The document discusses a framework for securing data in business intelligence and cloud computing environments. It proposes using tokenization techniques to replace sensitive data with surrogate tokens. The framework includes a tokenization server that generates tokens and stores the token-data mappings in a centralized vault. When data is queried, the tokens are substituted for the actual values. The document outlines the architecture of the framework and algorithms for token generation and substitution to provide data security while enabling analytics.
6. Term Formulated by Howard
Dressner, Vice President and
Research Fellow in Gartner Decision Making
research during the1980’s.
Transactions
and Planning
Initially known as DSS (Decision
Support System).
Plan Act
Refers to Computer based Reporting and Extract, Transform
methodologies and techniques Analysis and Load
used to identify, extract and Analyze Measure
analyze crucial historical, current
and predictive business data
through employing advanced
technological tools serving
enhanced decision making. Business Modeling Data Warehouse
By: Hossam El-Din Hassanien December, 27th 2011 6
7. “Getting data in, Getting
information out.”
◦ Data Warehousing:
Schema structures
Star
Snowflake
OLAP data stores
Transforming transactional data processing
to analytical data processing.
◦ Tactical and Strategic Analytics
Dashboards and Scorecards
Multi-dimension analysis
Data Warehousing Architectures
Cross functional
comparisons
Trend analysis
Dashboards and
OLAP cubes Scorecards
By: Hossam El-Din Hassanien December, 27th 2011 7
8. Requires massive amounts resources.
◦ Network
◦ Storage
◦ Processing Power
◦ Advanced technological tools
Requires extreme secure perimeter
◦ Protecting the tactical and strategic
confidential data
Photo taken during World War II.
Financial “If you talk too much, this man may
Inter-departmental die.”
Etc.
Limitations in a nutshell
◦ Elevated Security requirements
◦ Increasing TCO and ROI reduction
By: Hossam El-Din Hassanien December, 27th 2011 8
10. “Among the top 3
technology trends to
impact IT
Infrastructure, top 10 to
impact Business
Development”. Gartner Inc.
Is the new utility model of
IT services delivery on a
“Pay-per-Use”
schemes, through
deploying scalable
virtualized resources that
are allocated on a user
choice of combinations of
types and models.
By: Hossam El-Din Hassanien December, 27th 2011 10
11. Cloud Computing Types:
◦ SaaS (Software-as-a-Service)
Defines the utility services and user
control provided by the SP (Service
Provider) over the application level.
◦ PaaS (Platform-as-a-Service)
Defines the utility services and user
control provided by the SP over the
application as well as the platform
level.
◦ IaaS (Infrastructure-as-as-Service)
Defines the utility services and user
control provided by the SP over the
application ,the platform level. and
Infrastructure level.
By: Hossam El-Din Hassanien December, 27th 2011 11
12. Cloud Computing
Models: ◦ Community Cloud
◦ Public Cloud Virtualized to be shared and
Virtualized to be shared and used used by the public with access
by the public with no segregations to several communityy
done by SPs over user groups.
classifications. Adopted by community
Widely adopted groups.
Least Expensive Security constrained only by
adversarial frequencies within
Usually poses security constraints
the community.
◦ Private Cloud ◦ Hybrid Cloud
Virtual remote privately dedicated
Combines outsourcing virtual
and leased to the users.
resources with on-premise
Adopted by enterprises interested resource hosting.
in full resource outsourcing and
Usually adopted by
highest security measures.
stakeholders seeking
Comparatively expensive. expanding present
Security constrained by SP defense infrastructures,
mechanisms. Security constraints
complemented by merging SP
enforced rules and
stakeholders measures.
By: Hossam El-Din Hassanien December, 27th 2011 12
13. Security , privacy and trust.
◦ Third party control over production resources.
◦ Hosting confidential data, posing leakage threats.
Currently based on Open-Standards
◦ Ad-hoc standards as the only real standards.
Customized SLAs between customers and SPs.
Data lock-in
◦ Probable inabilities towards completely relinquishing outsized restricted
organizational data.
Random instance placement
◦ Multi-tenancy over the different types and models of CC.
By: Hossam El-Din Hassanien December, 27th 2011 13
15. Payment Card Industry-Data
Security Standard(PCI-DSS).
Emerged through research and
developments done by Payment
Card Industry- Security Standards
Council (PCI-SSC).
Originally adopted to elevate
security measures in PCI.
Token Servers originates
surrogate values called
tokens, replacing sensitive data
in applications and databases.
These tokens are stored in
Central Data Vaults that is
unlocked only by proper
authorization credentials.
By: Hossam El-Din Hassanien December, 27th 2011 15
16. Easier to manage and more secure.
◦ Reducing points of crucial data is stored to
only CDVs, hence less exposure.
◦ Consolidating and centralizing security
systems to be audited.
Eliminates impedance introduced by
inconsistencies aroused from
random encryption.
◦ Records created only once in CDV (Reducing
storage space).
◦ DW sensitive encrypted data values used in
referential integral analytics queries are
consistent.
Absolutely Simpler to
Reverse-Engineering Omission:
Secure Implement
◦ Eliminates mathematical relations between
Simpler to Simpler to
plain-texts and cipher-texts. Manage Audit
By: Hossam El-Din Hassanien December, 27th 2011 16
18. Business-Intelligence Solution
Business •Advanced Multi-Dimensional
Analytics
Intelligence/ Decision •Efficient and Accurate
Enterprise Performance
Data Support Management
Warehouse
•Leveraging sophisticated
Cap-Ex to Op-
Hybrid Cloud Business Computing solutions
Ex for SMEs
Computing Transformation
•Cost reduction/management
expanding organizational ROI
Model
•Advanced Cryptography
mechanisms
Tokenization Secure Data •Untraceable ciphers omitting
reverse engineering to plain
Perimeters
Data Security texts
By: Hossam El-Din Hassanien December, 27th 2011 18
19. Virtual CC resources:
◦ BI/Reporting Server.
