ELIMINATING COMPLINCE RISKS - DATA MASKING WITH AZURE

Similar documents
Course Outline. Module 1: Introduction to Data Warehousing

Implementing a Data Warehouse with Microsoft SQL Server 2012

Implementing a Data Warehouse with Microsoft SQL Server 2012 MOC 10777

Course 10777A: Implementing a Data Warehouse with Microsoft SQL Server 2012

Implementing a Data Warehouse with Microsoft SQL Server 2012

Implementing a SQL Data Warehouse 2016

Implementing a Data Warehouse with Microsoft SQL Server 2012

Data Breach and Senior Living Communities May 29, 2015

SQL SERVER DEVELOPER Available Features and Tools New Capabilities SQL Services Product Licensing Product Editions Will teach in class room

Improving database development. Recommendations for solving development problems using Red Gate tools

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP

Accelerating DevOps With Copy Data Virtualization. June, 2015

Beta: Implementing a Data Warehouse with Microsoft SQL Server 2012

Course Outline: Course: Implementing a Data Warehouse with Microsoft SQL Server 2012 Learning Method: Instructor-led Classroom Learning

Implementing a Data Warehouse with Microsoft SQL Server 2012 (70-463)

COURSE 20463C: IMPLEMENTING A DATA WAREHOUSE WITH MICROSOFT SQL SERVER

Implementing a Data Warehouse with Microsoft SQL Server

Data In The Cloud: Who Owns It, and How Do You Get it Back?

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

Combining Onsite and Cloud Backup

Structure of the presentation

Implementing a Data Warehouse with Microsoft SQL Server MOC 20463

COURSE OUTLINE MOC 20463: IMPLEMENTING A DATA WAREHOUSE WITH MICROSOFT SQL SERVER

Beginning SQL Server Administration. Apress. Rob Walters Grant Fritchey

BI on Cloud using SQL Server on IaaS

Microsoft. Course 20463C: Implementing a Data Warehouse with Microsoft SQL Server

Implement a Data Warehouse with Microsoft SQL Server 20463C; 5 days

SecureD Technical Overview

Designing, Optimizing and Maintaining a Database Administrative Solution for Microsoft SQL Server 2008

Auditing Data Access Without Bringing Your Database To Its Knees

Implementing a Data Warehouse with Microsoft SQL Server

The Top Web Application Attacks: Are you vulnerable?

Implementing a Data Warehouse with Microsoft SQL Server

MS Design, Optimize and Maintain Database for Microsoft SQL Server 2008

Green Migration from Oracle

WHITEPAPER. Improving database development

LEARNING SOLUTIONS website milner.com/learning phone

Backup Software? Article on things to consider when looking for a backup solution. 11/09/2015 Backup Appliance or

Database Build and Release will get started soon

For Sales Kathy Hall

How To Find Out What People Think About Hipaa Compliance

Implementing a Data Warehouse with Microsoft SQL Server

Visual Studio Team Edition for Database Professionals. Woody Pewitt Developer Evangelist

Computer Forensics and Incident Response in the Cloud. Stephen Coty AlertLogic, AlertLogic_ACID

Data Loss Prevention. Keeping sensitive data out of the wrong hands*

Implementing a Data Warehouse with Microsoft SQL Server 2014

An Oracle White Paper June Oracle Database 11g: Cost-Effective Solutions for Security and Compliance

LearnFromGuru Polish your knowledge

East Asia Network Sdn Bhd

W I S E. SQL Server 2012 Database Engine Technical Update WISE LTD.

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

Managed Self-Service BI & Data As A Service

112 BSIMM Activities at a Glance

CASE STUDY Searching SQL Server databases with SQL Search at Republic Bank

Managing the PowerPivot for SharePoint Environment

Why Add Data Masking to Your IBM DB2 Application Environment

Application Development With Data Studio

Securing Data on Microsoft SQL Server 2012

SQL Server 2012 Business Intelligence Boot Camp

Prevent Security Breaches by Protecting Information Proactively

Datawarehouse testing using MiniDBs in IT Industry Narendra Parihar Anandam Sarcar

The potential legal consequences of a personal data breach

SQL SERVER TRAINING CURRICULUM

Microsoft SQL Server 2012: What to Expect

Using Oracle Data Integrator with Essbase, Planning and the Rest of the Oracle EPM Products

Comprehensive Approach to Database Security

MS-55096: Securing Data on Microsoft SQL Server 2012

Database Security & Auditing

Functional vs. Load Testing

Application Development

Splunk Company Overview

Big Data, Big Risk, Big Rewards. Hussein Syed

Enterprise Data Integration for Microsoft Dynamics CRM

Industry Models and Information Server

Secure Code Development

SQL Server Storage: The Terabyte Level. Brent Ozar, Microsoft Certified Master, MVP Consultant & Trainer, SQLskills.com

plantemoran.com What School Personnel Administrators Need to know

Monitoring Microsoft SQL Server Audit Logs with EventTracker The Importance of Consolidation, Correlation, and Detection Enterprise Security Series

