Delivering fresh, database copies to dev and test while complying with regulations such as SOX, HIPAA, and GDPR is challenging. Many approaches are inefficient, taking hours, sometimes days, involving multiple backup and restore tasks, and designing data sets that are compliant and won’t expose customer data in the event of a breach. They don’t scale, and rarely meet the needs of DevOps teams working in ever faster cycles. Chris Unwin, Data Privacy and Protection Specialist at Redgate shows you how to spin up fresh database copies for dev and test in seconds, with whatever level of protection you need – masked data, unmasked data, or synthetic data sets. Including: - Designing masking models up front so dev and test databases are born compliant - Creating full copies of databases in seconds that take up only 50 - 60 MB of disk space - Automating database provisioning as part of Compliant Database DevOps - Establishing a simple, repeatable, transparent, and auditable process You also learn about customers who’ve revolutionized database development with SQL Provision. Like, KEPRO, a US health provider, who switched to SQL Provision to comply with HIPAA and is now saving 20 hours a week on database admin.

1. How to ensure SOX, HIPAA,
& GDPR compliance
in Dev and Test

2. Your Presenter
Chris.Unwin@red-gate.com
Chris Unwin
Data Privacy Specialist
DBAle on Spotify and iTunes
/in/christopherunwincambridge/

4. • Privilege misuse: 12%
• Hacking: 48%
• (Healthcare) Internal: 56%
• (Finance) External: 92%
• No. 1 asset involved: Database
Sources of breaches
*Study from 2018 Data Breach Investigations Report- Verizon

5. Privacy regulations around the world
such as HIPAA, SOX, GDPR,
CCPA, SHIELD etc. demand
effective and repeatable processes
for protecting sensitive data.
Or… Data Protection by Design and by Default.

6. • HIPAA: Up to$1.5m & 10 years in prison
• SOX: Up to$5m & 20 years in prison
• GDPR: Up to €20m or 4% of annual global turnover
• POPI: Up to R10 million & 12 months in prison
• PIPEDA: Up to $100,000
Cost of non compliance

7. Most Organizations do ‘copy-down’ Live Data

8. How can we stay compliant AND use
production-like data?

9. A small attack surface makes compliance
easier
• PII in all environments
• Higher risk
1TB
QA
1TB
Test
1TB
Dev
1TB
Prod
• PII only in PROD
• Lower risk
0TB
QA
0TB
Test
0TB
Dev
1TB
Prod
Vs

10. SQL Provision In Action

11. Case study
• Masked PHI without jeopardizing
data integrity
• Supply realistic data for testing
• New off-shore development team
HIPAA compliant
• Saving 15-20 hours a week in
provisioning processes
• Reclaimed terabytes of disk space

12. Benefits – recap

13. Q&A Session

14. Next steps
• Speak to us: SQLProvision@red-gate.com
• Learn more: red-gate.com/sql-provision