1. Understanding Big Data



Similar documents
Cloud Computing. Making legal aspects less cloudy. Erik Luysterborg Partner Cyber Security & Privacy Belgium EMEA Data Protection & Privacy Leader

Securing tomorrow today Achieving enterprise technology and 'big data' solutions that support the tax lifecycle

EMEA TMC client conference Using global tax management systems to improve visibility and enhance control. The Crystal, London 9-10 June 2015

Cyber intelligence exchange in business environment : a battle for trust and data

Rosemary M. Amato, CISA Deloitte Accountants B.V.

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015

Hands on, field experiences with BYOD. BYOD Seminar

Vision on Mobile Security and BYOD BYOD Seminar

BladeLogic Software-as-a- Service (SaaS) Solution. Help reduce operating cost, improve security compliance, strengthen cybersecurity posture

European Commission initiatives on e- and mhealth

Deloitte Risk Services B.V. Cyber & Privacy Advisory. Deloitte Cyber & Privacy Risk Services Data Breach Management

Preemptive security solutions for healthcare

Privacy & Big Data: Enable Big Data Analytics with Privacy by Design. Datenschutz-Vereinigung von Luxemburg Ronald Koorn DRAFT VERSION 8 March 2014

Take the right steps 9 principles for building the Risk Intelligent Enterprise

Deloitte Discovery Caribbean & Bermuda Territory Guide

Addressing Cyber Risk Building robust cyber governance

5 th ISACA Athens Chapter Conference

IBM Software Top tips for securing big data environments

Cybersecurity The role of Internal Audit

Credit management services Because a sale is a gift until it is paid

How To Understand The Business Case For An Analytics Firm

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Enterprise Data Management for SAP. Gaining competitive advantage with holistic enterprise data management across the data lifecycle

BIG DATA FUNDAMENTALS

Statistical Challenges with Big Data in Management Science

Seven Things To Consider When Evaluating Privileged Account Security Solutions

A Pragmatic Guide to Big Data & Meaningful Privacy. kpmg.be

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

NCOE whitepaper Master Data Deployment and Management in a Global ERP Implementation

Address C-level Cybersecurity issues to enable and secure Digital transformation

TECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS

Data Classification Technical Assessment

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Consulting. The importance of optimizing maintenance management for efficient operations

Cyber Security Evolved

Information Stewardship: Moving From Big Data to Big Value

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

Cyber and Data Security. Proposal form

SAP Solution Brief SAP Solutions for Sustainability. Pave the Way for IT Innovation by Reducing Cost, Risk, and Energy Use

Consulting. Cost cutting Methodology and tools

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

3rd Party Assurance & Information Governance outlook IIA Ireland Annual Conference Straightforward Security and Compliance

Cloud Computing: Legal Risks and Best Practices

Global Tax and Legal September OECD s BEPS initiative a global survey Multinational survey results

4th Annual ISACA Kettle Moraine Spring Symposium

Key Cyber Risks at the ERP Level

Information Life Cycle Management (ILM)

Third Party Security: Are your vendors compromising the security of your Agency?

Newcastle University Information Security Procedures Version 3

Type of Personal Data We Collect and How We Use It

Small businesses: What you need to know about cyber security

Securing the Cloud infrastructure with IBM Dynamic Cloud Security

BEST PRACTICES IN MARKETING DATA GOVERNANCE

Big Data better business benefits

At a recent industry conference, global

BIG DATA. Shaun McLagan General Manager, RSA Australia and New Zealand CHANGING THE REALM OF POSSIBILITY IN SECURITY

The Next Wave of Data Management. Is Big Data The New Normal?

Simplification of work: Knowledge management as a solution

Best Practices in Incident Response. SF ISACA April 1 st Kieran Norton, Senior Manager Deloitte & Touch LLP

Thailand Tomorrow Tech Trends 2015 What is the catch?

CONNECTING ACCESS GOVERNANCE AND PRIVILEGED ACCESS MANAGEMENT

How To Create An Insight Analysis For Cyber Security

Solution Brief for ISO 27002: 2013 Audit Standard ISO Publication Date: Feb 6, EventTracker 8815 Centre Park Drive, Columbia MD 21045

Privacy and Electronic Communications Regulations

Cloud Security Trust Cisco to Protect Your Data

How To Manage Security On A Networked Computer System

Privacy by Design Protecting privacy in the age of analytics

Asia Pacific. Tax Management Consulting Why and What?

