SlideShare une entreprise Scribd logo

Five steps to secure big data

Ulf Mattsson
Ulf Mattsson

database, security, big data, tokenization

Technologie
1  sur  52
Télécharger pour lire hors ligne
Five Steps to Secure Big Data Ulf Mattsson, CTO Protegrity ulf.mattsson AT protegrity.com
Ulf Mattsson, CTO Protegrity 20 years with IBM • Research & Development & Global Services Inventor • Encryption, Tokenization & Intrusion Prevention Involvement • PCI Security Standards Council (PCI SSC) • American National Standards Institute (ANSI) X9 • Encryption & Tokenization • International Federation for Information Processing • IFIP WG 11.3 Data and Application Security • ISACA New York Metro chapter 2
Big Data
What is Big Data? Hadoop • Designed to handle the emerging “4 V’s” • Massively Parallel Processing (MPP) • Elastic scale • Usually Read-Only • Allows for data insights on massive, heterogeneous data sets • Includes an ecosystem of components: Hive Pig Other Application Layers MapReduce HDFS Storage Layers Physical Storage 4
Has Your Organization Already Invested in Big Data? Source: Gartner 5
http://www.ey.com/Publication/vwLUAssets/EY_-_2013_Global_Information_Security_Survey/$FILE/EY-GISS-Under-cyber-attack.pdf 6
Holes in Big Data… Source: Gartner 7
Many Ways to Hack Big Data BI Reporting RDBMS Hackers Pig (Data Flow) Hive (SQL) Sqoop Unvetted Applications Or Ad Hoc Processes MapReduce (Job Scheduling/Execution System) Hbase (Column DB) HDFS (Hadoop Distributed File System) Source: http://nosql.mypopescu.com/post/1473423255/apache-hadoop-and-hbase 8 Avro (Serialization) Zookeeper (Coordination) ETL Tools Privileged Users
Current Data Security for Big data Authentication • Who am I and how do I prove it? • Ensure the identity of the users, services and hosts that make up and use the system is authoritatively known Authorization • What am I allowed to see and do? • Ensure services and data are accessed only by entitled identities Data Protection • How is my Data being Protected? • Ensure data cannot be usefully stolen or undetectably tampered with Auditing • What have I attempted to do or done? • Ensure a permanent record of who did what, when
Data Security 10 Taking Data Security to the Next Level
Achieving Best Data Security for Big Data Massively Scalable Data Security Maximum Transparency Maximum Performance Easy to Use Heterogeneous System Compatibility Enterprise Ready
Many Layers of Defense Corporate Enterprise Kerberos Authentication Encrypted Communications Big Data Corporate Firewall Authorization through ACLs Fine Grained Big Data Cluster 8 Data Security Policy Protegrity Coarse Grained
Protecting the Big Data Ecosystem BI Applications BI Applications are authorized to access sensitive data through the policy. Data Access Framework Pig Hive Data Processing Framework (MapReduce) Data Storage Framework (HDFS) User Defined Functions (UDFs) enable Field Level data protection with Policy based access controls with Monitoring. Java API enables Field Level data protection with Policy based access controls with Monitoring. File level data protection with Policy based access controls for existing and new data. Volume or File Encryption with Policy based access controls at the OS file system level.
Coarse Grained 14 Policy Based File and Disk Encryption
File Based Encryption Example Files with personal identifiable information Stored in Hadoop cluster Root user logged-in to one of the nodes Search for sensitive information on disk
Fine Grained 16 Policy Based Field Level Data Protection
Fine Grained Protection: Field Protection Production Systems Encryption • Reversible • Policy Control (Authorized / Unauthorized Access) • Lacks Integration Transparency • Complex Key Management • Example !@#$%a^.,mhu7///&*B()_+!@ Tokenization / Pseudonymization • Reversible • Policy Control (Authorized / Unauthorized Access) • Integrates Transparently • No Complex Key Management • Business Intelligence Credit Card: 0389 3778 3652 0038 Non-Production Systems 17 Masking • Not reversible • No Policy, Everyone Can Access the Data • Integrates Transparently • No Complex Key Management • Example 0389 3778 3652 0038
Field Level Protection Example Files with personal identifiable information Loaded in to a Hive table Select data from that table Root user logged-in to one of the nodes Search for sensitive information on disk
Security Policy 19 Take Control Of Data Security
Policy Based Access Control Combination of what data needs to be protected and who has access to that data is the key to creating a meaningful policy 20 What Who What is the sensitive data that needs to be protected. Data Element. Who should have access to sensitive data and who should not. Security access control. Roles & Members.
Protegrity Data Security Policy What What is the sensitive data that needs to be protected. Data Element. How How you want to protect and present sensitive data. There are several methods for protecting sensitive data. Encryption, tokenization, monitoring, etc. Who Who should have access to sensitive data and who should not. Security access control. Roles & Members. When When should sensitive data access be granted to those who have access. Day of week, time of day. Where Where is the sensitive data stored? This will be where the policy is enforced. At the protector. Audit Audit authorized or un-authorized access to sensitive data. Optional audit of protect/unprotect.
Policy Based Filed Protection Example Files with personal identifiable information Loaded in to a Hive table Create a view on that table Select data as authorized user Select data as privileged user
Enterprise Strength Enterprise 23 Protection platforms must protect sensitive data end to end – at rest, in transit and on any technology platform
End to End Data Security Across the Enterprise Enterprise Heterogeneous Coverage • File Protectors: AIX, HPUX, Linux, Solaris, Windows • Database Protectors : DB2, SQL Server, Oracle, Teradata, Informix, Netezza, Greenplum • Big Data Protectors: BigInsights, Cloudera, Greenplum, mapR, Aster, Apache Hadoop, Hortonworks • Big Iron Platform: zSeries, HP Non-Stop 24
Best Practices for Protecting Big Data Start Early Fine Grained protection Select the optimal protection for the future Enterprise coverage Protection against insider threat Transparent protection to the analysis process Policy based protection and audit 25
