 1620 3675ID 1: 8278 2789 2990 2789ID 2: 9302 8999 2662 6345This supports delivery of a differenttoken to different merchant or clientsbased on the same credit card number.29
    29. 29. Protection Beyond KerberosData Access FrameworkPig HiveSqoop AvroData Storage Framework(HDFS)Data Processing Framework(MapReduce)BI Applications30Volume Encryption with Policy based accesscontrol of Files and Monitoring.Field level data protection with Policy basedaccess control and Monitoring; existing andnew data.API enabled Field level data protection withPolicy based access control and Monitoring.API enabled Field level data protection withPolicy based access control and Monitoring.
    30. 30. Volume Encryption31HDFSMapReduceProtected withVolume EncryptionEntire file is in theclear when analyzed
    31. 31. Volume Encryption + Gateway Field Protection32HDFSMapReduceKerberosAccess ControlGranular FieldLevel ProtectionProtected withVolume EncryptionData Protection FileGateway
    32. 32. Volume Encryption + Internal MapReduce Field Protection33HDFSMapReduceKerberosAccess ControlGranular FieldLevel ProtectionProtected withVolume EncryptionHadoopStagingMapReduce
    33. 33. 344EnforcePolicies are used to enforcerules about how sensitive datashould be treated in theenterprise.
    34. 34. 4. Enforce35The goal of policy enforcement is to;1. Hide sensitive data from un-authorized usersbut disclose sensitive data to authorizedusers.2. Deliver the minimum information to anindividual or a process who needs theinformation to accomplish a task. LeastPrivilege by NIST.3. Collect information about who is attempting toaccess sensitive data – both authorized andunauthorized.
    35. 35. A Data Security Policy36What is the sensitive data that needs to be protected. DataElement.How you want to protect and present sensitive data. There areseveral methods for protecting sensitive data.Encryption, tokenization, monitoring, etc.Who should have access to sensitive data and who should not.Security access control. Roles & Members.When should sensitive data access be granted to those whohave access. Day of week, time of day.Where is the sensitive data stored? This will be where the policyis enforced. At the protector.Audit authorized or un-authorized access to sensitive data.Optional audit of protect/unprotect.WhatWhoWhenWhereHowAudit
    36. 36. 4. EnforceEnterprise DataWarehouseBig Data Clusters37PrivilegedUsersCorporate FirewallAccess ControlExternal User& ProcessesBusinessApplicationUsersBad GuysData Protection Policy
    37. 37. Volume Encryption + Field Protection + Policy Enforcement38HDFSProtected withVolume EncryptionMapReduceData Protection Policy
    38. 38. 4. Authorized User Example39Presentation to requestorName: Joe SmithAddress: 100 Main Street, Pleasantville, CAProtection at restName: csu wusojAddress: 476 srta coetse, cysieondusbak, CAData Scientist,Business AnalystPolicyEnforcementDoes the requestor have the authority toaccess the protected data?AuthorizedRequestResponse
    39. 39. 4. Un-Authorized User Example40RequestResponsePresentation to requestorName: csu wusojAddress: 476 srta coetse, cysieondusbak, CAProtection at restName: csu wusojAddress: 476 srta coetse, cysieondusbak, CAPrivilegedUsed, DBA, System AdministratorsPolicyEnforcementDoes the requestor have the authority toaccess the protected data?NotAuthorized
    40. 40. 415MonitorA critically important part of asecurity solution is the ongoingmonitoring of any activity onsensitive data.
    41. 41. 5. Monitor42Policy enforcement collects information in theform of audit logs about any activity on sensitivedata.Monitoring enables security personnel to gaininsights on what’s going on with your sensitivedata.It enables the understanding of what’s normaland what’s not normal activity on sensitive data.
    42. 42. De-Identified Sensitive DataField Real Data Tokenized / PseudonymizedName Joe Smith csu wusojAddress 100 Main Street, Pleasantville, CA 476 srta coetse, cysieondusbak, CADate of Birth 12/25/1966 01/02/1966Telephone 760-278-3389 760-389-2289E-Mail Address eoe.nwuer@beusorpdqo.orgSSN 076-39-2778 076-28-3390CC Number 3678 2289 3907 3378 3846 2290 3371 3378Business URL www.sheyinctao.comFingerprint EncryptedPhoto EncryptedX-Ray EncryptedHealthcareData – PrimaryCare DataDr. visits, prescriptions, hospital staysand discharges, clinical, billing, etc.Protection methods can be equallyapplied to the actual healthcare data, butnot needed with de-identification43
    43. 43. Best Practices for Protecting Big DataStart Early – Don’ wait until you have terabytes of sensitive data inHadoop before starting your Big Data protection program.Granular protection in addition to access control and volumeprotection.Future proof your protection. Select the optimal protection fortoday and for the future.Enterprise coverage to ensure nothing is left vulnerable.Protection against insider threat is more important today thanever before. Can only achieve this through granular data protectiontechniques.You can protect highly sensitive data while in a way that is mostlytransparent to the analysis process.Policy based protection provides a shield to your sensitive datawhile recording all events on that data.44
    44. 44. Proven enterprise data security softwareand innovation leader• Sole focus on the protection of dataGrowth driven by risk managementand compliance• PCI (Payment Card Industry)• PII (Personally Identifiable Information)• PHI (Protected Health Information) – HIPAA• State and Foreign Privacy Laws, BreachNotification LawsSuccessful across many key industriesIntroduction to Protegrity45
    45. 45. How Protegrity Can Help4612345We can help you Classify the sensitive data that needs to besecured in your enterprise.We can help you Discover where the sensitive data sits inyour environment and design the optimal security solution.We can help you Protect your sensitive data with a flexible setof protectors and protection methods.We can help you Enforce policies that will enable businessfunctions while preventing sensitive data from getting in the wronghands.We can help you Monitor activity on sensitive data to gain insightson abnormal behaviors.
    46. 46. Please contact me for more informationUlf . Mattsson [at] protegrity .