SlideShare une entreprise Scribd logo

Choosing the Right Data Security Solution

Protegrity
Protegrity
TechnologieBusiness
1  sur  39
Télécharger pour lire hors ligne
Choosing the Right Data Security Solution Ulf Mattsson, CTO Protegrity ulf.mattsson AT protegrity.com
Ulf Mattsson, CTO Protegrity 20 years with IBM Research & Development and Global Services Started Protegrity in 1994 (Data Security) Inventor of 25 patents – Encryption and Tokenization Member of • PCI Security Standards Council (PCI SSC) • American National Standards Institute (ANSI) X9 • International Federation for Information Processing (IFIP) WG 11.3 Data and Application Security • ISACA , ISSA and Cloud Security Alliance (CSA) 2
Agenda Data Breaches Data Protection Trends Encryption versus Tokenization Vault-based Tokenization versus Vaultless Tokenization Case studies Summary 3
4
A Growing Threat Attacks by Anonymous include • CIA, Interpol, Sony, Stratfor and HBGary Federal Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/, http://en.wikipedia.org/wiki/Timeline_of_events_involving_Anonymous 5
Today “Hacktivism” is Dominating Activist group Organized criminal group Relative or acquaintance of employee Former employee (no longer had access) Unaffiliated person(s) Unknown 0 10 20 30 40 50 60 70 % By percent of records Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/ 6
What Data is Compromised? Personal information (Name, SS#, Addr, etc.) Unknown (specific type is not known) Medical records Classified information Trade secrets Copyrighted/Trademarked material System information (config, svcs, sw, etc.) Bank account numbers/data Sensitive organizational data (reports, plans, etc.) Authentication credentials (usernames, pwds, etc.) Payment card numbers/data 0 20 40 60 80 100 %120 By percent of records. Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/ 7
LinkedIn Hit with $5 Million Class Action Suit By John Fontana | June 19, 2012 A class action suit against LinkedIn claiming that violation of its own privacy policies and user agreements allowed hackers to steal 6.46 million passwords. 8
Some Major Data Breaches April 2011 May 2011 Jun 2011 Jul 2011 Aug 2011 Time Impact $ Attack Type Source: IBM 2012 Security Breaches Trend and Risk Report 9
The Sony Breach Lost 100 million passwords and personal details stored in clear Spent $171 million related to the data breach Sony's stock price has fallen 40 percent For three pennies an hour, hackers can rent Amazon.com to wage cyber attacks such as the one that crippled Sony Attack via SQL Injection 10
SQL Injection Attacks are Increasing 25,000 20,000 15,000 10,000 5,000 Q1 2011 Q2 2011 Q3 2011 Source: IBM 2012 Security Breaches Trend and Risk Report 11
New Industry Groups are Targets Accommodation and Food Services Retail Trade Finance and Insurance Health Care and Social Assistance Other Information 0 10 20 30 40 50 60 % By percent of breaches Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/ 12
The Changing Threat Landscape Some issues have stayed constant: • Threat landscape continues to gain sophistication • Attackers will always be a step ahead of the defenders We are fighting highly organized, well-funded crime syndicates and nations Move from detective to preventative controls needed Source: http://www.csoonline.com/article/602313/the-changing-threat-landscape?page=2 13
How are Breaches Discovered? Notified by law enforcement Third-party fraud detection (e.g., CPP) Reported by customer/partner affected Brag or blackmail by perpetrator Unknown Witnessed and/or reported by employee Other(s) Internal fraud detection mechanism Financial audit and reconciliation process Log analysis and/or review process Unusual system behavior or performance 0 10 20 30 40 50 60 70 % By percent of breaches . Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/ 14
What Assets are Compromised? Database server Web/application server Desktop/Workstation Mail server Call Center Staff People Remote Access server Laptop/Netbook File server Pay at the Pump terminal User devices Cashier/Teller/Waiter People Payment card (credit, debit, etc.) Offline… Regular employee/end-user People Automated Teller Machine (ATM) POS terminal User devices POS server (store controller) 0 20 40 60 80 100 % 120 By percent of records Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/ 15
Hacking and Malware are Leading Threat Action Categories Hacking Malware Social Physical Misuse Error Environmental 0 50 100 % 150 By percent of records Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/ 16
17
Use of Enabling Technologies Access controls 1% 91% Database activity monitoring 18% 47% Database encryption 30% 35% Backup / Archive encryption 21% 39% Data masking 28% 28% Application-level encryption 7% 29% Tokenization 22% 23% Evaluating 18
How can we Secure The Data Flow? Retail Bank Store Payment 9999 9999 Corporate Network Systems 19
What Has The Industry Done? Total Cost Input Value: 3872 3789 1620 3675 Of Ownership Strong Encryption !@#$%a^.,mhu7///&*B()_+!@ High AES, 3DES Format Preserving Encryption 8278 2789 2990 2789 DTP, FPE Format Preserving Vault-based Tokenization 8278 2789 2990 2789 Greatly reduced Key Management Vaultless Tokenization 8278 2789 2990 2789 Low No Vault 1970 2000 2005 2010 20
21
We Started with Vault-Based Tokenization … 22
Issues with Vault-based Tokenization 23
Goal: Miniaturization of the Tokenization Server Evolution Vault-less Tokenization Server Vault-based Tokenization Server 24
Tokenization Differentiators Vault-based Tokenization Vaultless Tokenization Footprint Large, Expanding. Small, Static. High Availability, Complex, expensive No replication required. Disaster Recovery replication required. Distribution Practically impossible to Easy to deploy at different distribute geographically. geographically distributed locations. Reliability Prone to collisions. No collisions. Performance, Will adversely impact Little or no latency. Fastest industry Latency, and performance & scalability. tokenization. Scalability Extendibility Practically impossible. Unlimited Tokenization Capability. 25
26
