Where Data Security and Value of Data Meet in the Cloud
|
|
- Jody Gordon
- 8 years ago
- Views:
Transcription
1 Where Data Security and Value of Data Meet in the Cloud - Practical advice for cloud data security Ulf Mattsson CTO, Protegrity Ulf.Mattsson@protegrity.com
2 Ulf Mattsson, Protegrity CTO Cloud Security Alliance (CSA) PCI Security Standards Council IFIP Cloud & Virtualization SIGs Encryption Task Force Tokenization Task Force WG 11.3 Data and Application Security International Federation for Information Processing ISACA ISSA (Information Systems Audit and Control Association) (Information Systems Security Association) 2
3 Agenda The New Enterprise Paradigm Cloud computing, IoT and the disappearing perimeter Data is the new currency Rethinking Data Security for a Boundless World The new wave of challenges to security and productivity Seamless, boundless security framework data flow Maximize data utility & minimizing risk finding the right balance New Security Solutions, Technologies and Techniques Data-centric security technologies Data security and utility outside the enterprise Cloud data security in context to the enterprise Best Practices 3
4 Enterprises Losing Ground Against Cyber-attacks Verizon Data Breach Investigations Report Enterprises are losing ground in the fight against persistent cyber-attacks We simply cannot catch the bad guys until it is too late. This picture is not improving Verizon reports concluded that less than 14% of breaches are detected by internal monitoring tools JP Morgan Chase data breach Hackers were in the bank s network for months undetected Network configuration errors are inevitable, even at the larges banks We need a new approach to data security 4
5 High-profile Cyber Attacks 49% recommended Database security 40% of budget still on Network security only 19% to database security Conclusion: Organisations have traditionally spent money on network security and so it is earmarked in the budget and requires no further justification 5
6 The Perimeter-less World 6
7 Integration with Outside World Big data projects in 2015 Integration with the outside world Security prevents big data from becoming a prevalent enterprise computing platform 3 rd party products are helping 26 billion devices on the Internet of Things by 2020 (Gartner) wikipedia.org 7
8 They re Tracking When You Turn Off the Lights Sensors to capture data on environmental conditions including sound volume, wind and carbon-dioxide levels, as well as behavioral data such as pedestrian traffic flow 8 Source: Wall Street Journal
9 Security Threats of Connected Medical Devices The Department of Homeland Security investigating Two dozen cases of suspected cyber security flaws in medical devices that could be exploited by hackers Can be detrimental to the patient, creating problems such as instructing an infusion pump to overdose a patient with drugs, or forcing a heart implant to deliver a deadly jolt of electricity Keep medical data stored encrypted PricewaterhouseCoopers study $30bn annual cost hit to the US healthcare system due to inadequate medical-device interoperability 9
10 CHALLENGE How can I Secure the Perimeter-less Enterprise? 10
11 Cloud Computing 11
12 12 What Is Your No. 1 Issue Slowing Adoption of Public Cloud Computing?
13 Data Security Holding Back Cloud Projects Source: Cloud Adoption Practices & Priorities Survey Report January
14 Security of Data in Cloud at Board-level Source: Cloud Adoption Practices & Priorities Survey Report January
15 15 Threat Vector Inheritance
16 Public Cloud Source: Wired.com 16
17 New Technologies to Secure Cloud Data 17
18 Data-Centric Protection Increases Security in Cloud Computing Rather than making the protection platform based, the security is applied directly to the data Protecting the data wherever it goes, in any environment Cloud environments by nature have more access points and cannot be disconnected Data-centric protection reduces the reliance on controlling the high number of access points 18
19 Simplify Operations and Compliance in the Cloud Key Challenges Storing and/or processing data in the cloud increases the risks of noncompliance through unapproved access and data breach Service providers will limit their liabilities to potential data breaches that may be taken for granted on-premises Gartner: Simplify Operations and Compliance in the Cloud by Protecting Sensitive Data, Jun
20 Simplify Operations and Compliance in the Cloud Recommendations Simplify audits & address data residency and compliance issues by applying encryption or tokenization and access controls. Digitally shred sensitive data at its end of life by deleting the encryption keys or tokens Understand that protecting sensitive data in cloud-based software as a service (SaaS) applications may require trading off security and functionality Assess each encryption solution by following the data to understand when data appears in clear text, where keys are made available and stored, and who has access to the keys Gartner: Simplify Operations and Compliance in the Cloud by Protecting Sensitive Data, Jun