PROCESSING & MANAGEMENT OF INBOUND TRANSACTIONAL CONTENT

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

FTP-Stream Data Sheet

Dematerialisation and document collaboration

Sarbanes-Oxley Compliance for Cloud Applications

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

Logging In: Auditing Cybersecurity in an Unsecure World

Modern (Computational) Approaches to Big Data Analytics. CSC 576 Computer Science, University of Rochester Instructor: Ji Liu

Strengthen security with intelligent identity and access management

Transcription:

Big Data and its Real Impact on Your Security & Privacy Framework: A Pragmatic Overview Erik Luysterborg Partner, Deloitte EMEA Data Protection & Privacy leader Prague, SCCE, March 22 nd 2016 1. 2016 Deloitte Belgium - European Privacy Academy 2 Definition & Characteristics Big Data is the collection of large and complex data sets that are difficult to process using traditional database management tools or data processing applications. Big Data is the new raw material of business. The Economist BUT As Dan Ariely, Professor at Duke University said Big Data is like teenage sex: everyone talks about it, nobody really knows how to do it, everyone thinks everyone else is doing it, so everyone claims they are doing it. 2016 Deloitte Belgium - European Privacy Academy 3 1

Definition & Characteristics Big Data generally refers to a set of technologies and initiatives involving data that is too fast changing (velocity), massive (volume) or too diverse (variety) for conventional technologies, skills and infrastructure to handle efficiently. Velocity 90% of the data in the world today has been created in the last 2 years Batch to streaming data Volume Every day, we create more then 2,5 quintillion bytes of data Terabytes to Zettabytes Variety Diversity of data sources and formats Structured to Semi-Structured to Unstructured Analytics on almost all types of data Virtualization architecture Often distributed large-scale (cloud) infrastructures 2016 Deloitte Belgium - European Privacy Academy 4 A different set up No one to one relationship of server to data storage Reliance on virtualization architecture, needed to be able to draw from large content stores and archives as a single global resource Big Data environments often rely on distributed large-scale (cloud) infrastructures a diversity of data sources and a high volume + frequency of data migration between different (cloud) environments 5 Big Data Analytics Collecting, organizing and analyzing Large sets of data Better decisions Competitive advantage To discover patterns and other useful information 6 2

Analytics Opportunities Big Data Analytics represents tremendous opportunities, both for the private and public sector : As a business asset: can serve to understand customers at a whole new level. To improve health care: can help deliver effective health care to patients faster and earlier (e.g. predictive medicine). To improve service: analytics can be used by governments to improve their citizens experience with administration by anticipating their needs. To strengthen security : Potential for new security insights and enhanced detection and prevention systems provided that the challenges and risks are properly mitigated 7 Gathering information Profile Email content Browser history Online surveys European Privacy Academy 8 Gathering information Geolocalisation Geolocalisation Many apps request the user s location in order to give more accurate search results (e.g. nearest restaurant or shop of a certain company) Email content The content of the emails sent and received through Gmail are scanned by an automated software of Google. This information is then combined with other information of the Google profile of the users to display more relevant ads. European Privacy Academy 9 3

Gathering information Online surveys Data gathered through online surveys are used by companies to gain more insight about their clients (e.g. average age of people consuming their products) Browser history Several service providers combine the browsing history of an individual user with the knowledge gathered about other users following a similar browsing path to give more accurate search results or advertising (e.g. Amazon and FNAC s books suggestions, YouTube s videos suggestions, etc) Other sources European Privacy Academy data about the purchases made by a customer with its loyalty card, sensors in a car to determine the driving style of an individual, etc. 10 Big Data in perspective: General Data Protection Regulation Privacy by Design Privacy by Default Privacy Impact Assessment Records of Processing Activities Data Security of Processing Breach Notification Data Protection Officer 2016 Deloitte Belgium - European Privacy Academy 11 2. Big Data vs. Security & Privacy 2016 Deloitte Belgium - European Privacy Academy 12 4