Speed of Different Protection Methods Transactions per second* 10 000 000 - 1 000 000 - 100 000 - 10 000 - 1 000 - 100 - I I I I Vault-based Format AES CBC Vaultless Data Preserving Encryption Data Tokenization Encryption Standard Tokenization *: Speed will depend on the configuration 27
Security of Different Protection Methods Security Level High Low I I I I Vault-based Format AES CBC Vaultless Data Preserving Encryption Data Tokenization Encryption Standard Tokenization 28
External Validation of Vaultless Tokenization “The Vaultless tokenization scheme offers excellent security, since it is based on fully randomized tables. This is a fully distributed tokenization approach with no need for synchronization and there is no risk for collisions.“ Prof. Dr. Ir. Bart Preneel Katholieke University Leuven, Belgium * Bart Preneel is a Belgian cryptographer and cryptanalyst. He is a professor at Katholieke Universiteit Leuven, president of the International Association for Cryptologic Research * The Katholieke University Leuven in Belgium is where Advanced Encryption Standard (AES) was invented. 29
30
Case Study: Large Chain Store Why? Reduce compliance cost by 50% • 50 million Credit Cards, 700 million daily transactions • Performance Challenge: 30 days with Basic to 90 minutes with Vaultless Tokenization • End-to-End Tokens: Started with the D/W and expanding to stores • Lower maintenance cost – don’t have to apply all 12 requirements • Better security – able to eliminate several business and daily reports • Qualified Security Assessors had no issues • “With encryption, implementations can spawn dozens of questions” • “There were no such challenges with tokenization” 31
Case Studies: Retail Customer 1: Why? Three major concerns solved • Performance Challenge; Initial tokenization • Vendor Lock-In: What if we want to switch payment processor • Extensive Enterprise End-to-End Credit Card Data Protection Customer 2: Why? Desired single vendor to provide data protection • Combined use of tokenization and encryption • Looking to expand tokens beyond CCN to PII Customer 3: Why? Remove compensating controls from the mainframe • Tokens on the mainframe to avoid compensating controls 32
What about Breaches & PCI? Was Data Protected? 9: Restrict physical access to cardholder data 5: Use and regularly update anti-virus software 4: Encrypt transmission of cardholder data 2: Do not use vendor-supplied defaults for security parameters 12: Maintain a policy that addresses information security 1: Install and maintain a firewall configuration to protect data 8: Assign a unique ID to each person with computer access 6: Develop and maintain secure systems and applications 10: Track and monitor all access to network resources and data 11: Regularly test security systems and processes 7: Restrict access to data by business need-to-know 3: Protect Stored Data % 0 10 20 30 40 50 60 70 80 90 100 Based on post-breach reviews. Relevant Organizations in Compliance with PCI DSS. Verizon Study 33
How Should I Secure Different Data? File Field Encryption Tokenization Use Case Card Simple - PII Holder PCI Data PHI Protected Health Complex - Information Type of I I Data Un-structured Structured 34
Flexibility in Token Format Controls Type of Data Input Token Comment Credit Card 3872 3789 1620 3675 8278 2789 2990 2789 Numeric Credit Card 3872 3789 1620 3675 8278 2789 2990 3675 Numeric, Last 4 digits exposed Credit Card 3872 3789 1620 3675 3872 qN4e 5yPx 3675 Alpha-Numeric, Digits exposed Medical ID 29M2009ID 497HF390D Alpha-Numeric Date 10/30/1955 12/25/2034 Date - multiple date formats E-mail Address yuri.gagarin@protegrity.com empo.snaugs@svtiensnni.snk Alpha Numeric SSN 075672278 or 075-67-2278 287382567 or 287-38-2567 Numeric, delimiters in input Invalid Luhn 5105 1051 0510 5100 8278 2789 2990 2782 Luhn check will fail Binary 0x010203 0x123296910112 Alphanumeric Position to place alpha is 5105 1051 0510 5100 8278 2789 299A 2781 Indicator configurable Decimal 123.45 9842.56 Non length preserving Deliver a different token to different Merchant 1: 8278 2789 2990 2789 Multi-Merchant 3872 3789 1620 3675 merchant based on the same credit Merchant 2: 9302 8999 2662 6345 card number. 35
What are the benefits of Tokenization? Reduces complexity of key management • Reduces the number of hacker targets Reduces theare the benefits of Tokenisation? What remediation for protecting systems • Reduces the cost of PCI Compliance Additional benefits with Protegrity Vaultless Tokenization Infinitely Scalable • Fastest tokenization method in the world Simplicity and Security: No replication, No collisions Flexible and easy to deploy and distribute • Lower Total Cost of Ownership than Vault-based Tokenization 36
About Protegrity Proven enterprise data security software and innovation leader • Sole focus on the protection of data • Patented Technology, Continuing to Drive Innovation Growth driven by compliance and risk management • PCI (Payment Card Industry) • PII (Personally Identifiable Information) • PHI (Protected Health Information) – HIPAA • State and Foreign Privacy Laws, Breach Notification Laws Cross-industry applicability • Retail, Hospitality, Travel and Transportation • Financial Services, Insurance and Banking • Healthcare, Telecommunications, Media and Entertainment • Manufacturing and Government 37
Summary Optimal support of complex enterprise requirements • Heterogeneous platform supports all operating systems and databases • Flexible protectors (Database, Application, File) • Risk Adjusted Data Protection offers the options for protection data with the appropriate strength. • Built-in Key Management • Consistent Enterprise policy enforcement and audit logging Innovative • Pushing data protection with industry leading Proven • Proven platform currently protects the worlds largest companies Experienced • Experienced staff will be there with support along the way to complete data protection 38
Questions and Answers Ulf Mattsson Protegrity CTO ulf.mattsson AT protegrity.com Elaine Evans Protegrity Marketing elaine.evans AT protegrity.com www.protegrity.com

