Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Secupi - Veri Maskeleme - Anonimleştirme ve Mantıksal Silme Çözümü

529 vues

Publié le

KVKK ve GDPR' ın Veri Maskeleme, silme, anonimleştirme gibi en sorunlu gereksinimlerini tek bir platform ile çözebilirsiniz.

Publié dans : Logiciels
  • Identifiez-vous pour voir les commentaires

Secupi - Veri Maskeleme - Anonimleştirme ve Mantıksal Silme Çözümü

  1. 1. Information Security Level 2 – Sensitive © 2018 – Proprietary & Confidential Information of SecuPI1 Information Security Level 2 – Sensitive © 2017 – Proprietary & Confidential Information of SecuPI1 SecuPi Data Centric Security & Compliance Introduction
  2. 2. Information Security Level 2 – Sensitive © 2018 – Proprietary & Confidential Information of SecuPI2 What Gartner Says About SecuPi User Entity Behavior Analytics (UEBA) Data-Centric Audit and Protection (DCAP) Data Masking “SecuPi incorporates UEBA features for sensitive data usage, analysis and protection. The solution employs an innovative approach that relies on sensitive data access in high-risk applications as a key factor in its UEBA model, along with other user activities” “SecuPi provides Dynamic Data Masking (DDM) at the application tier as part of an offering that also includes externalized authorization management (EAM), application data access monitoring, and user behavior analytics.” Leading Three Markets Source: Market Guide for Data-Centric Audit and Protection Published: 21 March 2017 YS
  3. 3. Information Security Level 2 – Sensitive © 2018 – Proprietary & Confidential Information of SecuPI3 SecuPi Data Subject Privacy Management Applied across Business Applications, Datawarehouse, Big Data & Tools Logical Deletion (e.g., in Big data) Physical Deletion Physical Anonymization & Masking SecuPi Policies Dynamic Masking Encryption/ Tokenization SecuPiData&ProcessDiscovery Anonymization & Activity- Monitoring SecuPi Modules Retention & Deletion Personal Data During Retention Personal Data Post Retention Active Data Subjects Data Subject Status Activity MonitoringRegulation Consent7 |Conditions for Consent 17|Right to be Forgotten 18|Restriction of processing 21|Right to Object 30| Records of Processing 32 | Security of Processing ...
  4. 4. Information Security Level 2 – Sensitive © 2018 – Proprietary & Confidential Information of SecuPI5 Addressing GDPR Requirements Discovery, data-flow mapping Dynamic Consent Controls User Behavior Analytics (UBA) Logical Deletion Monitoring & Auditing Physical Deletion Matching All Technical Compliance Requirements Processing of Personal Data5 Lawfulness of Processing6 Conditions for Consent7 Conditions of Child's Consent8 Processing Special categories9 Processing of Criminal Records10 Right of Access15 Right to be Forgotten17 Restriction of processing18 Right to Data Portability20 Right to Object21 Protection by Design & Default25 Records of Processing Activities30 Security of Processing32 Notification of Data Breach33 Communication of Data Breach34 Article # |Article Name | SecuPi FeatureArticle # |Article Name | SecuPi Feature Anonymization & Monitoring Module Retention & Deletion Module
  5. 5. Information Security Level 2 – Sensitive © 2017 – Proprietary & Confidential Information of SecuPI6 SecuPi Platform Enterprise Coverage Front-Office ERP Finance HR-App ERP Reporting Tools CRM e-Commerce Front-office Finance Billing Business Applications SecuPi Platform GDPR enablement capabilities Quick implementation No code changes Beeline
  6. 6. Information Security Level 2 – Sensitive © 2017 – Proprietary & Confidential Information of SecuPI7 SecuPi Customer Testimonial Metro Group Germany (Largest Retail) Notable SecuPi features applied on Metro applications include: • Discovery & real-time monitoring • “Records of processing activity” • Breach notification, security by design/default • “Right to be forgotten” • Data minimization, and more… Within 4-5 weeks, SecuPi was on-boarded in few customer facing applications with no development effort
  7. 7. Information Security Level 2 – Sensitive © 2017 – Proprietary & Confidential Information of SecuPI8 SecuPi Monitoring & Anonymization > Simple installation, on-prem or on-cloud > Applying discovery, monitoring and subject-rights on applications, DW and Big data env.
  8. 8. Information Security Level 2 – Sensitive © 2017 – Proprietary & Confidential Information of SecuPI9 SecuPi Monitoring & Anonymization Module An Application Overlay, No DB agents, No Development Effort Campaign ERPReporting Tools HR-Apps e-Commerce Front-officeFinanceCRM End-Users Applications - CONFIDENTIAL -- SecuPi Central Server Databases Discovery, data-flow mapping Dynamic Consent Controls User Behavior Analytics (UBA) Logical Deletion / Pseudonymizat. Monitoring & Auditing Physical Deletion / Anonymization
  9. 9. Information Security Level 2 – Sensitive © 2017 – Proprietary & Confidential Information of SecuPI10 Dynamic Masking in CRM Application (column/row basis)