21 Security Gateway Deployment Hybrid Cloud Corporate Network Cloud Gateway Public Cloud Client System Private Cloud Security Officer Enterprise Security Administrator Out-sourced 021
22 Security Gateway Deployment Hybrid Cloud Corporate Network Private Cloud Public Cloud Client System Cloud Gateway Security Officer Enterprise Security Administrator Out-sourced 022
23 Security Gateway Searchable Encryption Corporate Network Client System Query re-write Cloud Gateway RDBMS Security Officer Enterprise Security Administrator Order preserving encryption 023
24 Security Gateway Search & Indexing Corporate Network Client System Query re-write Cloud Gateway Index RDBMS Index Security Officer Enterprise Security Administrator 024
25 Cloud Gateway - Requirements Adjusted Protection Data Protection Methods Scalability Storage Security Transparency System without data protection Weak Encryption (1:1 mapping) Searchable Gateway Index (IV) Vaultless Tokenization Partial Encryption Data Type Preservation Encryption Strong Encryption (AES CBC, IV) Best Worst 25
26 Comparing Data Protection Methods 26
27 Risk Adjusted Storage Data Leaking Formats Computational Usefulness H L I I I I Strong-encryption Truncation Sort-order-preserving-encryption Indexing Data Leakage 27
28 Balancing Data Security & Utility Classification of Sensitive Data Granular Protection of Sensitive Data Value Preserving Encoding Leaking Leaking Sensitive Sensitive Data? Index Data Data? 28
29 Risk Adjusted Data Leakage Trust H Index Leaking Sensitive Data Index Sort Order Preserving Encryption Algorithms Leaking Sensitive Data Index NOT Leaking Index Data L Sensitive Data In-house Out-sourced Elasticity 29
30 Reduction of Pain with New Protection Techniques Pain & TCO Input Value: High Strong Encryption Output: AES, Format Preserving Encryption DTP, FPE Format Preserving Vault-based Tokenization Greatly reduced Key Management Low Vaultless Tokenization No Vault
31 What is Data Tokenization? 31
32 Data Tokenization Replacing The Data Source: plus.google.com 32
33 Tokenization Research Tokenization Gets Traction Aberdeen has seen a steady increase in enterprise use of tokenization for protecting sensitive data over encryption Nearly half of the respondents (47%) are currently using tokenization for something other than cardholder data Tokenization users had 50% fewer security-related incidents than tokenization non-users Source: 33
34 Fine Grained Data Security Methods Tokenization and Encryption are Different Encryption Tokenization Used Approach Cipher System Code System Cryptographic algorithms Cryptographic keys Code books Index tokens Source: McGraw-HILL ENCYPLOPEDIA OF SCIENCE & TECHNOLOGY 34
35 Speed of Fine Grained Protection Methods Transactions per second* I I I I Vault-based Format AES CBC Vaultless Data Preserving Encryption Data Tokenization Encryption Standard Tokenization *: Speed will depend on the configuration 35
36 Significantly Different Tokenization Approaches Vault-based Vaultless Property Dynamic Pre-generated 36
37 Examples of Protected Data Field Real Data Tokenized / Pseudonymized Name Joe Smith csu wusoj Address 100 Main Street, Pleasantville, CA 476 srta coetse, cysieondusbak, CA Date of Birth 12/25/ /02/1966 Telephone Address joe.smith@surferdude.org eoe.nwuer@beusorpdqo.org SSN CC Number Business URL Fingerprint Encrypted Photo Encrypted X-Ray Encrypted 37 Healthcare / Financial Services Dr. visits, prescriptions, hospital stays and discharges, clinical, billing, etc. Financial Services Consumer Products and activities Protection methods can be equally applied to the actual data, but not needed with de-identification
38 How Should I Secure Different Data? Use Case Simple Encryption of Files PII Tokenization of Fields Card Holder Data PCI Personally Identifiable Information Complex Protected Health Information PHI I Un-structured I Structured Type of Data 38
39 Example of Cross Border Data-centric Security Data sources Data Warehouse In Italy Complete policy-enforced deidentification of sensitive data across all bank entities
40 How to Balance Risk and Data Access 40
41 Risk Adjusted Data Security Access Controls High - User Productivity and Creativity Risk Exposure Low - Access to Sensitive Data in Clear I I Low Access to Data High Access to Data 41
42 Risk Adjusted Data Security Tokenized Data High - User Productivity and Creativity Low - Risk Exposure Access to Tokenized Data I I Low Access to Data High Access to Data 42
43 Risk Adjusted Data Security Selective Masking Cost Example: 16 digit credit card number High - Risk Exposure Cost of Application Changes Low - I I I All-16-clear Only-middle-6-hidden All-16-hidden 43
44 Fine Grained Security: Securing Fields Production Systems Encryption of fields Reversible Policy Control (authorized / Unauthorized Access) Lacks Integration Transparency Complex Key Management Example:!@#$%a^.,mhu7///&*B()_+!@ Non-Production Systems Masking of fields Not reversible No Policy, Everyone can access the data Integrates Transparently No Complex Key Management Example:
45 Fine Grained Security: Tokenization of Fields Production Systems Tokenization (Pseudonymization) No Complex Key Management Business Intelligence Example: Reversible Policy Control (Authorized / Unauthorized Access) Not Reversible Integrates Transparently Non-Production Systems 45
46 Data Centric Audit and Protection (DCAP) Organizations that have not developed data-centric security policies to coordinate management processes and security controls across data silos need to act By 2018, data-centric audit and protection strategies will replace disparate siloed data security governance approaches in 25% of large enterprises, up from less than 5% today Source: Gartner Market Guide for Data Centric Audit and Protection (DCAP), Nov
47 Data Centric Audit and Protection (DCAP) Centrally managed security policy Across unstructured and structured silos Classify data, control access and monitoring Protection encryption, tokenization and masking Segregation of duties application users and privileged users Auditing and reporting Source: Gartner Market Guide for Data Centric Audit and Protection (DCAP), Nov
48 Central Management Policy Deployment Application Protector Database Protector Security Office / Security Team EDW Protector Enterprise Security Administrator Policy Big Data Protector Protection Servers IBM Mainframe Protectors File Protector File Protector Gateway Audit Log Cloud Gateway Inline Gateway 48
49 Enterprise Data Security Policy What What is the sensitive data that needs to be protected. How How you want to protect and present sensitive data. There are several methods for protecting sensitive data. Encryption, tokenization, monitoring, etc. Who Who should have access to sensitive data and who should not. Security access control. When When should sensitive data access be granted to those who have access. Day of week, time of day. Where Where is the sensitive data stored? This will be where the policy is enforced. Audit Audit authorized or un-authorized access to sensitive data. 49
50 Central Management Audit Log Collection Application Protector Database Protector Audit Log Security Office / Security Team EDW Protector Audit Log Audit Log Enterprise Security Administrator Big Data Protector IBM Mainframe Protectors Audit Log Audit Log File Protector Audit Log Audit Log File Protector Gateway Audit Log Audit Log Audit Log Cloud Gateway Inline Gateway Protection Servers 50
51 Summary The biggest challenge in this new paradigm Cloud and an interconnected world Merging data security with data value and productivity What s required? Seamless, boundless security framework data flow Maximize data utility & Minimizing risk finding the right balance Value-preserving data-centric security methods How to keep track of your data and monitor data access outside the enterprise Best practices for protecting data and privacy in the perimeter-less enterprise. What New Data Security Technologies are Available for Cloud? How can Cloud Data Security work in Context to the Enterprise? 51
52 Thank you! Questions? Please contact us for more information
Data-Centric Security Key to Cloud and Digital Business
Data-Centric Security Key to Cloud and Digital Business Ulf Mattsson CTO, Protegrity Ulf.Mattsson AT protegrity.com Ulf Mattsson, Protegrity CTO Cloud Security Alliance (CSA) PCI Security Standards Council
More informationPractical Advice for Cloud Data Protection
Practical Advice for Cloud Data Protection Ulf Mattsson CTO, Protegrity Ulf.Mattsson@protegrity.com Ulf Mattsson, Protegrity CTO Cloud Security Alliance (CSA) PCI Security Standards Council Cloud & Virtualization
More informationSecuring Data Today. Ulf Mattsson CTO Protegrity ulf.mattsson [at] protegrity.com
Securing Data Today and in the Future Ulf Mattsson CTO Protegrity ulf.mattsson [at] protegrity.com Ulf Mattsson 20 years with IBM Development & Global Services Inventor of 22 patents Encryption and Tokenization
More informationData-Centric Security vs. Database-Level Security
TECHNICAL BRIEF Data-Centric Security vs. Database-Level Security Contrasting Voltage SecureData to solutions such as Oracle Advanced Security Transparent Data Encryption Introduction This document provides
More informationCloud Data Security. Sol Cates CSO @solcates scates@vormetric.com
Cloud Data Security Sol Cates CSO @solcates scates@vormetric.com Agenda The Cloud Securing your data, in someone else s house Explore IT s Dirty Little Secret Why is Data so Vulnerable? A bit about Vormetric
More informationData Breaches Gone Mad. Straight Away! Wednesday September 28 th, 2011
Data Breaches Gone Mad Learn how to Secure your Data Warehouse Straight Away! Wednesday September 28 th, 2011 Martin Willcox Director Product & Solutions Marketing Teradata Europe, Middle East & Africa
More informationData Security as a Business Enabler Not a Ball & Chain. Big Data Everywhere May 12, 2015
Data Security as a Business Enabler Not a Ball & Chain Big Data Everywhere May 12, 2015 Les McMonagle Protegrity - Director Data Security Solutions Les has over twenty years experience in information security.