Recommandé

Ulf mattsson webinar jun 7 2012 slideshare version
Ulf mattsson webinar jun 7 2012 slideshare versionUlf mattsson webinar jun 7 2012 slideshare version
Ulf mattsson webinar jun 7 2012 slideshare versionUlf Mattsson
 
ISACA New York Metro April 30 2012
ISACA New York Metro April 30 2012ISACA New York Metro April 30 2012
ISACA New York Metro April 30 2012Ulf Mattsson
 
ISACA Dallas Texas 2010 - Ulf Mattsson
ISACA Dallas Texas 2010 - Ulf MattssonISACA Dallas Texas 2010 - Ulf Mattsson
ISACA Dallas Texas 2010 - Ulf MattssonUlf Mattsson
 
Hazards of Biometric Authentication in Practice
Hazards of Biometric Authentication in PracticeHazards of Biometric Authentication in Practice
Hazards of Biometric Authentication in PracticeITIIIndustries
 
Solving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holtSolving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holtRoopa Nadkarni
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threatillustro
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authenticationHai Nguyen
 
Identity cues two factor data sheet
Identity cues two factor data sheetIdentity cues two factor data sheet
Identity cues two factor data sheetHai Nguyen
 

Recommandé

Ulf mattsson webinar jun 7 2012 slideshare version
Ulf mattsson webinar jun 7 2012 slideshare versionUlf mattsson webinar jun 7 2012 slideshare version
Ulf mattsson webinar jun 7 2012 slideshare versionUlf Mattsson
 
ISACA New York Metro April 30 2012
ISACA New York Metro April 30 2012ISACA New York Metro April 30 2012
ISACA New York Metro April 30 2012Ulf Mattsson
 
ISACA Dallas Texas 2010 - Ulf Mattsson
ISACA Dallas Texas 2010 - Ulf MattssonISACA Dallas Texas 2010 - Ulf Mattsson
ISACA Dallas Texas 2010 - Ulf MattssonUlf Mattsson
 
Hazards of Biometric Authentication in Practice
Hazards of Biometric Authentication in PracticeHazards of Biometric Authentication in Practice
Hazards of Biometric Authentication in PracticeITIIIndustries
 
Solving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holtSolving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holtRoopa Nadkarni
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threatillustro
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authenticationHai Nguyen
 