Five Point Data Protection Methodology 1. Classify 26 2. Discovery 3. Protect 4. Enforce 5. Monitor
Classify Determine what data is sensitive to your organization. 27
Select US Regulations for Security and Privacy Financial Services Healthcare and Pharmaceuticals Infrastructure and Energy Federal Government 28
1. Classify: Examples of Sensitive Data Sensitive Information Credit Card Numbers PCI DSS Names HIPAA, State Privacy Laws Address HIPAA, State Privacy Laws Dates HIPAA, State Privacy Laws Phone Numbers HIPAA, State Privacy Laws Personal ID Numbers HIPAA, State Privacy Laws Personally owned property numbers HIPAA, State Privacy Laws Personal Characteristics HIPAA, State Privacy Laws Asset Information 29 Compliance Regulation / Laws HIPAA, State Privacy Laws
Discovery Discover where the sensitive data is located and how it flows 30
2. Discovery in a large enterprise with many systems System System System System System System System System System System System System Corporate Firewall System 031
2. Discovery: Determine the context to the Business System Retail System System Employees System System Corporate IP System Healthcare Corporate Firewall System 032 032
2. Discover: Context to the Business and to Security Collecting transactions Stores & Ecommerce Databases Data Protection Solution Requirements File Server Hadoop Applications File Server containing IP Corporate Firewall Research Databases 033
Protect Protect the sensitive data at rest and in transit. 34
Balancing Security and Data Insight Tug of war between security and data insight Big Data is designed for access Privacy regulations require de-identification Granular data-level protection Traditional security don’t allow for seamless data use 35
Protection Beyond Kerberos ETL Tools BI Reporting RDBMS Pig (Data Flow) Hive (SQL) Sqoop MapReduce (Job Scheduling/Execution System) API enabled Field level data protection API enabled Field level data protection Hbase (Column DB) HDFS Field level data protection for existing and new data. (Hadoop Distributed File System) Volume Encryption 36
Volume Encryption Entire file is in the clear when analyzed MapReduce HDFS Protected with Volume Encryption 37
File Encryption – Authorized User Entire file is in the clear when analyzed MapReduce HDFS Protected with File Encryption 38
File Encryption – Non Authorized User Entire file is in unreadable when analyzed MapReduce HDFS Protected with File Encryption 39
Volume Encryption + Gateway Field Protection Granular Field Level Protection MapReduce HDFS Data Protection File Gateway 40 Kerberos Access Control Protected with Volume Encryption
Volume Encryption + Internal MapReduce Field Protection Analytics Granular Field Level Protection MapReduce Hadoop Staging HDFS MapReduce 41 Kerberos Access Control Protected with Volume Encryption
Enforce Policies are used to enforce rules about how sensitive data should be treated in the enterprise. 42
A Data Security Policy What What is the sensitive data that needs to be protected. Data Element. How How you want to protect and present sensitive data. There are several methods for protecting sensitive data. Encryption, tokenization, monitoring, etc. Who Who should have access to sensitive data and who should not. Security access control. Roles & Members. When Where Where is the sensitive data stored? This will be where the policy is enforced. At the protector. Audit 43 When should sensitive data access be granted to those who have access. Day of week, time of day. Audit authorized or un-authorized access to sensitive data. Optional audit of protect/unprotect.
Volume Encryption + Field Protection + Policy Enforcement MapReduce HDFS Protected with Volume Encryption Data Protection Policy 44
Volume Encryption + Field Protection + Policy Enforcement MapReduce HDFS Protected with Volume Encryption Data Protection Policy 45
4. Authorized User Example Presentation to requestor Name: Joe Smith Address: 100 Main Street, Pleasantville, CA Data Scientist, Business Analyst Selected data displayed (least privilege) Response Request Policy Enforcement Authorized Does the requestor have the authority to access the protected data? Protection at rest Name: csu wusoj Address: 476 srta coetse, cysieondusbak, CA 46
4. Un-Authorized User Example Presentation to requestor Name: csu wusoj Address: 476 srta coetse, cysieondusbak, CA Privileged Used, DBA, System Administrators, Bad Guy Response Request Policy Enforcement Not Authorized Does the requestor have the authority to access the protected data? Protection at rest Name: csu wusoj Address: 476 srta coetse, cysieondusbak, CA 47
Monitor A critically important part of a security solution is the ongoing monitoring of any activity on sensitive data. 48
Best Practices for Protecting Big Data Start early Granular protection Select the optimal protection Enterprise coverage Protection against insider threat Protect highly sensitive data in a way that is mostly transparent to the analysis process Policy based protection Record data access events 49
How Protegrity Can Help 1 2 We can help you Discover where the sensitive data sits 3 We can help you Protect your sensitive data in a flexible way 4 We can help you Enforce policies that will enable business functions and preventing sensitive data from the wrong hands. 5 50 We can help you Classify the sensitive data We can help you Monitor sensitive data to gain insights on abnormal behaviors.
Protegrity Summary Proven enterprise data security software and innovation leader • Sole focus on the protection of data • Patented Technology, Continuing to Drive Innovation Cross-industry applicability • • Financial Services, Insurance, Banking • Healthcare • Telecommunications, Media and Entertainment • 51 Retail, Hospitality, Travel and Transportation Manufacturing and Government
Please contact us for more information Ulf.Mattsson@protegrity.com Info@protegrity.com

Recommandé

Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Ulf Mattsson
 
Securing data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYCSecuring data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYCUlf Mattsson
 