Big Data vs. Security & Privacy Privacy Challenges Accuracy Outsourcing/ Transfers Transparency Big Data User Rights Privacy by Design Lawfulness 13 Big Data vs. Security & Privacy Privacy Challenges Creating entirely new challenges we have not encountered before: Data linkages: Powerful analytics solutions can link data sets to reveal someone s lifestyle, consumer habits, social networks and more even if no single data set reveals this personal information. Profiling: the use of identifiable data to profile individuals in order to analyze, predict and influence their behaviour. 14 Big Data vs Security & Privacy Security Challenges BIG DATA TRADITIONAL SECURITY Access to huge volumes Difficult to protect and monitor Complex environments Lack of granular audit trails Variety of data Difficulty to verify access 15 5

Big Data vs. Security & Privacy Security Challenges Big Opportunities: Big Data is now often regarded as most critical enterprise asset, focusing attention on performance and collection of data, not security. Big Attackers: Big Data attracts a new class of hackers & attacks. Threat landscape has altered radically. 16 Big Data vs. Security & Privacy Opportunity example Using Big Data to analyse, predict and prevent security incidents Big Data provides the opportunity to consolidate and analyse logs automatically from multiple sources rather than in isolation Potential for new insights and enhanced detection and prevention systems through continual adjustment and effectively learning good and bad behaviours 17 Big Data vs. Security & Privacy Challenge example Securing the organisation and customers information Information classification and data ownership become more critical Encryption and access controls based on data attributes rather than storage environment 18 6

3. Conclusive remarks 2016 Deloitte Belgium - European Privacy Academy 19 Conclusive remarks From a classic data protection governance model to an agile one The Big Data security challenges will require a more agile security governance model including: More attention to detail :A holistic privacy/security strategy A migration from point products to a more unified security architecture Open and scalable Big Data security tools and approach A strengthening of SOC s (Security Operations Centre) data science skills A more extensive leverage on external threat intelligence A more pragmatic focus on (breach) incident as well as identity and access management 20 Conclusive remarks From a classic data protection governance model to an agile one In addition, a more agile governance model should address the main privacy challenges of Big Data: Invest in IT security governance, not only security products Manage the security/privacy paradox and use an integrated security/privacy approach (e.g. monitoring versus anonymization) Clearly define privacy (and security) responsibilities Ongoing monitoring and audits (eg privacy impact assessments) Focus on the obtaining consent of the data subject: opt-in, not opt-out Make sure that processing remains compatible with purpose of collection(eg secondary use issue) Engage in harmonization and standardization Transparency towards data subject regarding its (GDPR) rights 21 7

Conclusive remarks A holistic risk based approach across the (big) data lifecycle Effective data protection looks across the data lifecycle to allow an enterprise to tailor policy in a way that keeps information safe, yet available to those authorized to access it. Without knowing the lifecycle of data flowing through your organisation, it is impossible to be sure that it is all managed appropriately. Creating a personal data inventory and/or personal data flow maps will allow to understand and analyze the scope of privacy in your organization. Data lifecycle Specific risks General risks Retention & Collection Storage Use Sharing Destruction Inconsistent Distributed Improper Unnecessary Misuse methods storage access/sharing retention Inappropriate Data distributed Improper Accidental Partial deletion classification across network duplication loss Inappropriate Unnecessary Inappropriate thirdparty controls deletion Accidental Theft or breach security controls retention Classify: Inconsistent/unclear data classification scheme to understand the type of data that exists throughout the organization Discover: Insufficient understanding of where data is stored and how it is used Control: Lack of user awareness of individual and organizational responsibilities surrounding data protection Access: Unauthorized access to data across the data lifecycle Audit: Insufficient capability to audit the usage of data or monitor the effectiveness of implemented controls 2016 Deloitte Belgium - European Privacy Academy 22 Thank you for your attention Any questions? Erik Luysterborg Partner, CIPP BE Cyber Risk Services Leader EMEA Data Protection & Privacy Leader eluysterborg@deloitte.com Direct: + 32 2 800 23 36 Mobile: + 32 497 51 53 95 2016 Deloitte Belgium - European Privacy Academy 23 Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ( DTTL ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global ) does not provide services to clients. Please see www.deloitte.com/about for a more detailed description of DTTL and its member firms. Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries and territories, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte s more than 200,000 professionals are committed to becoming the standard of excellence. This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the Deloitte Network ) is, by means of this communication, rendering professional advice or services. No entity in the Deloitte network shall be responsible for any loss whatsoever sustained by any person who relies on this communication. 2016 For information, contact Deloitte Belgium 2016 Deloitte Belgium - European Privacy Academy 24 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information