Identity cues two factor data sheet
Identity cues two factor data sheetIdentity cues two factor data sheet
Identity cues two factor data sheetHai Nguyen
 
Digital Identities and the Promise of the Technology Trio: PKI, Smart Cards, ...
Digital Identities and the Promise of the Technology Trio: PKI, Smart Cards, ...Digital Identities and the Promise of the Technology Trio: PKI, Smart Cards, ...
Digital Identities and the Promise of the Technology Trio: PKI, Smart Cards, ...Arab Federation for Digital Economy
 
Insider threat
Insider threatInsider threat
Insider threatARCON TECHSOLUTIONS
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
Neira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira Jones
 
Sas wp enterrprise fraud management
Sas wp enterrprise fraud managementSas wp enterrprise fraud management
Sas wp enterrprise fraud managementrkappear
 
Data Breach Response Guide (Whitepaper))
Data Breach Response Guide (Whitepaper))Data Breach Response Guide (Whitepaper))
Data Breach Response Guide (Whitepaper))NAFCU Services Corporation
 
Jon ppoint
Jon ppointJon ppoint
Jon ppointCheryl White
 
Configuration File of Trojan Targets Organization
Configuration File of Trojan Targets OrganizationConfiguration File of Trojan Targets Organization
Configuration File of Trojan Targets OrganizationDigital Shadows
 
Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015TransUnion
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaEMC
 
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting SeriousThe Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting SeriousIBM Security
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaAnjoum .
 
Taking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeTaking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeEMC
 
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010Jorge Sebastiao
 
Cloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowCloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowAct-On Software
 
Cloud Privacy
Cloud PrivacyCloud Privacy
Cloud PrivacyAct-On Software
 
ID Theft and Computer Security 2008
ID Theft and Computer Security 2008ID Theft and Computer Security 2008
ID Theft and Computer Security 2008Donald E. Hester
 
Proactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsProactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsClear Technologies
 
Joanna Belbey Presentation - BDI 10/20/11 Insurance Social Communications Lea...
Joanna Belbey Presentation - BDI 10/20/11 Insurance Social Communications Lea...Joanna Belbey Presentation - BDI 10/20/11 Insurance Social Communications Lea...
Joanna Belbey Presentation - BDI 10/20/11 Insurance Social Communications Lea...Business Development Institute
 
Dealing with the insider threat.
Dealing with the insider threat.Dealing with the insider threat.
Dealing with the insider threat.Matt Lemon
 
Why Hacking into Your Company is so Easy
Why Hacking into Your Company is so EasyWhy Hacking into Your Company is so Easy
Why Hacking into Your Company is so EasyProtegrity
 
Five steps to secure big data
Five steps to secure big dataFive steps to secure big data
Five steps to secure big dataUlf Mattsson
 

Contenu connexe

Tendances

Digital Identities and the Promise of the Technology Trio: PKI, Smart Cards, ...
Digital Identities and the Promise of the Technology Trio: PKI, Smart Cards, ...Digital Identities and the Promise of the Technology Trio: PKI, Smart Cards, ...
Digital Identities and the Promise of the Technology Trio: PKI, Smart Cards, ...Arab Federation for Digital Economy
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
Neira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira Jones
 
Sas wp enterrprise fraud management
Sas wp enterrprise fraud managementSas wp enterrprise fraud management
Sas wp enterrprise fraud managementrkappear
 
Configuration File of Trojan Targets Organization
Configuration File of Trojan Targets OrganizationConfiguration File of Trojan Targets Organization
Configuration File of Trojan Targets OrganizationDigital Shadows
 
Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015TransUnion
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaEMC
 
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting SeriousThe Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting SeriousIBM Security
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaAnjoum .
 
Taking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeTaking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeEMC
 
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010Jorge Sebastiao
 
Cloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowCloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowAct-On Software
 
ID Theft and Computer Security 2008
ID Theft and Computer Security 2008ID Theft and Computer Security 2008
ID Theft and Computer Security 2008Donald E. Hester
 
Proactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsProactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsClear Technologies
 
Joanna Belbey Presentation - BDI 10/20/11 Insurance Social Communications Lea...
Joanna Belbey Presentation - BDI 10/20/11 Insurance Social Communications Lea...Joanna Belbey Presentation - BDI 10/20/11 Insurance Social Communications Lea...
Joanna Belbey Presentation - BDI 10/20/11 Insurance Social Communications Lea...Business Development Institute
 
Dealing with the insider threat.
Dealing with the insider threat.Dealing with the insider threat.
Dealing with the insider threat.Matt Lemon
 

Tendances (20)

Digital Identities and the Promise of the Technology Trio: PKI, Smart Cards, ...
Digital Identities and the Promise of the Technology Trio: PKI, Smart Cards, ...Digital Identities and the Promise of the Technology Trio: PKI, Smart Cards, ...
Digital Identities and the Promise of the Technology Trio: PKI, Smart Cards, ...
 