More informationThe Security Issue Data Marketing 2013 Conference Presented by:
The Security Issue Data Marketing 2013 Conference Presented by: Phil Sewell, Canadian Regional Director About Voltage Security Mission: Data-centric security to combat advanced security threats inside
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationMyths and Realities of Data Security and Compliance: Ulf Mattsson, CTO, Protegrity
Myths and Realities of Data Security and Compliance: The Risk-based Data Protection Solution Ulf Mattsson, CTO, Protegrity Ulf Mattsson 20 years with IBM Development, Manufacturing & Services Inventor
More informationMyths & Realities of Data Security & Compliance: The Risk-based Data. Ulf Mattsson, CTO, Protegrity
Myths & Realities of Data Security & Compliance: The Risk-based Data Protection Solution Ulf Mattsson, CTO, Protegrity Ulf Mattsson 20 years with IBM Development, Manufacturing & Services Inventor of 21
More informationSafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud
SafeNet Data Encryption and Control Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud Ensure Data Protection with Data Encryption and Control Across
More informationSafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud
SafeNet Data Encryption and Control Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud Ensure Data Protection with Data Encryption and Control Across
More informationData-Centric security and HP NonStop-centric ecosystems. Andrew Price, XYPRO Technology Corporation Mark Bower, Voltage Security
Title Data-Centric security and HP NonStop-centric ecosystems A breakthrough strategy for neutralizing sensitive data against advanced threats and attacks Andrew Price, XYPRO Technology Corporation Mark
More informationDatabase Security Solutions in Cloud and Outsourced Environments
Database Security Solutions in Cloud and Outsourced Environments Ulf Mat t sson TCO Prot egri t y ul f. mat t sson AT prot egri t y. com Ulf Mattsson 20 years with IBM Development & Global Services Inventor
More informationProtegrity Data Security Platform
Protegrity Data Security Platform The Protegrity Data Security Platform design is based on a hub and spoke deployment architecture. The Enterprise Security Administrator (ESA) enables the authorized Security
More informationIdentity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015
Identity & Management The Cloud Perspective Andrea Themistou 08 October 2015 Agenda Cloud Adoption Benefits & Risks Security Evolution for Cloud Adoption Securing Cloud Applications with IAM Securing Cloud
More informationTaking a Data-Centric Approach to Security in the Cloud
Taking a Data-Centric Approach to Security in the Cloud Bob West Chief Trust Officer CipherCloud 2014 CipherCloud All rights reserved 1 Taking a Data-Centric Approach to Cloud Data Protection Bob West
More informationCloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
More informationRETHINKING CYBER SECURITY Changing the Business Conversation
RETHINKING CYBER SECURITY Changing the Business Conversation October 2015 Introduction: Diane Smith Michigan Delegate Higher Education Conference Speaker Board Member 2 1 1. Historical Review Agenda 2.