GDPR/CCPA Compliance and Data Governance in Hadoop
GDPR/CCPA Compliance and Data Governance in HadoopGDPR/CCPA Compliance and Data Governance in Hadoop
GDPR/CCPA Compliance and Data Governance in HadoopEyad Garelnabi
 
BigData and Privacy webinar at Brighttalk
BigData and Privacy webinar at BrighttalkBigData and Privacy webinar at Brighttalk
BigData and Privacy webinar at BrighttalkUlf Mattsson
 
Bloombase storage-protection-entrust-hsm-sb
Bloombase storage-protection-entrust-hsm-sbBloombase storage-protection-entrust-hsm-sb
Bloombase storage-protection-entrust-hsm-sbBloombase
 
Microsoft - Policing, Justice and the Law Enforcement Directive & GDPR
Microsoft - Policing, Justice and the Law Enforcement Directive & GDPRMicrosoft - Policing, Justice and the Law Enforcement Directive & GDPR
Microsoft - Policing, Justice and the Law Enforcement Directive & GDPRtechUK
 
iaetsd Using encryption to increase the security of network storage
iaetsd Using encryption to increase the security of network storageiaetsd Using encryption to increase the security of network storage
iaetsd Using encryption to increase the security of network storageIaetsd Iaetsd
 
Bio-Cryptography Based Secured Data Replication Management in Cloud Storage
Bio-Cryptography Based Secured Data Replication Management in Cloud StorageBio-Cryptography Based Secured Data Replication Management in Cloud Storage
Bio-Cryptography Based Secured Data Replication Management in Cloud StorageIJERA Editor
 

Recommandé

Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Ulf Mattsson
 
Securing data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYCSecuring data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYCUlf Mattsson
 
GDPR/CCPA Compliance and Data Governance in Hadoop
GDPR/CCPA Compliance and Data Governance in HadoopGDPR/CCPA Compliance and Data Governance in Hadoop
GDPR/CCPA Compliance and Data Governance in HadoopEyad Garelnabi
 
BigData and Privacy webinar at Brighttalk
BigData and Privacy webinar at BrighttalkBigData and Privacy webinar at Brighttalk
BigData and Privacy webinar at BrighttalkUlf Mattsson
 
Bloombase storage-protection-entrust-hsm-sb
Bloombase storage-protection-entrust-hsm-sbBloombase storage-protection-entrust-hsm-sb
Bloombase storage-protection-entrust-hsm-sbBloombase
 
Microsoft - Policing, Justice and the Law Enforcement Directive & GDPR
Microsoft - Policing, Justice and the Law Enforcement Directive & GDPRMicrosoft - Policing, Justice and the Law Enforcement Directive & GDPR
Microsoft - Policing, Justice and the Law Enforcement Directive & GDPRtechUK
 
iaetsd Using encryption to increase the security of network storage
iaetsd Using encryption to increase the security of network storageiaetsd Using encryption to increase the security of network storage
iaetsd Using encryption to increase the security of network storageIaetsd Iaetsd
 
Bio-Cryptography Based Secured Data Replication Management in Cloud Storage
Bio-Cryptography Based Secured Data Replication Management in Cloud StorageBio-Cryptography Based Secured Data Replication Management in Cloud Storage
Bio-Cryptography Based Secured Data Replication Management in Cloud StorageIJERA Editor
 
Current trends in data security nursing research ppt
Current trends in data security nursing research pptCurrent trends in data security nursing research ppt
Current trends in data security nursing research pptNursing Path
 
Building the Governance Ready Enterprise for GDPR Compliance December 2017
Building the Governance Ready Enterprise for GDPR Compliance December 2017Building the Governance Ready Enterprise for GDPR Compliance December 2017
Building the Governance Ready Enterprise for GDPR Compliance December 2017Index Engines Inc.
 
Multi-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionMulti-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionCSCJournals
 
Building the Governance Ready Enterprise for GDPR Compliance
Building the Governance Ready Enterprise for GDPR ComplianceBuilding the Governance Ready Enterprise for GDPR Compliance
Building the Governance Ready Enterprise for GDPR ComplianceIndex Engines Inc.
 
Webinar: Practical Technology Playbook for the GDPR
Webinar: Practical Technology Playbook for the GDPRWebinar: Practical Technology Playbook for the GDPR
Webinar: Practical Technology Playbook for the GDPRIndex Engines Inc.
 
FinalCode-At-A-Glance-Webcopy-Optimized
FinalCode-At-A-Glance-Webcopy-OptimizedFinalCode-At-A-Glance-Webcopy-Optimized
FinalCode-At-A-Glance-Webcopy-OptimizedPhillip Stalnaker
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protectionUlf Mattsson
 
TP564_DriveTrust_Oct06
TP564_DriveTrust_Oct06TP564_DriveTrust_Oct06
TP564_DriveTrust_Oct06Tyson Supasatit
 
NEMZOW PATENT PORTFOLIO
NEMZOW PATENT PORTFOLIONEMZOW PATENT PORTFOLIO
NEMZOW PATENT PORTFOLIOMartin Nemzow
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsLindaWatson19
 
Encryption 2021
Encryption 2021Encryption 2021
Encryption 2021JoeOrlando16
 
Privacy Preserving Data Analytics using Cryptographic Technique for Large Dat...
Privacy Preserving Data Analytics using Cryptographic Technique for Large Dat...Privacy Preserving Data Analytics using Cryptographic Technique for Large Dat...
Privacy Preserving Data Analytics using Cryptographic Technique for Large Dat...IRJET Journal
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonUlf Mattsson
 
Information Security in Big Data : Privacy and Data Mining
Information Security in Big Data : Privacy and Data MiningInformation Security in Big Data : Privacy and Data Mining
Information Security in Big Data : Privacy and Data Miningwanani181
 