Insider threat
Insider threatInsider threat
Insider threat
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
 
Neira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf ready
 
Sas wp enterrprise fraud management
Sas wp enterrprise fraud managementSas wp enterrprise fraud management
Sas wp enterrprise fraud management
 
Data Breach Response Guide (Whitepaper))
Data Breach Response Guide (Whitepaper))Data Breach Response Guide (Whitepaper))
Data Breach Response Guide (Whitepaper))
 
Jon ppoint
Jon ppointJon ppoint
Jon ppoint
 
Configuration File of Trojan Targets Organization
Configuration File of Trojan Targets OrganizationConfiguration File of Trojan Targets Organization
Configuration File of Trojan Targets Organization
 
Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - China
 
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting SeriousThe Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wandera
 
Taking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeTaking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication Challenge
 
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
 
Cloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowCloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to Know
 
Cloud Privacy
Cloud PrivacyCloud Privacy
Cloud Privacy
 
ID Theft and Computer Security 2008
ID Theft and Computer Security 2008ID Theft and Computer Security 2008
ID Theft and Computer Security 2008
 
Proactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsProactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van Symons
 
Joanna Belbey Presentation - BDI 10/20/11 Insurance Social Communications Lea...
Joanna Belbey Presentation - BDI 10/20/11 Insurance Social Communications Lea...Joanna Belbey Presentation - BDI 10/20/11 Insurance Social Communications Lea...
Joanna Belbey Presentation - BDI 10/20/11 Insurance Social Communications Lea...
 
Dealing with the insider threat.
Dealing with the insider threat.Dealing with the insider threat.
Dealing with the insider threat.
 

En vedette

Why Hacking into Your Company is so Easy
Why Hacking into Your Company is so EasyWhy Hacking into Your Company is so Easy
Why Hacking into Your Company is so EasyProtegrity
 
Five steps to secure big data
Five steps to secure big dataFive steps to secure big data
Five steps to secure big dataUlf Mattsson
 
20160628 Tania Martin Data Protection
20160628 Tania Martin Data Protection20160628 Tania Martin Data Protection
20160628 Tania Martin Data ProtectionSmals
 
Practical advice for cloud data protection ulf mattsson - jun 2014
Practical advice for cloud data protection ulf mattsson - jun 2014Practical advice for cloud data protection ulf mattsson - jun 2014
Practical advice for cloud data protection ulf mattsson - jun 2014Ulf Mattsson
 
How to evaluate data protection technologies - Mastercard conference
How to evaluate data protection technologies - Mastercard conferenceHow to evaluate data protection technologies - Mastercard conference
How to evaluate data protection technologies - Mastercard conferenceUlf Mattsson
 
Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...
Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...
Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...Hortonworks
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachUlf Mattsson
 

En vedette (7)

Why Hacking into Your Company is so Easy
Why Hacking into Your Company is so EasyWhy Hacking into Your Company is so Easy
Why Hacking into Your Company is so Easy
 
Five steps to secure big data
Five steps to secure big dataFive steps to secure big data
Five steps to secure big data
 
20160628 Tania Martin Data Protection
20160628 Tania Martin Data Protection20160628 Tania Martin Data Protection
20160628 Tania Martin Data Protection
 
Practical advice for cloud data protection ulf mattsson - jun 2014
Practical advice for cloud data protection ulf mattsson - jun 2014Practical advice for cloud data protection ulf mattsson - jun 2014
Practical advice for cloud data protection ulf mattsson - jun 2014
 
How to evaluate data protection technologies - Mastercard conference
How to evaluate data protection technologies - Mastercard conferenceHow to evaluate data protection technologies - Mastercard conference
How to evaluate data protection technologies - Mastercard conference
 
Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...
Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...
Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breach
 

Similaire à Choosing the Right Data Security Solution

ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonUlf Mattsson
 
Isaca e symposium understanding your data flow jul 6
Isaca e symposium understanding your data flow jul 6Isaca e symposium understanding your data flow jul 6
Isaca e symposium understanding your data flow jul 6Ulf Mattsson
 
Tokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and ComplianceTokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and ComplianceUlf Mattsson
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Ulf Mattsson
 
Cyber Security Briefing Asis Nyc 10 18 12
Cyber Security Briefing Asis Nyc 10 18 12Cyber Security Briefing Asis Nyc 10 18 12
Cyber Security Briefing Asis Nyc 10 18 12David Kondrup
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterPatricia M Watson
 