More informationHP Atalla. Data-Centric Security & Encryption Solutions. Jean-Charles Barbou Strategic Sales Manager HP Atalla EMEA MAY 2015
Copyright 2015Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted HP Atalla Data-Centric Security & Encryption Solutions Jean-Charles
More informationSECURING SENSITIVE DATA WITHIN AMAZON WEB SERVICES EC2 AND EBS
SECURING SENSITIVE DATA WITHIN AMAZON WEB SERVICES EC2 AND EBS The Challenges and the Solutions Vormetric, Inc. 2545 N. 1st Street, San Jose, CA 95131 United States: 888.267.3732 United Kingdom: +44.118.949.7711
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationHIPAA and HITECH Compliance Simplification. Sol Cates CSO @solcates scates@vormetric.com
HIPAA and HITECH Compliance Simplification Sol Cates CSO @solcates scates@vormetric.com Quick Agenda Why comply? What does Compliance look like? New Cares vs Rental Cars vs Custom Cars Vormetric Q&A Slide
More informationSecuring Sensitive Data within Amazon Web Services EC2 and EBS
Page 1 Securing Sensitive Data within Amazon Web Services EC2 and EBS Challenges and Solutions to Protecting Data within the AWS Cloud Vormetric, Inc. 2545 N. 1st Street, San Jose, CA 95131 United States:
More informationCloud Security Case Study Amazon Web Services. Ugo Piazzalunga Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com
Cloud Security Case Study Amazon Web Services Ugo Piazzalunga Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com Agenda 1. Amazon Web Services challenge 2. Virtual Instances and Virtual Storage
More informationCloud Computing: A Question of Trust Maintaining Control and Compliance with Data-centric Information Security
Russ Dietz Vice President & Chief Technology Officer Cloud Computing: A Question of Trust Maintaining Control and Compliance with Data-centric Information Security By Russ Dietz Vice President & Chief
More informationData Centric Security
Data Centric Security What s wrong and what to do about it Mike Shanahan Regional Sales Manager Albert Dolan Senior Systems Engineer, EMEA IT s Dirty Little Secret 30+ Years super users have been managing
More information05.0 Application Development
Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development
More informationVORMETRIC CLOUD ENCRYPTION GATEWAY Enabling Security and Compliance of Sensitive Data in Cloud Storage
VORMETRIC CLOUD ENCRYPTION GATEWAY Enabling Security and Compliance of Sensitive Data in Cloud Storage Vormetric, Inc. 2545 N. 1st Street, San Jose, CA 95131 United States: 888.267.3732 United Kingdom:
More informationDFW INTERNATIONAL AIRPORT STANDARD OPERATING PROCEDURE (SOP)
Title: Functional Category: Information Technology Services Issuing Department: Information Technology Services Code Number: xx.xxx.xx Effective Date: xx/xx/2014 1.0 PURPOSE 1.1 To appropriately manage
More informationCase Studies: Protecting Sensitive Data in
Case Studies: Protecting Sensitive Data in C.J. Radford Vice President, Cloud September 18, 2014 Contact: @cjrad; cradford@vormetric.com Agenda Data Security Challenges Top Considerations for Data Centric
More informationCloud Computing and the Federal Government: Maximizing Trust Supporting the Mission and Improving Assurance with Data-centric Information Security
Cloud Computing and the Federal Government: Maximizing Trust Supporting the Mission and Improving Assurance with Data-centric Information Security Table of Contents Executive Summary...3 Introduction...3
More informationSecuring and protecting the organization s most sensitive data
Securing and protecting the organization s most sensitive data A comprehensive solution using IBM InfoSphere Guardium Data Activity Monitoring and InfoSphere Guardium Data Encryption to provide layered
More information68% Meet compliance needs with Microsoft Exchange. of companies send sensitive data via email.
Meet compliance needs with Microsoft Exchange As the volume and importance of digital information grows, regulatory compliance schemas are broadening to encompass an ever-larger share of data that companies
More informationFighting Today s Cybercrime
SECURELY ENABLING BUSINESS Fighting Today s Cybercrime Ongoing PCI Compliance Using Data-Centric Security Technologies HOUSEKEEPING ITEMS All phone lines have been muted for the duration of the webinar.
More informationCompliance for the Road Ahead
THE DATA PROTECTION COMPANY CENTRAL CONTROL A NTROL RBAC UNIVERSAL DATA PROTECTION POLICY ENTERPRISE KEY DIAGRAM MANAGEMENT SECURE KEY STORAGE ENCRYPTION SERVICES LOGGING AUDITING Compliance for the Road
More informationThe Benefits of an Integrated Approach to Security in the Cloud
The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The
More informationCloud-Security: Show-Stopper or Enabling Technology?
Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics
More informationViva la Cloud IAPP Privacy Academy 2013
Viva la Cloud IAPP Privacy Academy 2013 Speaker Intros Chris Zoladz Founder Varun Badhwar VP of Product Strategy -2- Basic Premises for this Session Use of the cloud will continue to explode Security and
More informationData Security: Strategy and Tactics for Success
Data Security: Strategy and Tactics for Success DatabaseVisions,Inc. Fairfax, Va Oracle Gold Partner Solution Provider Oracle Security Specialized www.databasevisions.com Overview Cloud Computing presents
More informationData Masking. Cost-Effectively Protect Data Privacy in Production and Nonproduction Systems. brochure
Data Masking Cost-Effectively Protect Data Privacy in Production and Nonproduction Systems brochure How Can Your IT Organization Protect Data Privacy? The High Cost of Data Breaches It s estimated that
More informationWhite Paper Big Data Without Big Headaches
Vormetric, Inc. 2545 N. 1st Street, San Jose, CA 95131 United States: 888.267.3732 United Kingdom: +44.118.949.7711 Singapore: +65.6829.2266 info@vormetric.com www.vormetric.com THE NEW WORLD OF DATA IS
More informationProtegrity Tokenization
Securing Sensitive Data for PCI, HIPAA and Other Data Security Initiatives 2011 Edition Who should read it System architects, security experts, and other IT professionals who are looking to use tokenization
More informationExecutive s Guide to Cloud Access Security Brokers
Executive s Guide to Cloud Access Security Brokers Contents Executive s Guide to Cloud Access Security Brokers Contributor: Amy Newman 2 2 Why You Need a Cloud Access Security Broker 5 You Can t Achieve
More informationEmail Compliance in 5 Steps
Email Compliance in 5 Steps Introduction For most businesses, email is a vital communication resource. Used to perform essential business functions, many organizations rely on email to send sensitive confidential
More informationData-Centric Security. New imperatives for a new age of data
Data-Centric Security New imperatives for a new age of data Out-maneuvered, outnumbered, outgunned Things are not going well. The phones have gotten smarter, the data s gotten bigger, and your teams and
More informationKey Considerations of Regulatory Compliance in the Public Cloud
Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,
More information<Insert Picture Here> Oracle Database Security Overview
Oracle Database Security Overview Tammy Bednar Sr. Principal Product Manager tammy.bednar@oracle.com Data Security Challenges What to secure? Sensitive Data: Confidential, PII, regulatory
More informationPlan of Attack 5 Step Plan
Plan of Attack 5 Step Plan Naming those Digital Assets Practicing Digital Doomsday Training + Policies and Procedures Technology Tuning Security in the Supply Chain Next Steps Sample Plan 0 to 30 Days
More informationA Hands-On Understanding of Cloud Services. Presented by: PMPA IT Committee
A Hands-On Understanding of Cloud Services Presented by: PMPA IT Committee Today s Agenda Introduction / Overview Benefits Risks of using Cloud Services Cloud Apps Overview/Preview Shop Example Hands-On
More informationSecure Cross Border File Protection & Sharing for Enterprise Product Brief CRYPTOMILL INC
C NNECTED Circles of Trust Secure Cross Border File Protection & Sharing for Enterprise Product Brief www.cryptomill.com product overview OVERVIEW Connected Circles of Trust is an endpoint data security
More informationData Security as a Business Enabler Not a Ball & Chain. Big Data Everywhere May 21, 2015
Data Security as a Business Enabler Not a Ball & Chain Big Data Everywhere May 21, 2015 Les McMonagle Protegrity - Director Data Security Solutions Les has over twenty years experience in information security.
More informationAPT Protection Via Data-Centric Security. Alan Kessler President and CEO Vormetric
APT Protection Via Data-Centric Security Alan Kessler President and CEO Vormetric Protect What Matters APT Protection Via Data-Centric Security Alan Kessler President and CEO Vormetric Data Breach Retrospective
More informationRSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief
RSA Encryption and Key Management Suite The threat of experiencing a data breach has never been greater. According to the Identity Theft Resource Center, since the beginning of 2008, the personal information
More informationAuthentication Strategy: Balancing Security and Convenience
Authentication Strategy: Balancing Security and Convenience Today s Identity and Access Security Strategies Are Being Driven by Two Critical Imperatives: Enable business growth by: Quickly deploying new
More informationReducing Cyber Risk in Your Organization
Reducing Cyber Risk in Your Organization White Paper 2016 The First Step to Reducing Cyber Risk Understanding Your Cyber Assets With nearly 80,000 cyber security incidents worldwide in 2014 and more than
More information1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information
1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information Proteggere i dati direttamente nel database Una proposta tecnologica Angelo Maria Bosis Sales Consulting Senior Manager
More informationWhat You Need to Know About CLOUD INFORMATION PROTECTION SOLUTIONS
What You Need to Know About CLOUD INFORMATION PROTECTION SOLUTIONS Table of Contents Cloud Adoption Drivers Key Capabilities and Technologies Usability and User Experience Security Technology Architecture
More informationRethinking IT and IT Security Strategies in an Era of Advanced Attacks, Cloud and Consumerization
Rethinking IT and IT Security Strategies in an Era of Advanced Attacks, Cloud and Consumerization Neil MacDonald VP and Gartner Fellow Gartner Information Security, Privacy and Risk Research Twitter @nmacdona
More informationAdopting Cloud Apps? Ensuring Data Privacy & Compliance. Varun Badhwar Vice President of Product Strategy CipherCloud
Adopting Cloud Apps? Ensuring Data Privacy & Compliance Varun Badhwar Vice President of Product Strategy CipherCloud Agenda Cloud Adoption & Migration Challenges Introduction to Cloud Computing Cloud Security
More informationPassword Management Evaluation Guide for Businesses
Password Management Evaluation Guide for Businesses White Paper 2016 Executive Summary Passwords and the need for effective password management are at the heart of the rise in costly data breaches. Various
More informationThe 7 Tenets of Successful Identity & Access Management
The 7 Tenets of Successful Identity & Access Management Data breaches. The outlook is not promising. Headlines practically write themselves as new breaches are uncovered. From Home Depot to the US Government
More informationHow Data-Centric Protection Increases Security in Cloud Computing and Virtualization
How Data-Centric Protection Increases Security in Cloud Computing and Virtualization Executive Overview Cloud services and virtualization are driving significant shifts in IT spending and deployments.