Network security
Network securityNetwork security
Network securityRavikumar Natarajan
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Ulf Mattsson
 
Privacy Preserving DB Systems
Privacy Preserving DB SystemsPrivacy Preserving DB Systems
Privacy Preserving DB SystemsAshraf Bashir
 
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...BigDataEverywhere
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet
 
BigDataRevealed SecureSequesterEncrypt - iot easy as 1-2-3 - catalog-metadata...
BigDataRevealed SecureSequesterEncrypt - iot easy as 1-2-3 - catalog-metadata...BigDataRevealed SecureSequesterEncrypt - iot easy as 1-2-3 - catalog-metadata...
BigDataRevealed SecureSequesterEncrypt - iot easy as 1-2-3 - catalog-metadata...Steven Meister
 
Why Hacking into Your Company is so Easy
Why Hacking into Your Company is so EasyWhy Hacking into Your Company is so Easy
Why Hacking into Your Company is so EasyProtegrity
 
Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...
Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...
Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...Hortonworks
 

Contenu connexe

Tendances

Current trends in data security nursing research ppt
Current trends in data security nursing research pptCurrent trends in data security nursing research ppt
Current trends in data security nursing research pptNursing Path
 
Building the Governance Ready Enterprise for GDPR Compliance December 2017
Building the Governance Ready Enterprise for GDPR Compliance December 2017Building the Governance Ready Enterprise for GDPR Compliance December 2017
Building the Governance Ready Enterprise for GDPR Compliance December 2017Index Engines Inc.
 
Multi-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionMulti-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionCSCJournals
 
Building the Governance Ready Enterprise for GDPR Compliance
Building the Governance Ready Enterprise for GDPR ComplianceBuilding the Governance Ready Enterprise for GDPR Compliance
Building the Governance Ready Enterprise for GDPR ComplianceIndex Engines Inc.
 
Webinar: Practical Technology Playbook for the GDPR
Webinar: Practical Technology Playbook for the GDPRWebinar: Practical Technology Playbook for the GDPR
Webinar: Practical Technology Playbook for the GDPRIndex Engines Inc.
 
FinalCode-At-A-Glance-Webcopy-Optimized
FinalCode-At-A-Glance-Webcopy-OptimizedFinalCode-At-A-Glance-Webcopy-Optimized
FinalCode-At-A-Glance-Webcopy-OptimizedPhillip Stalnaker
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protectionUlf Mattsson
 
NEMZOW PATENT PORTFOLIO
NEMZOW PATENT PORTFOLIONEMZOW PATENT PORTFOLIO
NEMZOW PATENT PORTFOLIOMartin Nemzow
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsLindaWatson19
 
Privacy Preserving Data Analytics using Cryptographic Technique for Large Dat...
Privacy Preserving Data Analytics using Cryptographic Technique for Large Dat...Privacy Preserving Data Analytics using Cryptographic Technique for Large Dat...
Privacy Preserving Data Analytics using Cryptographic Technique for Large Dat...IRJET Journal
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonUlf Mattsson
 
Information Security in Big Data : Privacy and Data Mining
Information Security in Big Data : Privacy and Data MiningInformation Security in Big Data : Privacy and Data Mining
Information Security in Big Data : Privacy and Data Miningwanani181
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Ulf Mattsson
 
Privacy Preserving DB Systems
Privacy Preserving DB SystemsPrivacy Preserving DB Systems
Privacy Preserving DB SystemsAshraf Bashir
 
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...BigDataEverywhere
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet
 
BigDataRevealed SecureSequesterEncrypt - iot easy as 1-2-3 - catalog-metadata...
BigDataRevealed SecureSequesterEncrypt - iot easy as 1-2-3 - catalog-metadata...BigDataRevealed SecureSequesterEncrypt - iot easy as 1-2-3 - catalog-metadata...
BigDataRevealed SecureSequesterEncrypt - iot easy as 1-2-3 - catalog-metadata...Steven Meister
 

Tendances (20)

Current trends in data security nursing research ppt
Current trends in data security nursing research pptCurrent trends in data security nursing research ppt
Current trends in data security nursing research ppt
 
Building the Governance Ready Enterprise for GDPR Compliance December 2017
Building the Governance Ready Enterprise for GDPR Compliance December 2017Building the Governance Ready Enterprise for GDPR Compliance December 2017
Building the Governance Ready Enterprise for GDPR Compliance December 2017
 
Multi-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionMulti-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data Encryption
 
Building the Governance Ready Enterprise for GDPR Compliance
Building the Governance Ready Enterprise for GDPR ComplianceBuilding the Governance Ready Enterprise for GDPR Compliance
Building the Governance Ready Enterprise for GDPR Compliance
 
Webinar: Practical Technology Playbook for the GDPR
Webinar: Practical Technology Playbook for the GDPRWebinar: Practical Technology Playbook for the GDPR
Webinar: Practical Technology Playbook for the GDPR
 
FinalCode-At-A-Glance-Webcopy-Optimized
FinalCode-At-A-Glance-Webcopy-OptimizedFinalCode-At-A-Glance-Webcopy-Optimized
FinalCode-At-A-Glance-Webcopy-Optimized
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protection
 
TP564_DriveTrust_Oct06
TP564_DriveTrust_Oct06TP564_DriveTrust_Oct06
TP564_DriveTrust_Oct06
 
NEMZOW PATENT PORTFOLIO
NEMZOW PATENT PORTFOLIONEMZOW PATENT PORTFOLIO
NEMZOW PATENT PORTFOLIO
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production Environments
 
Encryption 2021
Encryption 2021Encryption 2021
Encryption 2021
 
Privacy Preserving Data Analytics using Cryptographic Technique for Large Dat...
Privacy Preserving Data Analytics using Cryptographic Technique for Large Dat...Privacy Preserving Data Analytics using Cryptographic Technique for Large Dat...
Privacy Preserving Data Analytics using Cryptographic Technique for Large Dat...
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf Mattsson
 
Information Security in Big Data : Privacy and Data Mining
Information Security in Big Data : Privacy and Data MiningInformation Security in Big Data : Privacy and Data Mining
Information Security in Big Data : Privacy and Data Mining
 
Network security
Network securityNetwork security
Network security
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...
 