2013 PMA Business Security Insights
2013 PMA Business Security Insights2013 PMA Business Security Insights
2013 PMA Business Security Insightsgotopaz
 
Cacs na isaca session 414 ulf mattsson may 10 final
Cacs na isaca session 414 ulf mattsson may 10 finalCacs na isaca session 414 ulf mattsson may 10 final
Cacs na isaca session 414 ulf mattsson may 10 finalUlf Mattsson
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperNetIQ
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Rishi Singh
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 
SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15haney888
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counselbugcrowd
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Government
 

Similaire à Choosing the Right Data Security Solution (20)

ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
 
Isaca e symposium understanding your data flow jul 6
Isaca e symposium understanding your data flow jul 6Isaca e symposium understanding your data flow jul 6
Isaca e symposium understanding your data flow jul 6
 
Tokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and ComplianceTokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and Compliance
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0
 
Cyber Security Briefing Asis Nyc 10 18 12
Cyber Security Briefing Asis Nyc 10 18 12Cyber Security Briefing Asis Nyc 10 18 12
Cyber Security Briefing Asis Nyc 10 18 12
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise Chapter
 
2013 PMA Business Security Insights
2013 PMA Business Security Insights2013 PMA Business Security Insights
2013 PMA Business Security Insights
 
Cacs na isaca session 414 ulf mattsson may 10 final
Cacs na isaca session 414 ulf mattsson may 10 finalCacs na isaca session 414 ulf mattsson may 10 final
Cacs na isaca session 414 ulf mattsson may 10 final
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White Paper
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
 
Monitoring, Detecting And Preventing Insider Fraud And Abuse V2
Monitoring, Detecting And Preventing Insider Fraud And Abuse V2Monitoring, Detecting And Preventing Insider Fraud And Abuse V2
Monitoring, Detecting And Preventing Insider Fraud And Abuse V2
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business Ready
 
SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat Analysis
 
IBM Security Services
IBM Security ServicesIBM Security Services
IBM Security Services
 

Dernier

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

Dernier (20)