More informationData-centric Security
Data-centric Security Rui Melo Biscaia rui.biscaia@watchfulsoftware.com Watchful Software Director, Product Management Dead Horse Wisdom Graham, Texas Beat the horse faster, in an attempt to make it go
More informationSafeguarding the cloud with IBM Dynamic Cloud Security
Safeguarding the cloud with IBM Dynamic Cloud Security Maintain visibility and control with proven security solutions for public, private and hybrid clouds Highlights Extend enterprise-class security from
More informationAn article on PCI Compliance for the Not-For-Profit Sector
Level 8, 66 King Street Sydney NSW 2000 Australia Telephone +61 2 9290 4444 or 1300 922 923 An article on PCI Compliance for the Not-For-Profit Sector Page No.1 PCI Compliance for the Not-For-Profit Sector
More informationEncryption Doesn t Always Protect Your Data. Presented by: Joe Sturonas PKWARE
Encryption Doesn t Always Protect Your Data Presented by: Joe Sturonas PKWARE Agenda Threat Landscape Security Risks Public/Private Keys Digital Signing and Authentication Use Case Q&A Threat Landscape
More informationIndustrial Control Systems Cyber Emergency Response Team (ICS-CERT) 2014: 245 incidents reported
Protecting What Matters Most Christian Fahlke, Regional Sales Manager ALPS March 2015 Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) 2014: 245 incidents reported (Source: https://ics-cert.us-cert.gov/sites/default/files/monitors/ics-cert_monitor_sep2014-feb2015.pdf)
More informationKey Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking
Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking SUMMARY The Payment Card Industry Data Security Standard (PCI DSS) defines 12 high-level security requirements directed
More informationREVOLUTIONIZING ADVANCED THREAT PROTECTION
REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my
More informationSecuring Data-at-Rest in Files, Folders and Shares:
CRYPTO FOUNDATION UNIFIED DATA PROTECTION PLATFORM WHITE PAPER Securing Data-at-Rest in Files, Folders and Shares: Building a Sustainable Framework Data growth is accelerating faster than ever before from
More informationBYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective
BYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective Kit Colbert CTO, End-User Computing 2014 VMware Inc. All rights reserved. VMware: Addressing the Market From Data Center
More informationThe Onslaught of Cyber Security Threats and What that Means to You
The Onslaught of Cyber Security Threats and What that Means to You No End in Sight for Cyber Crime Growth Number of mobile devices affected IBM Number of accounts hacked CNN Money Number of malware samples
More informationApplying machine learning techniques to achieve resilient, accurate, high-speed malware detection
White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division
More informationData-centric Security for HP NonStop and Enterprise-wide Environments
Data-centric Security for HP NonStop and Enterprise-wide Environments Ernie Tarbox, Voltage Security 2014 Voltage Security, Inc. All Rights Reserved 1 Title Agenda Part 1 this morning Common challenges
More informationData Security: Fight Insider Threats & Protect Your Sensitive Data
Data Security: Fight Insider Threats & Protect Your Sensitive Data Marco Ercolani Agenda Data is challenging to secure A look at security incidents Cost of a Data Breach Data Governance and Security Understand
More informationCloudCheck Compliance Certification Program
CloudCheck Compliance Certification Program Ensure Your Cloud Computing Environment is Secure with CloudCheck Certification Organizations today are increasingly relying on a combination of private and/or
More informationDATA SECURITY INTELLIGENCE FUTURE STATE
DATA SECURITY INTELLIGENCE FUTURE STATE White Paper EXECUTIVE SUMMARY In this White Paper, Neuralytix analyzes the Data Security Intelligence (DSI) market. Our research indicates that this market will
More informationInfoSphere Guardium Tech Talk Data privacy and dynamic masking for web applications: InfoSphere Guardium for Applications
InfoSphere Guardium Tech Talk Data privacy and dynamic masking for web applications: InfoSphere Guardium for Applications Nick Briers, WW Product Manager Ariel Farkash, Lead Developer Logistics This tech
More informationTITUS Data Security for Cloud Email Identify and Control Sensitive Data Sent to the Cloud
