BIG DATA: Big Opportunity, Big Headaches Protect your Big Data with data security Marilene Roder WW Enablement, Guardium IBM Security Brazil Security Roadshow June 9-11, 2 015 12015 IBM Corporation 2014 IBM Corporation
Big Data vs Hadoop O que e Big Data? O que e Hadoop? a) Grande volume de dados b) Dados estruturados e nao estruturados (texto, media, logs de web, GPS..) c) Dados gerados em alta velocidade d) Todas estão corretas a) Platforma open source b) Armazenamento distribuidos de grandes volumes de dados c) Possui vários components, como MapReduce e HDFS d) Todas estão corretas 2 2014 2015 IBM Corporation
The Opportunities from Big Data & Analytics are Infinite 90% Increased Transaction Capacity 98% 98% Cut in Storage Decrease time Requirements to analyze data $1M 40X Analysis Performance Gain 72% Reduction in Fraudulent Claims 60X Faster Query Performance Estimated Cash Savings 3 2014 2015 IBM Corporation
Handling Higher Variety, Velocity and Volume Data as the Biggest Opportunity for Data Security What is the biggest opportunity for new data security innovation at your company? Base: 200 security decision makers Source: A commissioned study conducted by Forrester Consulting on behalf of IBM, June 2014 4 2014 2015 IBM Corporation
Organizations are Jumping into Big Data with Both Feet Departmental projects Rogue IT teams Using production data Loose user controls Impossible to audit 5 2014 2015 IBM Corporation
Big Data: Are You Ready for the Headaches? Near Daily Leaks of Sensitive Data 40% increase in reported data breaches and incidents Relentless Use of Multiple Methods 800,000,000+ records were leaked, while the future shows no sign of change Insane Amounts of Records Breached 42% of CISOs claim the risk from external threats increased dramatically from prior years. 6 Source: IBM X-Force Threat Intelligence Quarterly 1Q 2015 and 2014 IBM Chief Information Security Officer Assessment 2014 2015 IBM Corporation
Are You Ready for the Costs? 2014 Cost of Data Breach Study From Ponemon Institute, sponsored by IBM 7 2014 2015 IBM Corporation
2015 Cost of a Data Breach in Brazil The average per capita cost of data breach over three years (R$) 265 days to identify a malicious attack 158 days to identify data breach cause by human error Average lost business costs (R$ millions) The average total organizational cost of data breach over three years (R$ millions) 2013 1.03 2014 1.47 2015-1.53 http://www-03.ibm.com/security/data-breach/ From Ponemon Institute, sponsored by IBM 8 2014 2015 IBM Corporation
Compliance with Regulations Security Russia: Computerization & Protection of Information / Participation in Int l Info Exchange United Kingdom: Data Protection Act EU: Protection Directive Switzerland: Federal Law on Data Protection Constitution Germany: Federal Data Protection Act & State Laws South Africa: Promotion of Access to Information Act Poland: Polish Israel: Protection of Privacy Law China Commercial Banking Law Pakistan: Banking Companies Ordinance Korea: 3 Acts for Financial Data Privacy Japan: Guidelines for the Protection of Computer Processed Personal Data India: SEC Board of India Act Indonesia: Bank Secrecy Regulation 8 New Zealand: Privacy Act Australia: Federal Privacy Amendment Bill Taiwan: Singapore: Computer- Processed Monetary Authority of Personal Data Singapore Act Protection Law Vietnam: Banking Law Hong Kong: Privacy Ordinance Philippines: Secrecy of Bank Deposit Act Argentina: Habeas Data Act Canada: Personal Information Protection & Electronics Document Act USA: Federal, Financial & Healthcare Industry Regulations & State Laws Mexico: E-Commerce Law Chile: Protection of Personal Data Act Brazil: Constitution, Habeas Data & Code of Consumer Protection & Colombia: Defense Political Constitution Article 15 9 2014 2015 IBM Corporation
Sensitive Data is Common in Big Data Projects Healthcare Customer Citizen 10 2014 2015 IBM Corporation
The Need for Data Security and Privacy in Big Data The same risks are magnified and big data introduces new challenges Brand Reputation New Users Data Breach Attractive Target $100M+ impact to the business Data sharing and new user access Avg cost per breach $5M - It s not if, it s when Compliance BIG DATA PLATFORM Data security hotspot for internal/external threat Fewer Tools Changing and new privacy legislation Traditional tools no longer apply 11 2014 2015 IBM Corporation
Big Data Technology Considerations in Security and Privacy Unclear understanding of sensitive data Difficulty finding potentially sensitive data and relationships USER ACCESS REQUESTS BIG DATA PLATFORM SOURCE SYSTEMS, DATA MARTS, SILOS 12 2014 2015 IBM Corporation
Only about a Third of Firms Classify their Data How does your organization determine the value and/or sensitivity of data to the company? Base: 200 security decision makers Source: A commissioned study conducted by Forrester Consulting on behalf of IBM, June 2014 13 2014 2015 IBM Corporation
