Companies should be gearing up for May 25, 2018 when the General Data Protection Regulation (GDPR) comes into effect. GPDR will affect how businesses that serve the European Union collect, use and transfer data, forcing them to provide specific reasons and need for the personal data they gather and prove their compliance with the principles established by the regulation.
The regulation is already creating many challenges for companies, including:
• Ensuring secure access to most current data, whether on or off-premise
• Consistent security across all data sources
• Data access audit
• Ability to provide data lineage
This webinar aims to demonstrate how data virtualization has surfaced as a straight-forward solution to many of the challenges and questions brought on by the GDPR. It will also include a case study of how Asurion already achieved the desired level of security with data virtualization.
Watch the webinar in full to learn more about the benefits of using data virtualization to smoothly comply with the GDPR: http://ow.ly/1kzk30bRw3i
4. 4
Wikipedia
Information privacy, or data privacy (or data protection), is the
relationship between the collection and dissemination
of data, technology, the public expectation of privacy, and
the legal and political issues surrounding them.
16. 16
The Business Need
Ready Access to Critical Information to Support Business Processes
16
MarketingSales ExecutiveSupport
Customers
Invoices Products
Service
Usage
Access to complete information:
business entities and pre-integrated
views
Access to related information:
discovery and self service
Access in real-time from different
apps and devices
17. The Challenge
17
Governing Personal Data
MarketingSales ExecutiveSupport
Is the data being
processed in a lawful,
fair and transparent
way?
Is the data being
collected for a
specific, explicit and
legitimate purpose?
Is the data adequate
and limited to what is
necessary for
processing?
Is the data you are
viewing accurate, up-
to-date?
Is the data kept in a
form where subject is
identifiable no longer
than is necessary?
Is the data processed
in a manner that
ensures appropriate
security of data?
Database
Apps
Warehouse Cloud
Big Data
Documents AppsNo SQL
Multiple ungoverned and
potentially unsecured
copies of the data?
Lineage of the data?
Consistent security of the
data?
Data on premise and off?
Data access audit? Who is
replicating the data?
Discovery what data is
actually published to
consumers?
Access to most up to date
data?
Is data anonymised ?
20. Data Abstraction Layer
20
The Solution
Abstracts access to
disparate data sources
Acts as a single repository
(virtual)
Makes data available in
real-time to consumers
20
DATA ABSTRACTION LAYER
21. 21
Data Abstraction Layer
Logical Data Model
Sources
Combine,
Transform
&
Integrate
Publish
Base View
(Source
Abstraction)Client Address Client
Type
Company Invoicing Service
Usage
Product Logs Web
Incidents
Customer Invoice Product
Customer Invoicing
Service Usage Incident
Hadoop Web SiteRest
Web Service
Multi-
dimensional
SalesforceSQL
Server
Oracle
SQL, SOAP, REST, ODATA, etc. Denodo’s Information Self Service
25. “3 Steps to Data Protection Compliance”
www.datavirtualizationblog.com
Mark Pritchard
Don’t update tomorrow what
you could update today!
26.
27. 27
Security in Denodo
Overview
Authentication
• Pass-through authentication
• Kerberos and Windows SSO
• OAuth, SPNEGO
Authentication
• Standard JDBC/ODBC security
• Kerberos and Windows SSO
• Web Service security
LDAP
Active Directory
Role based Authentication &
Authorization
Guest, employee, corporate
Schema-wide Permissions
Data Specific Permissions
(Row, Column level, Masking)
Policy Based Security
Data in motion
• SSL/TLS
Data in motion
• SSL/TLS
Encrypted
data at rest
• Cache
• Swap
32. 32
Custom
Policy
Conditions satisfied
Security: applies custom security
policies
• If person accessing data has role of
'Supervisor' and location is 'New
York', then show compensation
information for employees in the
New York office only.
Enforcement: rejects/filters
queries by specified criteria like
user priority, cost, time of day etc.
• If the production batch window runs
from 3 am - 6 am, there is
increased load on production
servers at this time. So, all queries
on these servers can be blocked
during this time to prevent failure of
a process.