Archiving On-Premise and in the Cloud. March 2015

Test Data Management in the New Era of Computing

Protecting Sensitive Data Reducing Risk with Oracle Database Security

Setting Up SQL Server on Windows Azure Understanding Options and Differences

Frequently Asked Questions

Transcription:

ELIMINATING COMPLINCE RISKS - DATA MASKING WITH AZURE

SECURITY THREATS INTENTIONAL (FRAUD) Ponemon institute study of 60 large organizations Cost of cybercrime rose 26% to 11.6 Mil per company The most costly: Distributed Denial of Service (DDS) Web-based attacks Malicious Insiders SEI Study Of the 80 of internal fraud cases, 34 % involved Personally Identifiable Information UNINTENTIONAL Innocent insider is being set up by outsider with malicious code Insider negligence or accidental disclosure ( loss of laptop) The theft of an unencrypted laptop from an employee's car resulted in a breach affecting more than 61,000 patients in 2010 in Cincinnati 10/7/14 Hush Hush info@mask-me.net 213.631.1854 2 Data courtesy of www.inforisktoday.com

IT RESPONDS BY TIGHTENING SECURITY Separation of environments Tightened controls Standards, policies, audits, drills, security framework Due to increased security processes, development slows down DEVELOPMENT LOOKS SOMEWHERE ELSE : CLOUD = EASY PROVISIONNING = SPEED TO MARKET SECURI TY 10/7/14 Hush Hush info@mask-me.net 213.631.1854 3

IS CLOUD RISK FREE? Avoiding The Hidden Costs of The Cloud (Symantec) Of 3,236 companies : 40% exposed confidential info 25% suffered account takeover and digital theft 40% loss of data 23% fined for privacy violation 10/7/14 Hush Hush info@mask-me.net 213.631.1854 4

DOES IT MEAN WE SHOULD AVOID CLOUD DEVELOPMENT?? LETS TAKE A CLOSER LOOK AT DEVELOPMENT PROCESSES AND DATA FLOWS ACROSS ENVIRONMENTS 10/7/14 Hush Hush info@mask-me.net 213.631.1854 5

BIG PICTURE : DIFFERENT COMPANIES DIFFERENT NEEDS STARTUP There is no data in organization. Development speed is high. Developers create their own data with insert statements. DEVELOPED ORGANIZATION Data in other systems and in production. It is used to populate development environments. Speed of development slows down. 0 New Projects add files and data feeds Continuous Development adds its own production data Maintenance no new features, no inserts any more Migration only production data, moving on 10/7/14 Hush Hush info@mask-me.net 213.631.1854 6

NEW DEVELOPMENT When we start from Scratch, there is nothing and we can initially treat everything as if databases were code. Your Application Your Database Copyright 2005 / Scott W. Ambler 10/7/14 Hush Hush info@mask-me.net 213.631.1854 7

NEW DEVELOPMENT We create data with INSERT statements, saving them as code in Source Control. Cloud no Cloud makes no difference. Yes, promote to production Yes, promote to Staging Yes, promote to the QA Create a DDL and DML script in the source control SANDBOX: Create master data and test cases. test QA: Move new master data Run test cases Staging / UAT: Move New Master data, test for deployment Do UAT Production Now, users are testers CLEAR ALL THE TEST CASES LEAVE MASTER DATA 10/7/14 Hush Hush info@mask-me.net 213.631.1854 8

TO INFINITY AND BEYOND : IN PRODUCTION Big day being behind, we are in production Lots of transactions Database size reaches GB, TB, PT think Amazon, we all want our business be there We scale in various ways, yet the CRUD logic is the same Master data matures and gets into DB via GUI WE BECOME THE DEVELOPED ORGANIZATION WITH EXISTING SYSTEMS AND CONTINUOUS DEVELOPMENT 10/7/14 Hush Hush info@mask-me.net 213.631.1854 9

THE USUAL WAY OF DOING DATA CYCLE Yes, promote to production Yes, promote to Staging Yes, promote to the QA Transactional Data Master Data Create a DDL script in the source control Create DML Scripts - optional SANDBOX: Create master data and test cases. test QA: Move new master data Run test cases Staging/UAT:Move New Master data, test for deployment Do UAT CLEAR ALL THE TEST CASES LEAVE MASTER DATA DATABASE Production Now, users are testers Back Up BACK UP Truncate Transactional Data BACK UP with Reduced data set Mask Sensitive Data Apply code 10/7/14 Hush Hush info@mask-me.net 213.631.1854 10