Big Data Technology Considerations in Security and Privacy Unclear understanding of sensitive data Difficulty finding potentially sensitive data and relationships Lack tools to quickly and effectively protect data on sources or platform BIG DATA PLATFORM Inability to track users/data access activity USER ACCESS REQUESTS Inconsistent security controls among traditional and big data infrastructure SOURCE SYSTEMS, DATA MARTS, SILOS 14 2014 2015 IBM Corporation
Big Data: Critical Data Security Capabilities Critical Capabilities Auditing with minimal performance impact Real-time alerts, so you can take action before it s too late. Separation of duties, so the security/auditing person is not the same as the Hadoop administrator Data encryption & masking Data scalability, performance & the ability to integration across diverse traditional and big data environments Hadoop IBM Data Security 15 2014 2015 IBM Corporation 15
The Inability to Track Users and Data Access Leaves Organizations Open to Attack What can you do? Continuously monitor access to sensitive data including databases, data warehouses, big data environments and file shares to... 1 2 Prevent data breaches Avoiding disclosure or leakage of sensitive data Ensure the integrity of sensitive data Prevent unauthorized changes to data, database structures, configuration files and logs 3 Reduce cost of compliance Automate and centralize controls Simplify the audit review processes 16 2014 2015 IBM Corporation
Inconsistent Security Controls across Big Data and Traditional Environments Elevates Risk A Lot What can you do? Protect your data in an efficient, scalable and cost-effective way to... Increase operational efficiency Automate & centralize internal controls Across heterogeneous & distributed environments Identify and help resolve performance issues & application errors Highly-scalable platform, proven in most demanding data center environments worldwide Infrastructure & business processes perform consistently while making your data security platform smarter and more efficient at detecting threats 17 2014 2015 IBM Corporation
Architecture for real-time monitoring solution Uses software tap to capture user activity at the operating system level Catches local and remote events Events are streamed to a hardened software or hardware appliance Events are recorded based on security policies Dashboards Anomalies InfoSphere Guardium Collector Appliance Audit reports Clients S-TAPs BigInsights Hadoop Cluster Heavy lifting occurs on Guardium collector! Very low overhead on Hadoop Cluster Real-time alerts 18 2014 2015 IBM Corporation
IBM s Approach to Data Security and Privacy for Big Data 1) Define sensitive data and share 2) Discover and Classify sensitive data 3) Protect sources and data: Mask, Redact, Encrypt 4) Monitor Data Activity, Alerts, Blocking, Advanced Analytics USER ACCESS REQUESTS SOURCE SYSTEMS, DATA MARTS, DOCUMENTS BIG DATA (Hadoop, NoSQL and Warehouse ) PLATFORMS 5) Expansion to the Enterprise 19 2014 2015 IBM Corporation
IBM Has You Covered for Protecting All Your Data DATABASES Pure Data Analytics Optim Archival D A T A B A S E DB2 with BLU Acceleration InfoSphere BigInsights Master Data Management Exadata Data Stage DB HANA CICS Siebel, PeopleSoft, E-Business FTP Guardium z/os Datasets 20 2014 2015 IBM Corporation
Guardium Consistent, comprehensive data security across traditional and big data environments UNCOVER DATA RISKS Define and find sensitive data and relationships so you know what you need to protect Guardium PROTECT DATA Secure and protect sensitive structured and unstructured from breach or misuse MONITOR & ACT AGAINST ATTACKS Address both external attacks AND block unauthorized access by privileged users 21 2014 2015 IBM Corporation
A Private Bank in the UAE automates security compliance reporting in a big data environment Need Link to the case study http://public.dhe.ibm.com/c ommon/ssi/ecm/en/imc145 73usen/IMC14573USEN.P DF The bank processes several terabytes of data daily and required a solution which addressed the new security risks evolving around the world, especially with respect to protecting big data environments. Benefits Achieves ROI in 8 months A scalable security monitoring solution that supports diverse database environment and does not impact application performance The time required to produce audit and compliance reports has gone from two months to near real-time 22 2014 2015 IBM Corporation
Next Steps in Big Data Security? Get Educated Download educational pieces: Top Tips for Securing Big Data ebook Planning a Hadoop Data Security Deployment Analyst Reports: Control and Protect Sensitive Information in the Era of Big Data Visit the InfoSphere Data Security and Privacy for Big Data webpages Schedule a Client Value Engagement (CVE) Business and IT: Narrow the communication gap Easy to follow programmatic client-centric approach determine possible benefits from solution Fast time to completion: Less than 2 weeks deliverables easy to follow and understand 23 2014 2015 IBM Corporation
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. www.ibm.com/security 24 Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. 2014 IBM Corporation