Data Security as a BDM Best Practice

Transcription

1 Data Security as a BDM Best Practice David Loshin, President, Knowledge Integrity Robert Shields, CISSP, Director, PMM Data Security Group May 23, 2016

2 About the Speaker David Loshin President, Knowledge Integrity, Inc. David Loshin is a recognized thought leader and expert consultant in the areas of analytics, big data, data governance, data quality, master data management, and business intelligence. Along with consulting on numerous data management projects over the past 15 years, he is also a prolific author regarding business intelligence best practices, as the author of numerous books and papers on data management. Loshin is a frequent invited speaker at conferences, web seminars, and sponsored web sites and channels and shares additional content at

3 About the Speaker Robert Shields, CISSP Director, PMM, Data Security Group Robert Shields leads product marketing for Informatica s Secure@Source and data masking solutions. Robert is responsible for market development and strategy, sales enablement, analyst relations and thought leadership. Robert has extensive information security experience and helped introduce and pioneer key security technologies including encryption, two-factor authentication, computer forensics, ediscovery, data masking and data security intelligence.

4 Agenda Providing a global view of sensitive data risk and proliferation, Data Security Intelligence is new. It provides data security and data management the intelligence and visibility to effectively reduce the risk of data breach and misuse. Most organizations have already deployed some type of data security solution(s) and data management solutions and so it is logical to ask how DSI relates to these. How does DSI complement these diverse but related environments? This session will answer these critical questions.

5 Data Security Risk and Data Management David Loshin President Knowledge Integrity, Inc.

6 Cybercrime and Information Exposure Gradual transition from denial of service or credit-card theft to more insidious criminal intent Highly-publicized incidents include: Tens of millions of adult web site records Presumed nation-sponsored breach of Sony Exposure of millions of records from US Office of Personnel Management Tens of millions of Health Insurance member records All involve exposure of meaningful content Embarrassment/ shaming Nation-sponsored espionage Facilitates insurance fraud Theft and destruction of intellectual property

7 The Need for Data Security Intelligence Streaming Streaming data Streaming data data Data from Cloud-based systems Unstructured Data Transaction System Transaction System Operational System Operational System Operational System Data Integration Data Warehouse Master Data Big Data Data Mart Data Mining Report OLAP Report Expanding information economy depends on acquisition of data that can be leveraged for value Sensitive data must be understood for security and privacy risks Opens the opportunity for suspicious behavior and undesired risks

8 The Need for Data Security Intelligence Streaming Streaming data Streaming data data Data from Cloud-based systems Unstructured Data Transaction System Transaction System Operational System Operational System Operational System Expanding information economy depends on acquisition of data that can be leveraged for value Creation of internal analytical data products that drive process improvement Expansion of capabilities and services driven by increased data volumes Opens the opportunity for suspicious behavior and undesired risks Increased opportunities for exposure of protected data Data Integration Increased desire to breach the environment to exfiltrate intellectual property Master Data Big Data Data Warehouse Data Mart Data Mining Report OLAP Report

9 Perimeter Security is Insufficient Perimeter security is intended to prevent breaches at the system level Breaches can be unknown until long after effects are noticed Prevention controls need not be aware of the data assets that require protection Once the firewall is breached, there is limited, if any protection of the information Different classes of information require protection in relation to level of sensitivity

10 Understanding Information Sensitivity Three key issues for operationalizing information and content protection: Awareness of the data artifacts that are accessible within the enterprise Assessment of the levels of data sensitivity and assignment of designations Applying further methods of protecting the content Information security and protection is critically dependent on addressing these issues

11 Coordinating Security and Data Management Establish collaboration between security and data management professionals Security team needs to be aware of Data lineage and data flows Environment Methods for data risk assessment Access Behavior patterns of suspicious data access Automated monitoring Artifacts Sensitivity risks of data integration Content Data team needs to be aware of limits of Perimeter security limitations Security program decision-making Scope of access controls and rights management Sensitivity risks of data integration

12 Data Governance for Information Protection Three key data governance techniques can bolster information protection: Semantic metadata analysis and management Data policy management and specification of business data rules Institute methods of asset protection, including access control, data obfuscation and encryption Integrate information awareness with the data security and protection program Data security management becomes a key focal point in bridging the gap between traditional security officers and the data management team

13 Data Management Framework: Data Security Management Data Management Association (DAMA): DMBOK

14 Data Management Framework: Data Security Management + Policy/context driven discovery + Risk analysis + Prioritization of investments + Manage proliferation + Sensitive data behavior analytics Data Management Association (DAMA): DMBOK

15 Proposed Information Security Roles Information Protection Steward Analyze business drivers for data protection Prioritize data assets/risks based on corporate value Facilitate the definition of data protection policies Review implementation of information protection compliance Data Security Analyst Investigate data exposure Evaluate risk scenarios for data exposure Metadata and Data Lineage Analyst Map data flows Identify data dependencies Protection Auditor Ensure institution of information security and protection practices Monitor assignation of access roles and associated rights Monitor compliance with data protection policies Assign levels of data sensitivity Define access roles and rights

16 Data Governance Policies and Protocols Good data governance is critical to frame the partnership between the data and security teams Coordination and collaboration of security and data management teams are necessary Define operational policies for data protection and information security Institute and implement processes to ensure compliance with data protection directives Define the roles associated with data risk management and data sensitivity Oversee the use of tools for assessing data risks

17 Further Information on Data Management If you have questions, comments, or suggestions, please contact me David Loshin

18 Data Security Risk and Data Management Robert Shields, CISSP Director, PMM, Data Security Group

19 A Seismic Shift in the Market Sensitive data is now widely recognized as one of the most valuable assets a company can have, and is regarded as a strategic asset that must be addressed, not simply as a characteristic of some other project.