Privacy Preserving DB Systems
Privacy Preserving DB SystemsPrivacy Preserving DB Systems
Privacy Preserving DB Systems
 
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server Encryption
 
BigDataRevealed SecureSequesterEncrypt - iot easy as 1-2-3 - catalog-metadata...
BigDataRevealed SecureSequesterEncrypt - iot easy as 1-2-3 - catalog-metadata...BigDataRevealed SecureSequesterEncrypt - iot easy as 1-2-3 - catalog-metadata...
BigDataRevealed SecureSequesterEncrypt - iot easy as 1-2-3 - catalog-metadata...
 

En vedette

Why Hacking into Your Company is so Easy
Why Hacking into Your Company is so EasyWhy Hacking into Your Company is so Easy
Why Hacking into Your Company is so EasyProtegrity
 
Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...
Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...
Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...Hortonworks
 
Practical advice for cloud data protection ulf mattsson - jun 2014
Practical advice for cloud data protection ulf mattsson - jun 2014Practical advice for cloud data protection ulf mattsson - jun 2014
Practical advice for cloud data protection ulf mattsson - jun 2014Ulf Mattsson
 
How to evaluate data protection technologies - Mastercard conference
How to evaluate data protection technologies - Mastercard conferenceHow to evaluate data protection technologies - Mastercard conference
How to evaluate data protection technologies - Mastercard conferenceUlf Mattsson
 
20160628 Tania Martin Data Protection
20160628 Tania Martin Data Protection20160628 Tania Martin Data Protection
20160628 Tania Martin Data ProtectionSmals
 
Choosing the Right Data Security Solution
Choosing the Right Data Security SolutionChoosing the Right Data Security Solution
Choosing the Right Data Security SolutionProtegrity
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachUlf Mattsson
 

En vedette (7)

Why Hacking into Your Company is so Easy
Why Hacking into Your Company is so EasyWhy Hacking into Your Company is so Easy
Why Hacking into Your Company is so Easy
 
Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...
Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...
Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...
 
Practical advice for cloud data protection ulf mattsson - jun 2014
Practical advice for cloud data protection ulf mattsson - jun 2014Practical advice for cloud data protection ulf mattsson - jun 2014
Practical advice for cloud data protection ulf mattsson - jun 2014
 
How to evaluate data protection technologies - Mastercard conference
How to evaluate data protection technologies - Mastercard conferenceHow to evaluate data protection technologies - Mastercard conference
How to evaluate data protection technologies - Mastercard conference
 
20160628 Tania Martin Data Protection
20160628 Tania Martin Data Protection20160628 Tania Martin Data Protection
20160628 Tania Martin Data Protection
 
Choosing the Right Data Security Solution
Choosing the Right Data Security SolutionChoosing the Right Data Security Solution
Choosing the Right Data Security Solution
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breach
 

Similaire à Five steps to secure big data

Combat Cyber Threats with Cloudera Impala & Apache Hadoop
Combat Cyber Threats with Cloudera Impala & Apache HadoopCombat Cyber Threats with Cloudera Impala & Apache Hadoop
Combat Cyber Threats with Cloudera Impala & Apache HadoopCloudera, Inc.
 
BigData Security - A Point of View
BigData Security - A Point of ViewBigData Security - A Point of View
BigData Security - A Point of ViewKaran Alang
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...MongoDB
 
The past, present, and future of big data security
The past, present, and future of big data securityThe past, present, and future of big data security
The past, present, and future of big data securityUlf Mattsson
 
Ds 354-a hitachi-datasheet-hcp-and-bloombase-storesafe
Ds 354-a hitachi-datasheet-hcp-and-bloombase-storesafeDs 354-a hitachi-datasheet-hcp-and-bloombase-storesafe
Ds 354-a hitachi-datasheet-hcp-and-bloombase-storesafeBloombase
 
Hitachi datasheet-hcp-and-bloombase-storesafe
Hitachi datasheet-hcp-and-bloombase-storesafeHitachi datasheet-hcp-and-bloombase-storesafe
Hitachi datasheet-hcp-and-bloombase-storesafeBloombase
 
Solving the Really Big Tech Problems with IoT
Solving the Really Big Tech Problems with IoT Solving the Really Big Tech Problems with IoT
Solving the Really Big Tech Problems with IoTEric Kavanagh
 
Fighting cyber fraud with hadoop
Fighting cyber fraud with hadoopFighting cyber fraud with hadoop
Fighting cyber fraud with hadoopNiel Dunnage
 
Storage Made Easy - File Fabric Use Cases
Storage Made Easy - File Fabric Use CasesStorage Made Easy - File Fabric Use Cases
Storage Made Easy - File Fabric Use CasesHybrid Cloud
 
IRJET- Secured Hadoop Environment
IRJET- Secured Hadoop EnvironmentIRJET- Secured Hadoop Environment
IRJET- Secured Hadoop EnvironmentIRJET Journal
 
Hadoop Security Features That make your risk officer happy
Hadoop Security Features That make your risk officer happyHadoop Security Features That make your risk officer happy
Hadoop Security Features That make your risk officer happyDataWorks Summit
 
Hadoop Security Features that make your risk officer happy
Hadoop Security Features that make your risk officer happyHadoop Security Features that make your risk officer happy
Hadoop Security Features that make your risk officer happyAnurag Shrivastava
 