Business Brief TITUS Data Security for Cloud Email Identify and Control Sensitive Data Sent to the Cloud Nine out of 10 businesses cite security as the top obstacle for cloud adoption. - IDC Control Data
More informationEnterprise Security Solutions
Enterprise Security Solutions World-class technical solutions, professional services and training from experts you can trust ISOCORP is a Value-Added Reseller (VAR) and services provider for best in class
More informationSecure Data Across Application Landscapes: On Premise, Offsite & In the Cloud REINVENTING DATA MASKING WHITE PAPER
Secure Data Across Application Landscapes: On Premise, Offsite & In the Cloud REINVENTING DATA MASKING TABLE OF CONTENTS Data Protection Challenges Across Application Lifecycles... 3 Delphix Service-Based
More informationComprehensive real-time protection against Advanced Threats and data theft
TRITON AP-WEB Comprehensive real-time protection against Advanced Threats and data theft Your business and its data are under constant attack. Traditional security solutions no longer provide sufficient
More informationISSN: 2321-7782 (Online) Volume 2, Issue 5, May 2014 International Journal of Advance Research in Computer Science and Management Studies
ISSN: 2321-7782 (Online) Volume 2, Issue 5, May 2014 International Journal of Advance Research in Computer Science and Management Studies Research Paper Available online at: www.ijarcsms.com Analogous
More informationBalancing Security Investment Against Today's Threat Environment
Balancing Security Investment Against Today's Threat Environment Niel Pandya Data Security, Senior Manager, Oracle ASEAN The following is intended to outline our general product direction.
More informationPutting Web Threat Protection and Content Filtering in the Cloud
Putting Web Threat Protection and Content Filtering in the Cloud Why secure web gateways belong in the cloud and not on appliances Contents The Cloud Can Lower Costs Can It Improve Security Too?. 1 The
More informationERM Symposium April 2009. Moderator Nancy Bennett
ERM Symposium April 2009 RI4-Implementing a Comprehensive Privacy Program John Kelly Joseph Nocera Moderator Nancy Bennett Data & Identity Theft: Keeping sensitive data out of the wrong hands Presented
More informationDefining Data Security in 2015 and Beyond
Defining Data Security in 2015 and Beyond What you need to know about physical and virtual data security in a complex business environment Colocation Managed Cloud & Hosting Services Business Continuity
More informationSafeNet DataSecure vs. Native Oracle Encryption
SafeNet vs. Native Encryption Executive Summary Given the vital records databases hold, these systems often represent one of the most critical areas of exposure for an enterprise. Consequently, as enterprises
More informationIT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011
IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011 Cloud Basics Cloud Basics The interesting thing about cloud computing is that we've redefined cloud computing to include everything
More informationThrough the Security Looking Glass. Presented by Steve Meek, CISSP
Through the Security Looking Glass Presented by Steve Meek, CISSP Agenda Presentation Goal Quick Survey of audience Security Basics Overview Risk Management Overview Organizational Security Tools Secure
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationData Loss Prevention Best Practices to comply with PCI-DSS An Executive Guide
Data Loss Prevention Best Practices to comply with PCI-DSS An Executive Guide. Four steps for success Implementing a Data Loss Prevention solution to address PCI requirements may be broken into four key
More informationProtect the data that drives our customers business. Data Security. Imperva s mission is simple:
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
More informationAn introduction to Cryptosoft
An introduction to Cryptosoft Seamless end-to-end data centric security for every IoT ecosystem Cryptosoft is building trust in the Internet of Things and M2M by simplifying the processes that a company
More informationA COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012
A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES
More informationChecklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security
Checklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) For Daily Compliance & Security Tips, Follow ecfirst @ Agenda Review the
More information