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 

Choosing the Right Data Security Solution

  • 1. Choosing the Right Data Security Solution Ulf Mattsson, CTO Protegrity ulf.mattsson AT protegrity.com
  • 2. Ulf Mattsson, CTO Protegrity 20 years with IBM Research & Development and Global Services Started Protegrity in 1994 (Data Security) Inventor of 25 patents – Encryption and Tokenization Member of • PCI Security Standards Council (PCI SSC) • American National Standards Institute (ANSI) X9 • International Federation for Information Processing (IFIP) WG 11.3 Data and Application Security • ISACA , ISSA and Cloud Security Alliance (CSA) 2
  • 3. Agenda Data Breaches Data Protection Trends Encryption versus Tokenization Vault-based Tokenization versus Vaultless Tokenization Case studies Summary 3
  • 4. 4
  • 5. A Growing Threat Attacks by Anonymous include • CIA, Interpol, Sony, Stratfor and HBGary Federal Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/, http://en.wikipedia.org/wiki/Timeline_of_events_involving_Anonymous 5
  • 6. Today “Hacktivism” is Dominating Activist group Organized criminal group Relative or acquaintance of employee Former employee (no longer had access) Unaffiliated person(s) Unknown 0 10 20 30 40 50 60 70 % By percent of records Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/ 6
  • 7. What Data is Compromised? Personal information (Name, SS#, Addr, etc.) Unknown (specific type is not known) Medical records Classified information Trade secrets Copyrighted/Trademarked material System information (config, svcs, sw, etc.) Bank account numbers/data Sensitive organizational data (reports, plans, etc.) Authentication credentials (usernames, pwds, etc.) Payment card numbers/data 0 20 40 60 80 100 %120 By percent of records. Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/ 7
  • 8. LinkedIn Hit with $5 Million Class Action Suit By John Fontana | June 19, 2012 A class action suit against LinkedIn claiming that violation of its own privacy policies and user agreements allowed hackers to steal 6.46 million passwords. 8
  • 9. Some Major Data Breaches April 2011 May 2011 Jun 2011 Jul 2011 Aug 2011 Time Impact $ Attack Type Source: IBM 2012 Security Breaches Trend and Risk Report 9
  • 10. The Sony Breach Lost 100 million passwords and personal details stored in clear Spent $171 million related to the data breach Sony's stock price has fallen 40 percent For three pennies an hour, hackers can rent Amazon.com to wage cyber attacks such as the one that crippled Sony Attack via SQL Injection 10
  • 11. SQL Injection Attacks are Increasing 25,000 20,000 15,000 10,000 5,000 Q1 2011 Q2 2011 Q3 2011 Source: IBM 2012 Security Breaches Trend and Risk Report 11
  • 12. New Industry Groups are Targets Accommodation and Food Services Retail Trade Finance and Insurance Health Care and Social Assistance Other Information 0 10 20 30 40 50 60 % By percent of breaches Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/ 12
  • 13. The Changing Threat Landscape Some issues have stayed constant: • Threat landscape continues to gain sophistication • Attackers will always be a step ahead of the defenders We are fighting highly organized, well-funded crime syndicates and nations Move from detective to preventative controls needed Source: http://www.csoonline.com/article/602313/the-changing-threat-landscape?page=2 13
  • 14. How are Breaches Discovered? Notified by law enforcement Third-party fraud detection (e.g., CPP) Reported by customer/partner affected Brag or blackmail by perpetrator Unknown Witnessed and/or reported by employee Other(s) Internal fraud detection mechanism Financial audit and reconciliation process Log analysis and/or review process Unusual system behavior or performance 0 10 20 30 40 50 60 70 % By percent of breaches . Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/ 14
  • 15. What Assets are Compromised? Database server Web/application server Desktop/Workstation Mail server Call Center Staff People Remote Access server Laptop/Netbook File server Pay at the Pump terminal User devices Cashier/Teller/Waiter People Payment card (credit, debit, etc.) Offline… Regular employee/end-user People Automated Teller Machine (ATM) POS terminal User devices POS server (store controller) 0 20 40 60 80 100 % 120 By percent of records Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/ 15
  • 16. Hacking and Malware are Leading Threat Action Categories Hacking Malware Social Physical Misuse Error Environmental 0 50 100 % 150 By percent of records Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/ 16
  • 17. 17
  • 18. Use of Enabling Technologies Access controls 1% 91% Database activity monitoring 18% 47% Database encryption 30% 35% Backup / Archive encryption 21% 39% Data masking 28% 28% Application-level encryption 7% 29% Tokenization 22% 23% Evaluating 18
  • 19. How can we Secure The Data Flow? Retail Bank Store Payment 9999 9999 Corporate Network Systems 19
  • 20. What Has The Industry Done? Total Cost Input Value: 3872 3789 1620 3675 Of Ownership Strong Encryption !@#$%a^.,mhu7///&*B()_+!@ High AES, 3DES Format Preserving Encryption 8278 2789 2990 2789 DTP, FPE Format Preserving Vault-based Tokenization 8278 2789 2990 2789 Greatly reduced Key Management Vaultless Tokenization 8278 2789 2990 2789 Low No Vault 1970 2000 2005 2010 20
  • 21. 21
  • 22. We Started with Vault-Based Tokenization … 22
  • 23. Issues with Vault-based Tokenization 23
  • 24. Goal: Miniaturization of the Tokenization Server Evolution Vault-less Tokenization Server Vault-based Tokenization Server 24
  • 25. Tokenization Differentiators Vault-based Tokenization Vaultless Tokenization Footprint Large, Expanding. Small, Static. High Availability, Complex, expensive No replication required. Disaster Recovery replication required. Distribution Practically impossible to Easy to deploy at different distribute geographically. geographically distributed locations. Reliability Prone to collisions. No collisions. Performance, Will adversely impact Little or no latency. Fastest industry Latency, and performance & scalability. tokenization. Scalability Extendibility Practically impossible. Unlimited Tokenization Capability. 25