Isaca journal - bridging the gap between access and security in big data...
Isaca journal - bridging the gap between access and security in big data...Isaca journal - bridging the gap between access and security in big data...
Isaca journal - bridging the gap between access and security in big data...Ulf Mattsson
 
big data and hadoop
big data and hadoop big data and hadoop
big data and hadoopahmed alshikh
 
Voltage Security, Protecting Sensitive Data in Hadoop
Voltage Security, Protecting Sensitive Data in HadoopVoltage Security, Protecting Sensitive Data in Hadoop
Voltage Security, Protecting Sensitive Data in HadoopHPE Security - Data Security
 
Security Threats to Hadoop: Data Leakage Attacks and Investigation
Security Threats to Hadoop: Data Leakage Attacks and Investigation Security Threats to Hadoop: Data Leakage Attacks and Investigation
Security Threats to Hadoop: Data Leakage Attacks and Investigation Kiran Gajbhiye
 
Analytics with unified file and object
Analytics with unified file and object Analytics with unified file and object
Analytics with unified file and object Sandeep Patil
 
Automatic Detection, Classification and Authorization of Sensitive Personal D...
Automatic Detection, Classification and Authorization of Sensitive Personal D...Automatic Detection, Classification and Authorization of Sensitive Personal D...
Automatic Detection, Classification and Authorization of Sensitive Personal D...DataWorks Summit/Hadoop Summit
 

Similaire à Five steps to secure big data (20)

Combat Cyber Threats with Cloudera Impala & Apache Hadoop
Combat Cyber Threats with Cloudera Impala & Apache HadoopCombat Cyber Threats with Cloudera Impala & Apache Hadoop
Combat Cyber Threats with Cloudera Impala & Apache Hadoop
 
BigData Security - A Point of View
BigData Security - A Point of ViewBigData Security - A Point of View
BigData Security - A Point of View
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...
 
Security for Big Data
Security for Big DataSecurity for Big Data
Security for Big Data
 
The past, present, and future of big data security
The past, present, and future of big data securityThe past, present, and future of big data security
The past, present, and future of big data security
 
Ds 354-a hitachi-datasheet-hcp-and-bloombase-storesafe
Ds 354-a hitachi-datasheet-hcp-and-bloombase-storesafeDs 354-a hitachi-datasheet-hcp-and-bloombase-storesafe
Ds 354-a hitachi-datasheet-hcp-and-bloombase-storesafe
 
Hitachi datasheet-hcp-and-bloombase-storesafe
Hitachi datasheet-hcp-and-bloombase-storesafeHitachi datasheet-hcp-and-bloombase-storesafe
Hitachi datasheet-hcp-and-bloombase-storesafe
 
Solving the Really Big Tech Problems with IoT
Solving the Really Big Tech Problems with IoT Solving the Really Big Tech Problems with IoT
Solving the Really Big Tech Problems with IoT
 
Fighting cyber fraud with hadoop
Fighting cyber fraud with hadoopFighting cyber fraud with hadoop
Fighting cyber fraud with hadoop
 
Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0
 
Storage Made Easy - File Fabric Use Cases
Storage Made Easy - File Fabric Use CasesStorage Made Easy - File Fabric Use Cases
Storage Made Easy - File Fabric Use Cases
 
IRJET- Secured Hadoop Environment
IRJET- Secured Hadoop EnvironmentIRJET- Secured Hadoop Environment
IRJET- Secured Hadoop Environment
 
Hadoop Security Features That make your risk officer happy
Hadoop Security Features That make your risk officer happyHadoop Security Features That make your risk officer happy
Hadoop Security Features That make your risk officer happy
 
Hadoop Security Features that make your risk officer happy
Hadoop Security Features that make your risk officer happyHadoop Security Features that make your risk officer happy
Hadoop Security Features that make your risk officer happy
 
Isaca journal - bridging the gap between access and security in big data...
Isaca journal - bridging the gap between access and security in big data...Isaca journal - bridging the gap between access and security in big data...
Isaca journal - bridging the gap between access and security in big data...
 
big data and hadoop
big data and hadoop big data and hadoop
big data and hadoop
 
Voltage Security, Protecting Sensitive Data in Hadoop
Voltage Security, Protecting Sensitive Data in HadoopVoltage Security, Protecting Sensitive Data in Hadoop
Voltage Security, Protecting Sensitive Data in Hadoop
 
Security Threats to Hadoop: Data Leakage Attacks and Investigation
Security Threats to Hadoop: Data Leakage Attacks and Investigation Security Threats to Hadoop: Data Leakage Attacks and Investigation
Security Threats to Hadoop: Data Leakage Attacks and Investigation
 
Analytics with unified file and object
Analytics with unified file and object Analytics with unified file and object
Analytics with unified file and object
 
Automatic Detection, Classification and Authorization of Sensitive Personal D...
Automatic Detection, Classification and Authorization of Sensitive Personal D...Automatic Detection, Classification and Authorization of Sensitive Personal D...
Automatic Detection, Classification and Authorization of Sensitive Personal D...
 