Data consuming users, Apps
Query
Accept / add filters
Reject
Security in Denodo
Custom Policies: Interception of queries before they are executed
Policy Server
(e.g. Axiomatics)
33. 33
Security in Denodo
• Audit trail of all the queries and other actions executed on the
system
Complete Auditability
• With this information it is possible
to check at any time who has
accessed to which resources, what
changes have been made or what
queries have been executed, and
when it happened
• The information is stored centrally
and Denodo supports SNMP, JMX
and WS-Management standards
34.
35. 35
Information Self Service
E/R diagram
1
Click on a view to
navigate to the
details
2
Hover on the
arrows to show
the details of
the PK-FK
relationships
36. 36
Information Self Service
Browse and Search Metadata Catalog
1Browse and search
virtual databases
2 Browse and search
available views
3 Review metadata
and descriptions
4 Query the view
37. 37
Information Self Service
Querying Data
1Access to the
Denodo catalog
2 Query and filter
for data
3 Click on the green arrows to drill
down into related information
38. 38
Information Self Service
Data Lineage
1 Select Data Lineage
for the View
2 Select column
to see lineage
3 Hover and click the
icons to see details
39. 39
Data Virtualization Supports GDPR
Adhering to GDPR principles
Purpose Based
Processing
• Role based access
ensures that views
can be reused for
multiple purposes.
• Users and
Applications can
access single view
but ensure that
the data returned
is applicable for
the
user/applications
purpose.
Consent Based
Processing
• Integrate real-
time with consent
management
systems
• Row level, column
level policies can
be applied in
Denodo
• Custom policies
have access to
context
information
Data Minimization
• Create virtual
model for data
necessary for
given purpose
• Limit specific
access of data as
designed centrally
in Denodo
Data
Anonoymization
• Views can be
configured in
Denodo to offer
anonymized
reporting of data
• Allow access only
to aggregated
data
42. Asurion’s continuous innovation is helping 290M customers globally
stay connected while driving loyalty to our partners’ brands
• Founded in the mid 1990’s, Asurion has been serving the communications and retail industries for over 20 years
• Based in Nashville, Tennessee, Asurion has over 17,000 associates worldwide
• Serving more then 290 million consumers globally through our operations in 18 countries:
• Asurion is privately-held with annual revenues in excess of $5.8 billion
• Our management team comes from best-in-class companies with experience across mobile, wireline telecom, logistics, insurance, service
contracts, consulting, customer care, marketing, retail and more
• Asurion partners with the worlds leading mobile carriers, retailers cable satellite and cable providers.
North America
• Global Headquarters
• 15 Corporate Owned
Call Centers
• Logistics Center
South America
• 2 Corporate Offices
Europe
• 3 Corporate Offices
• 1 Corporate Owned Call Center
Asia Pacific
• 13 Corporate Offices
• Logistics Center
• 2 Corporate Owned
Call Centers
• Australia
• Brazil
• Canada
• China/Hong-Kong
• Colombia
• England
• France
• Israel
• Japan
• Korea
• Malaysia
• Mexico
• Philippines
• Peru
• Singapore
• Taiwan
• Thailand
• United States
Expanding Global Presence
Corporate Overview
43. Asurion’s Data Architecture Started Here
Identify targeted business
initiatives
Define Data
Strategy
Implement Big
Data
infrastructure
Build
analytics
model
Determine
required insights
Conduct Data
scientist training
& certification
Security Constraints
Geogr
aphic
Client
Based
PII
Depart
mental
Constr
aints
45. 45
On-Premise
Global Device Insurance and Support Services Company
DataVirtualization
Abstraction/Security
AWS
Postgres
MySQL
Oracle
SQL Server
Customer
Interactions
Telemetry
Legacy
Migration
Reporting /
Analytics
e.g.
- Oracle
BI
- MSRS
- SQL
clients
Active
Directory
46. 46
Enterprise Architect
Our Denodo rollout was one of the easiest and most successful rollouts of
critical enterprise software I have seen. It was successful in handling our
initial, security, use case immediately, and has since shown a strong ability
to cover additional use cases, in particular acting as a Data Abstraction Layer
via it's web service functionality.”
50. 50
Further reading
Seamlessly Comply with the GDPR
Leverage Data Virtualization to Manage Data Access from
a Single Point
http://www.denodo.com/en/document/solution-brief/seamlessly-comply-gdpr
Enhancing the Security of your Enterprise Data
Layer
http://www.datavirtualizationblog.com/enhancing-security-enterprise-data-layer/
https://community.denodo.com/
Product documentation, FAQ, tutorials