  • 26. 26
  • 27. Speed of Different Protection Methods Transactions per second* 10 000 000 - 1 000 000 - 100 000 - 10 000 - 1 000 - 100 - I I I I Vault-based Format AES CBC Vaultless Data Preserving Encryption Data Tokenization Encryption Standard Tokenization *: Speed will depend on the configuration 27
  • 28. Security of Different Protection Methods Security Level High Low I I I I Vault-based Format AES CBC Vaultless Data Preserving Encryption Data Tokenization Encryption Standard Tokenization 28
  • 29. External Validation of Vaultless Tokenization “The Vaultless tokenization scheme offers excellent security, since it is based on fully randomized tables. This is a fully distributed tokenization approach with no need for synchronization and there is no risk for collisions.“ Prof. Dr. Ir. Bart Preneel Katholieke University Leuven, Belgium * Bart Preneel is a Belgian cryptographer and cryptanalyst. He is a professor at Katholieke Universiteit Leuven, president of the International Association for Cryptologic Research * The Katholieke University Leuven in Belgium is where Advanced Encryption Standard (AES) was invented. 29
  • 30. 30
  • 31. Case Study: Large Chain Store Why? Reduce compliance cost by 50% • 50 million Credit Cards, 700 million daily transactions • Performance Challenge: 30 days with Basic to 90 minutes with Vaultless Tokenization • End-to-End Tokens: Started with the D/W and expanding to stores • Lower maintenance cost – don’t have to apply all 12 requirements • Better security – able to eliminate several business and daily reports • Qualified Security Assessors had no issues • “With encryption, implementations can spawn dozens of questions” • “There were no such challenges with tokenization” 31
  • 32. Case Studies: Retail Customer 1: Why? Three major concerns solved • Performance Challenge; Initial tokenization • Vendor Lock-In: What if we want to switch payment processor • Extensive Enterprise End-to-End Credit Card Data Protection Customer 2: Why? Desired single vendor to provide data protection • Combined use of tokenization and encryption • Looking to expand tokens beyond CCN to PII Customer 3: Why? Remove compensating controls from the mainframe • Tokens on the mainframe to avoid compensating controls 32
  • 33. What about Breaches & PCI? Was Data Protected? 9: Restrict physical access to cardholder data 5: Use and regularly update anti-virus software 4: Encrypt transmission of cardholder data 2: Do not use vendor-supplied defaults for security parameters 12: Maintain a policy that addresses information security 1: Install and maintain a firewall configuration to protect data 8: Assign a unique ID to each person with computer access 6: Develop and maintain secure systems and applications 10: Track and monitor all access to network resources and data 11: Regularly test security systems and processes 7: Restrict access to data by business need-to-know 3: Protect Stored Data % 0 10 20 30 40 50 60 70 80 90 100 Based on post-breach reviews. Relevant Organizations in Compliance with PCI DSS. Verizon Study 33
  • 34. How Should I Secure Different Data? File Field Encryption Tokenization Use Case Card Simple - PII Holder PCI Data PHI Protected Health Complex - Information Type of I I Data Un-structured Structured 34
  • 35. Flexibility in Token Format Controls Type of Data Input Token Comment Credit Card 3872 3789 1620 3675 8278 2789 2990 2789 Numeric Credit Card 3872 3789 1620 3675 8278 2789 2990 3675 Numeric, Last 4 digits exposed Credit Card 3872 3789 1620 3675 3872 qN4e 5yPx 3675 Alpha-Numeric, Digits exposed Medical ID 29M2009ID 497HF390D Alpha-Numeric Date 10/30/1955 12/25/2034 Date - multiple date formats E-mail Address yuri.gagarin@protegrity.com empo.snaugs@svtiensnni.snk Alpha Numeric SSN 075672278 or 075-67-2278 287382567 or 287-38-2567 Numeric, delimiters in input Invalid Luhn 5105 1051 0510 5100 8278 2789 2990 2782 Luhn check will fail Binary 0x010203 0x123296910112 Alphanumeric Position to place alpha is 5105 1051 0510 5100 8278 2789 299A 2781 Indicator configurable Decimal 123.45 9842.56 Non length preserving Deliver a different token to different Merchant 1: 8278 2789 2990 2789 Multi-Merchant 3872 3789 1620 3675 merchant based on the same credit Merchant 2: 9302 8999 2662 6345 card number. 35
  • 36. What are the benefits of Tokenization? Reduces complexity of key management • Reduces the number of hacker targets Reduces theare the benefits of Tokenisation? What remediation for protecting systems • Reduces the cost of PCI Compliance Additional benefits with Protegrity Vaultless Tokenization Infinitely Scalable • Fastest tokenization method in the world Simplicity and Security: No replication, No collisions Flexible and easy to deploy and distribute • Lower Total Cost of Ownership than Vault-based Tokenization 36
  • 37. About Protegrity Proven enterprise data security software and innovation leader • Sole focus on the protection of data • Patented Technology, Continuing to Drive Innovation Growth driven by compliance and risk management • PCI (Payment Card Industry) • PII (Personally Identifiable Information) • PHI (Protected Health Information) – HIPAA • State and Foreign Privacy Laws, Breach Notification Laws Cross-industry applicability • Retail, Hospitality, Travel and Transportation • Financial Services, Insurance and Banking • Healthcare, Telecommunications, Media and Entertainment • Manufacturing and Government 37
  • 38. Summary Optimal support of complex enterprise requirements • Heterogeneous platform supports all operating systems and databases • Flexible protectors (Database, Application, File) • Risk Adjusted Data Protection offers the options for protection data with the appropriate strength. • Built-in Key Management • Consistent Enterprise policy enforcement and audit logging Innovative • Pushing data protection with industry leading Proven • Proven platform currently protects the worlds largest companies Experienced • Experienced staff will be there with support along the way to complete data protection 38
  • 39. Questions and Answers Ulf Mattsson Protegrity CTO ulf.mattsson AT protegrity.com Elaine Evans Protegrity Marketing elaine.evans AT protegrity.com www.protegrity.com