Plus de Ulf Mattsson

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Ulf Mattsson
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Ulf Mattsson
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...Ulf Mattsson
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021Ulf Mattsson
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesUlf Mattsson
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Ulf Mattsson
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeUlf Mattsson
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchainUlf Mattsson
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsUlf Mattsson
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaUlf Mattsson
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningUlf Mattsson
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKUlf Mattsson
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonUlf Mattsson
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAUlf Mattsson
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?Ulf Mattsson
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bUlf Mattsson
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020Ulf Mattsson
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?Ulf Mattsson
 

Plus de Ulf Mattsson (20)

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
 
Book
BookBook
Book
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use cases
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicode
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchain
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA Atlanta
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UK
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS London
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACA
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 

Dernier

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 

Dernier (20)

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 

Five steps to secure big data

  • 1. Five Steps to Secure Big Data Ulf Mattsson, CTO Protegrity ulf.mattsson AT protegrity.com
  • 2. Ulf Mattsson, CTO Protegrity 20 years with IBM • Research & Development & Global Services Inventor • Encryption, Tokenization & Intrusion Prevention Involvement • PCI Security Standards Council (PCI SSC) • American National Standards Institute (ANSI) X9 • Encryption & Tokenization • International Federation for Information Processing • IFIP WG 11.3 Data and Application Security • ISACA New York Metro chapter 2
  • 4. What is Big Data? Hadoop • Designed to handle the emerging “4 V’s” • Massively Parallel Processing (MPP) • Elastic scale • Usually Read-Only • Allows for data insights on massive, heterogeneous data sets • Includes an ecosystem of components: Hive Pig Other Application Layers MapReduce HDFS Storage Layers Physical Storage 4
  • 5. Has Your Organization Already Invested in Big Data? Source: Gartner 5
  • 7. Holes in Big Data… Source: Gartner 7
  • 8. Many Ways to Hack Big Data BI Reporting RDBMS Hackers Pig (Data Flow) Hive (SQL) Sqoop Unvetted Applications Or Ad Hoc Processes MapReduce (Job Scheduling/Execution System) Hbase (Column DB) HDFS (Hadoop Distributed File System) Source: http://nosql.mypopescu.com/post/1473423255/apache-hadoop-and-hbase 8 Avro (Serialization) Zookeeper (Coordination) ETL Tools Privileged Users
  • 9. Current Data Security for Big data Authentication • Who am I and how do I prove it? • Ensure the identity of the users, services and hosts that make up and use the system is authoritatively known Authorization • What am I allowed to see and do? • Ensure services and data are accessed only by entitled identities Data Protection • How is my Data being Protected? • Ensure data cannot be usefully stolen or undetectably tampered with Auditing • What have I attempted to do or done? • Ensure a permanent record of who did what, when
  • 11. Achieving Best Data Security for Big Data Massively Scalable Data Security Maximum Transparency Maximum Performance Easy to Use Heterogeneous System Compatibility Enterprise Ready
  • 12. Many Layers of Defense Corporate Enterprise Kerberos Authentication Encrypted Communications Big Data Corporate Firewall Authorization through ACLs Fine Grained Big Data Cluster 8 Data Security Policy Protegrity Coarse Grained
  • 13. Protecting the Big Data Ecosystem BI Applications BI Applications are authorized to access sensitive data through the policy. Data Access Framework Pig Hive Data Processing Framework (MapReduce) Data Storage Framework (HDFS) User Defined Functions (UDFs) enable Field Level data protection with Policy based access controls with Monitoring. Java API enables Field Level data protection with Policy based access controls with Monitoring. File level data protection with Policy based access controls for existing and new data. Volume or File Encryption with Policy based access controls at the OS file system level.
  • 15. File Based Encryption Example Files with personal identifiable information Stored in Hadoop cluster Root user logged-in to one of the nodes Search for sensitive information on disk
  • 17. Fine Grained Protection: Field Protection Production Systems Encryption • Reversible • Policy Control (Authorized / Unauthorized Access) • Lacks Integration Transparency • Complex Key Management • Example !@#$%a^.,mhu7///&*B()_+!@ Tokenization / Pseudonymization • Reversible • Policy Control (Authorized / Unauthorized Access) • Integrates Transparently • No Complex Key Management • Business Intelligence Credit Card: 0389 3778 3652 0038 Non-Production Systems 17 Masking • Not reversible • No Policy, Everyone Can Access the Data • Integrates Transparently • No Complex Key Management • Example 0389 3778 3652 0038
  • 18. Field Level Protection Example Files with personal identifiable information Loaded in to a Hive table Select data from that table Root user logged-in to one of the nodes Search for sensitive information on disk
  • 20. Policy Based Access Control Combination of what data needs to be protected and who has access to that data is the key to creating a meaningful policy 20 What Who What is the sensitive data that needs to be protected. Data Element. Who should have access to sensitive data and who should not. Security access control. Roles & Members.
  • 21. Protegrity Data Security Policy What What is the sensitive data that needs to be protected. Data Element. How How you want to protect and present sensitive data. There are several methods for protecting sensitive data. Encryption, tokenization, monitoring, etc. Who Who should have access to sensitive data and who should not. Security access control. Roles & Members. When When should sensitive data access be granted to those who have access. Day of week, time of day. Where Where is the sensitive data stored? This will be where the policy is enforced. At the protector. Audit Audit authorized or un-authorized access to sensitive data. Optional audit of protect/unprotect.