20 Data records lost in 2015 World: 707,000,000 US: 417,000,000 ~1.1 Million/Day Source: Gemalto/SafeNet2015 Breach Level Index

21 What Are Companies Reporting? Major Retailer: 10K-2012: 10K-2013: 10-K 2014: Breach To date, all incidents we have experienced have been insignificant. data breach in 2013 has resulted in government inquiries and private litigation... We have recorded significant expenses related to the Data Major Healthcare Organization: 10K-2012: 10K-2013: 10K-2014: our facilities and systems.may be vulnerable to cyber attacks.. our facilities and systems.are vulnerable to cyber-attacks... cannot ensure that we will be able to identify, prevent or contain the effects of additional cyber attacks.

22 Business Challenges If we are audited, can we demonstrate that we have the intelligence and controls in place to safeguard sensitive information? Does my current security architecture strongly correlate to sensitive data location and risk? Can we tell our investors, customers and partners that their data is protected from breach or misuse?

23 The Solution

24 The Data Security Challenge Sensitive Data is everywhere throughout the IT landscape Existing data governance is poorly represented and enforced in security technology Traditional Cyber Security protects the perimeter but is not aligned to sensitive data risk You cannot protect all data in the same way at the same time. Bottom Line: You have no way to identify, measure and prioritize the risk of your sensitive data before it causes you a major problem.

25 Enhance data security with Data Security Intelligence Discovery & Classification Sensitive Data Definition File Scanning Data Proliferation Policy Configuration Metadata & Data Discovery Protection Status Risk Intelligence Key Risk Indicators Cost of Data Loss Geographic View Data Store Rankings Risk Scoring Time Series Functional View Monitor & Alerts Security Information Mgmt Configuration Management Digital Rights Management SIEM LDAP Prevention & Protection Dynamic Masking Tokenization Static Masking Data Loss Prevention Encryption IAM Audit Compliance User Activity Monitoring Maturity Assessment Data Breach Process ISO Mitigation Improvements Risk Posture Legend Cyber Security Malware Protection Fraud Prevention Data Centric Vulnerability Assessment Network Security Other

26 is a unified platform for identifying, analyzing, and quantifying sensitive data risk Action Objectives Foundation Focus data protection efforts Reduce uncertainty Monitor change and track progress Learn things you don t already know Validate what you think you know Create a standardized basis for measuring risk, communicating status, and making decisions

27 Data Security Intelligence: Enterprise-wide sensitive data visibility and risk analytics

28 The Industry s First Data Security Intelligence Solution Secure@Source Multi-factor risk scoring Sophisticated policy framework Discovery & Classification Proliferation analysis User Access and Activity Policy-based alerting Highly visual and interactive Integrates data security information from 3 rd parties

29 Identification of Anomalous Activities Data Security Intelligence Sudden high volume of activities from a user who has been inactive in the past Activities against sensitive data stores that user does not usually access Access to sensitive data from multiple IP addresses at the same time

30 Alert of High Risk Conditions Data Security Intelligence Sensitive data leaving a highly regulated country Sensitive data is accessed by an individual outside its country of residency Unprotected production data is moved to non-production environment

31 Key Takeaways Data complexity, variation and multi platform use challenge current methods A Data Security Intelligence platform is needed to manage growing and proliferating sensitive data; you need to know WHAT you have and it s RISK Sensitive data management is a collaborative effort between data management and data security teams Both teams can leverage data security intelligence to improve reliability and security of existing and new data services and applications

32 Questions Proprietary and Confidential

33 Don t Miss Sessions for the Data Security Path Monday Tuesday Wednesday Breakout Sessions CIO Perspective 8:30-9:30am RM2007 All solutions Mind The Gaps! 2:15-3:15pm RM All solutions Goldman Sachs 8:00-9:00am RM2004--TDM Big Data Security 9:45-10:45am RM All solutions HP/Informatica 4:45-5:45pm RM2005 DevOps Deloitte 10:30-11:30am RM2008 S@S Securian Financial 1:30-2:30pm RM Masking Eli Lilly 1:45-2:45pm RM2008 Cloud TDM Prudential 2:45-3:45pm RM TDM How to Security 3:00-4:00pm RM2008 All solutions Hands-On-Labs 9:00am-3:45pm RM All solutions 11:00am-5:45pm RM All solutions 8:00am-3:45pm RM All solutions Deep Dive Labs -7:30-9:30am -1:45-3:45pm RM3018--TDM Meet The Experts -1:00-1:45pm -4:00-4:45pm RM2002 All solutions