NEW DEVELOPMENT EXISTING ORGANIZATION PRODUCTION SYSTMES DIFFERENCE ETL MASK Yes, promote to production Yes, promote to Staging Yes, promote to the QA Create a DDL and DML script in the source control SANDBOX: Create master data and test cases. test QA: Move new master data Run test cases Staging / UAT: Move New Master data, test for deployment Do UAT Production Now, users are testers CLEAR ALL THE TEST CASES LEAVE MASTER DATA 10/7/14 Hush Hush info@mask-me.net 213.631.1854 11

WE NEED TO MASK BEFORE WE DEVELOP! BUMMER! COMPLIANCE!!! SO WHAT IS THE CATCH? MASKING IS DEVELOPMENT ACTIVITY AND TAKES TIME THAT IS WHY IT IS OFTEN FORGOTTEN IN THE BEGINNING OF THE CYCLE, MAKING YOUR ORGANIZATION INSTANTLY N-COMPLIANT CURRENT SOLUTIONS USUALLY WORK ON A GOLDEN DB COPY OF EXISTING SYSTEMS 10/7/14 Hush Hush info@mask-me.net 213.631.1854 12

SOLUTION :: YET ATHER WAY :: MASKING IN ETL PRODUCTION SYSTMES ETL Yes, promote to production Yes, promote to Staging MASK Transactional Data Master Data Yes, promote to the QA Create a DDL script in the source control Create DML Scripts - optional SANDBOX: Create master data and test cases. test QA: Move new master data Run test cases CLEAR ALL THE TEST CASES LEAVE MASTER DATA Staging/UAT:Move New Master data, test for deployment Do UAT DATABASE Production Now, users are testers Get Delta ETL Package Move Staging Move To Sandbox Move To QA Mask Sensitive Data Apply a Transform To Accommodate DDL change 10/7/14 Hush Hush info@mask-me.net 213.631.1854 13

YET ATHER WAY : ETL SLA constraints on backup/load you might not have priviledge with your provider You need instant deltas of production data for development You have ETL already established You want masking be part of your already established ETL Requirements of GLBA, HIPAA, PSS/DSA Part of SDLC in Relational and in BI, with transforms Files Feeds from other production systems Benefits of HushHush No significant upfront investment No learning curve Part of development toolbox 10/7/14 Hush Hush info@mask-me.net 213.631.1854 14

ETL WITH AZURE FILES AZURE DATABASE ETL MASK FTP VM ETL MASK DATABASE VM STORAGE 10/7/14 Hush Hush info@mask-me.net 213.631.1854 15

DATA FLOW WITH ETL MASKING EXAMPLE 10/7/14 Hush Hush info@mask-me.net 213.631.1854 16

PERILS OF ENVIRONMENTS: DATA HOMOGNEITY ACROSS ENVIRONMENTS How close should environments be in terms of data? SANDBOXAND INTEGRATION ENVIRONMENTS hold the least amount of data. A rule of thumb: data set sufficient enough for developing functional requirements. Pros: speeds up development, cons: can t accommodate all the test cases and needs constant data set assessments. The QA/Staging should hold complete data set to allow for UAT and for performance and regression testing. Break Fix environment holds data set and schema as close to production as possible to allow for speedy production issues resolutions. PHYSICAL CONSTRAINTS goes without saying. disk space means no disk space. 10/7/14 Hush Hush info@mask-me.net 213.631.1854 17

PERILS OF ENVIRONMENTS CONT.: ENVIRONMENT SLAs is development around the clock with international development team, 24/7 or only happens in one place with 8 hours development day/time? RATE OF REFRESHES depends on whether we do continuous deployments or scheduled releases DATA RETENTION how much and often transactional data gets purged? SCHEMA MANAGEMENT Schema/data in source control? Are deployments automated including data? Are there specific structures that support metadata? 10/7/14 Hush Hush info@mask-me.net 213.631.1854 18

DATA LOAD SOLUTION STRATEGIES CONSTRAINTS Operational requirements for data availability data consistency performance data integrity Development Requirements for: development time skill sets ARCHITECTURAL PATTERNS Backup/Load ETL Solutions (different kinds) IN-CLOUD PATTERN - NEW VM Provisioning/IMAGE Environmental Monetary (space and processors) Political (we just do not want to use third party) 10/7/14 Hush Hush info@mask-me.net 213.631.1854 19

QA/STAGING/BREAK FIX ENVIRONMENTS BE AWARE! Backup/Load takes time. Count on it. Refactoring takes time. Count on it. ETL takes time. Count on it. Masking has its own architectures. Chose the one appropriate. 10/7/14 Hush Hush info@mask-me.net 213.631.1854 20

USED TOOLS AND OTHER TOOLS THAT HELP What I used: SQL Server, SSMS, SSIS, Data Quality Services, TFS, VS, Visio If you do not have VS and TFS: Red Gate: SQL Compare, SQL Data Compare,SQL Data Generator, SQL Source Control Embarcadero: E/R Studio, DB Change Manager HUSH-HUSH Masking components for ETL architectures from FSI 10/7/14 Hush Hush info@mask-me.net 213.631.1854 21

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information