  • 22. Policy Based Filed Protection Example Files with personal identifiable information Loaded in to a Hive table Create a view on that table Select data as authorized user Select data as privileged user
  • 23. Enterprise Strength Enterprise 23 Protection platforms must protect sensitive data end to end – at rest, in transit and on any technology platform
  • 24. End to End Data Security Across the Enterprise Enterprise Heterogeneous Coverage • File Protectors: AIX, HPUX, Linux, Solaris, Windows • Database Protectors : DB2, SQL Server, Oracle, Teradata, Informix, Netezza, Greenplum • Big Data Protectors: BigInsights, Cloudera, Greenplum, mapR, Aster, Apache Hadoop, Hortonworks • Big Iron Platform: zSeries, HP Non-Stop 24
  • 25. Best Practices for Protecting Big Data Start Early Fine Grained protection Select the optimal protection for the future Enterprise coverage Protection against insider threat Transparent protection to the analysis process Policy based protection and audit 25
  • 26. Five Point Data Protection Methodology 1. Classify 26 2. Discovery 3. Protect 4. Enforce 5. Monitor
  • 27. Classify Determine what data is sensitive to your organization. 27
  • 28. Select US Regulations for Security and Privacy Financial Services Healthcare and Pharmaceuticals Infrastructure and Energy Federal Government 28
  • 29. 1. Classify: Examples of Sensitive Data Sensitive Information Credit Card Numbers PCI DSS Names HIPAA, State Privacy Laws Address HIPAA, State Privacy Laws Dates HIPAA, State Privacy Laws Phone Numbers HIPAA, State Privacy Laws Personal ID Numbers HIPAA, State Privacy Laws Personally owned property numbers HIPAA, State Privacy Laws Personal Characteristics HIPAA, State Privacy Laws Asset Information 29 Compliance Regulation / Laws HIPAA, State Privacy Laws
  • 30. Discovery Discover where the sensitive data is located and how it flows 30
  • 31. 2. Discovery in a large enterprise with many systems System System System System System System System System System System System System Corporate Firewall System 031
  • 32. 2. Discovery: Determine the context to the Business System Retail System System Employees System System Corporate IP System Healthcare Corporate Firewall System 032 032
  • 33. 2. Discover: Context to the Business and to Security Collecting transactions Stores & Ecommerce Databases Data Protection Solution Requirements File Server Hadoop Applications File Server containing IP Corporate Firewall Research Databases 033
  • 34. Protect Protect the sensitive data at rest and in transit. 34
  • 35. Balancing Security and Data Insight Tug of war between security and data insight Big Data is designed for access Privacy regulations require de-identification Granular data-level protection Traditional security don’t allow for seamless data use 35
  • 36. Protection Beyond Kerberos ETL Tools BI Reporting RDBMS Pig (Data Flow) Hive (SQL) Sqoop MapReduce (Job Scheduling/Execution System) API enabled Field level data protection API enabled Field level data protection Hbase (Column DB) HDFS Field level data protection for existing and new data. (Hadoop Distributed File System) Volume Encryption 36
  • 37. Volume Encryption Entire file is in the clear when analyzed MapReduce HDFS Protected with Volume Encryption 37
  • 38. File Encryption – Authorized User Entire file is in the clear when analyzed MapReduce HDFS Protected with File Encryption 38
  • 39. File Encryption – Non Authorized User Entire file is in unreadable when analyzed MapReduce HDFS Protected with File Encryption 39
  • 40. Volume Encryption + Gateway Field Protection Granular Field Level Protection MapReduce HDFS Data Protection File Gateway 40 Kerberos Access Control Protected with Volume Encryption
  • 41. Volume Encryption + Internal MapReduce Field Protection Analytics Granular Field Level Protection MapReduce Hadoop Staging HDFS MapReduce 41 Kerberos Access Control Protected with Volume Encryption
  • 42. Enforce Policies are used to enforce rules about how sensitive data should be treated in the enterprise. 42
  • 43. A Data Security Policy What What is the sensitive data that needs to be protected. Data Element. How How you want to protect and present sensitive data. There are several methods for protecting sensitive data. Encryption, tokenization, monitoring, etc. Who Who should have access to sensitive data and who should not. Security access control. Roles & Members. When Where Where is the sensitive data stored? This will be where the policy is enforced. At the protector. Audit 43 When should sensitive data access be granted to those who have access. Day of week, time of day. Audit authorized or un-authorized access to sensitive data. Optional audit of protect/unprotect.
  • 44. Volume Encryption + Field Protection + Policy Enforcement MapReduce HDFS Protected with Volume Encryption Data Protection Policy 44
  • 45. Volume Encryption + Field Protection + Policy Enforcement MapReduce HDFS Protected with Volume Encryption Data Protection Policy 45
  • 46. 4. Authorized User Example Presentation to requestor Name: Joe Smith Address: 100 Main Street, Pleasantville, CA Data Scientist, Business Analyst Selected data displayed (least privilege) Response Request Policy Enforcement Authorized Does the requestor have the authority to access the protected data? Protection at rest Name: csu wusoj Address: 476 srta coetse, cysieondusbak, CA 46
  • 47. 4. Un-Authorized User Example Presentation to requestor Name: csu wusoj Address: 476 srta coetse, cysieondusbak, CA Privileged Used, DBA, System Administrators, Bad Guy Response Request Policy Enforcement Not Authorized Does the requestor have the authority to access the protected data? Protection at rest Name: csu wusoj Address: 476 srta coetse, cysieondusbak, CA 47
  • 48. Monitor A critically important part of a security solution is the ongoing monitoring of any activity on sensitive data. 48
  • 49. Best Practices for Protecting Big Data Start early Granular protection Select the optimal protection Enterprise coverage Protection against insider threat Protect highly sensitive data in a way that is mostly transparent to the analysis process Policy based protection Record data access events 49
  • 50. How Protegrity Can Help 1 2 We can help you Discover where the sensitive data sits 3 We can help you Protect your sensitive data in a flexible way 4 We can help you Enforce policies that will enable business functions and preventing sensitive data from the wrong hands. 5 50 We can help you Classify the sensitive data We can help you Monitor sensitive data to gain insights on abnormal behaviors.
  • 51. Protegrity Summary Proven enterprise data security software and innovation leader • Sole focus on the protection of data • Patented Technology, Continuing to Drive Innovation Cross-industry applicability • • Financial Services, Insurance, Banking • Healthcare • Telecommunications, Media and Entertainment • 51 Retail, Hospitality, Travel and Transportation Manufacturing and Government
  • 52. Please contact us for more information Ulf.Mattsson@protegrity.com Info@protegrity.com