◦ Data Warehouse back-end (Tokenized).
BI/Reporting
Server
◦ Extraction, Transform and Load Server.
On-premise/Private-Cloud resources:
◦ Virtual Private Cloud (VPC) interlink.
◦ Tokenization Server
ETL Server and Data-Warehouse
Tokenization Data Vault.
Algorithmic packages and functions orchestrating/maintaining tokens:
Fine Grained Audit conditional policies (DBMS_FGA) over DB DML operations.
maintain_Tokenization_lookup_algorithm.
substitute_values_Actual_to_Token.
Supervisory global_Algorithm.
Tokenization
Server
By: Hossam El-Din Hassanien December, 27th 2011 19
20. Disparate source systems Present inside or outside Cloud
networks
Tokenization Sever present on-
premise or inside a Private Cloud
Network
Tokenization Server
ETL Server and Data-Warehouse
BI/Reporting
Server
Legen
d:
BI/DWH components hosted inside a Cloud Actual Sensitive
(Public, Private Etc.) Data Flow:
Logical Sensitive
Data Flow:
By: Hossam El-Din Hassanien December, 27th 2011 20
21. Customized Token generation.
1. maintain_Tokenization_lookup_algorithm
2. substitute_values_Actual_to_Token
Global algorithm:
•Algorithm
maintain_Tokenization_lookup_algorithm:
ELSE
maintain_Tokenization_lookup_algorithm
SELECT <sensitive_Data_Column_Name>_Token
(
FROM tokenization_lookup_table
SET unique_Token = 0;
WHERE ROWID=(SELECT MAX(ROWID) FROM
tokenization_lookup_table);
GET <sensitive_Data_column_name>;
GET <sensitive_Data_table_name>;
IF sensitive_Data_Cursor.current_Actual_Data exists in
tokenization lookup table;
THEN
CURSOR sensitive_Data_Cursor
END;
IS SELECT <sensitive_Data_Column_Name> FROM <sensitive_Data_Table_Name>;
ELSE
INSERT INTO tokenization_lookup_table
(token,
FOR I = 0 TO sensitive_Data_Cursor.length
corresponding_Sensitive_Data)
(
VALUES
IF SELECT COUNT(token) FROM
(unique_Token,
tokenization_lookup_table
sensitive_Data_Cursor.current_Actual_Data);
=0;
unique_Token ++;
THEN
ENDIF;
INSERT INTO tokenization_lookup_table
I ++;
(token,
corresponding_Sensitive_Data)
) End LOOP;
VALUES
) End maintain_Tokenization_lookup_algorithm;;
(unique_Token,
sensitive_Data_Cursor.current_Actual_Data);
unique_Token ++;
By: Hossam El-Din Hassanien December, 27th 2011 21
22. Customized Token generation.
1. maintain_Tokenization_lookup_algorithm
2. substitute_values_Actual_to_Token
Global algorithm:
•Algorithm substitute_values_Actual_to_Token:
substitute_values_Actual_to_Token
(
GET <sensitive_Data_column_name>;
GET <sensitive_Data_table_name>;
CURSOR sensitive_Data_Cursor
IS SELECT <sensitive_Data_Column_Name> FROM <sensitive_Data_Table_Name>;
FOR I = 0 TO sensitive_Data_Cursor.length
(
Token_Value = SELECT token
FROM tokenization_lookup_table
WHERE sensitive_Data_Cursor.
current_sensitive_Data
=
tokenization_lookup_table.
current_Corresponding_Sensitive_Data;
INSERT INTO <actual_table_name>
(<actual_column_name>_token)
VALUES
(Token_Value);
DELETE <actual_table_name>.<actual_column_name>
WHERE <actual_table_name>.<actual_column_name>_token
=
tokenization_lookup_table.token;
) End LOOP;
) End substitute_values_Actual_to_Token;
By: Hossam El-Din Hassanien December, 27th 2011 22
24. Business •Advanced Multi-Dimensional
Analytics
Intelligence/ Decision •Efficient and Accurate
Enterprise Performance
Data Support Management
Warehouse
•Leveraging sophisticated
Cap-Ex to Op-
Hybrid Cloud Business Computing solutions
Ex for SMEs
Computing Transformation
•Cost reduction/management
expanding organizational ROI
Model
•Advanced Cryptography
mechanisms
Tokenization Secure Data •Untraceable ciphers omitting
reverse engineering to plain
Perimeters
Data Security texts
By: Hossam El-Din Hassanien December, 27th 2011 24
26. Conclusion
◦ BI is important for organizations.
Performance analysis.
Fact based decision making.
◦ Cloud Computing extensively addresses expense issues with large scale
implementations.
CapEx to OpEx.
Undermined resources.
◦ Non-convenitional data security approaches imperative combining BI with CC.
Simplified Infrastructure management, Data audit, Implementations.
Elevated levels of data security.
◦ Almost all the current applications does not support Tokenization Data Security.
Future work
◦ Driving motivations for vendors to support out-of-the-box Tokenization Data
Security.
◦ Sophisticated Tokenization algorithms.
◦ Propagation and Replication of current approaches to different frameworks in
organizations, forming complete center points of truth for data security.
By: Hossam El-Din Hassanien December, 27th 2011 26