  10. 10. Information Security Level 2 – Sensitive © 2017 – Proprietary & Confidential Information of SecuPI11 For Teradata, Oracle Datawarehouse, Hive… Campaign Mng.Applications SecuPi Central Management Server CRM UDBs BTEQBeeline HDFS Hive/ Cassandra
  11. 11. Information Security Level 2 – Sensitive © 2017 – Proprietary & Confidential Information of SecuPI12 SecuPi Application Overlay Monitors & Applies Data Subject Rights No Database agents nor development effort required SecuPi Central Management Servers Data Sources Application UI & Other Interfaces SecuPi Overlay installed on Application Servers Documents Logs Classification and Labeling Monitoring Masking Data flow Discovery Monitoring Masking/encryption/ tokenization Discovery and Classification Monitoring Masking Encryption/ tokenization Data Deletion Consent Controls User Request Data Request Application Server (Java/.Net) User Response Data Response Encryption/ tokenization
  12. 12. Information Security Level 2 – Sensitive © 2017 – Proprietary & Confidential Information of SecuPI13 SecuPi Solution For Datawarehouse Field-level decryption and anonymization for Teradata, Oracle etc., Installed on Reporting tools (Tableau, Business objects, Excel, etc.) Discovery, Mapping & UEBA Comprehensive Policy Engine - CONFIDENTIAL - SecuPi Logical Deletion policy 999-999-9999JXXXX XXX SecuPi Central Management Servers
  13. 13. Information Security Level 2 – Sensitive © 2017 – Proprietary & Confidential Information of SecuPI14 HDFS Hive servers SecuPi Data-Centric Approach For Big Data Field-level decryption & anonymization for HDFS Beeline Installed on the Hive Servers Discovery, Mapping & UEBA Comprehensive Policy Engine JDBC ODBC CLI - CONFIDENTIAL - SecuPi Logical Deletion policy SecuPi Central Management Servers
  14. 14. Information Security Level 2 – Sensitive © 2017 – Proprietary & Confidential Information of SecuPI15 Fat Client & Excel & DBA tools SecuPi Central Management SecuPi wraps the JDBC/ODBC/OCI drivers – on Fat clients running on desktops, Citrix servers and DBA’s PC Installed where the database drivers are used It discovers and classifies sensitive data by entering data values from the screens. It also monitors and audits sensitive user activity coupled with anomaly detection using behavior analytics models Discovery, Mapping & UEBA SecuPi policy can use LDAP/AD/Kerberos to apply field/record level encryption, redaction, masking or blocking sensitive data-flows Comprehensive Policy Engine JDBC ODBC OCI Data Source Applications running C, C++ With SecuPi Policies SecuPi DB Driver Wrapper For Fat-clients & DBA/Dev tools Logically deleted data Anonymized data Original data
  15. 15. Information Security Level 2 – Sensitive © 2017 – Proprietary & Confidential Information of SecuPI16 SecuPi Discovery & Data-Flow Mapping For applications in scope end-users simply mark personal data in screens & reports, having SecuPi identify the source database objects Initiate Discovery Mouse click the “Select field” button that SecuPi appends to the screen 1 Select field Simply click on a sensitive VALUE on the screen 2 SecuPi Classifies the Data SecuPi identifies the source table/column containing the VALUE. Just add classifications & risk. 3
  16. 16. Information Security Level 2 – Sensitive © 2017 – Proprietary & Confidential Information of SecuPI17 Comply with “Security by design/default” (article 25) using Data-centric Behavior Analytics (UBA) - CONFIDENTIAL - Detects Suspicious User Behavior in Real-time Detect abnormal/inappropriate data access, as might be attempted by a Malicious Insider or External Attacker using stolen credentials or subverting the application Data protection by design and by default Article 25
  17. 17. Information Security Level 2 – Sensitive © 2017 – Proprietary & Confidential Information of SecuPI18 Comply with “records of processing” & breach notification articles (articles 30, 33) - CONFIDENTIAL - Comprehensive real-time Monitoring & Forensics Obtain real-time monitoring & full audit for all requests to any sensitive data / sensitive transactions. Obtain a risk analysis of data flow Records of Processing Activities Article 30 Notification of a personal data breach Article 33
  18. 18. Information Security Level 2 – Sensitive © 2017 – Proprietary & Confidential Information of SecuPI19 Apply Subject Rights Mask and obscure data Pseudonymization policies dynamically masked sensitive information to ensure “need-to-know” access Data Minimization Minimize data access at finer level than an application might inherently support remove or obscure data a user does not require Pseudonymized field Logical Deletion Permit ‘logical deletion’ by hiding data records although still retained in the data- source (data cannot easily be physically deleted for technical or legal reasons)
  19. 19. Information Security Level 2 – Sensitive © 2017 – Proprietary & Confidential Information of SecuPI20 Unstructured Data Protection SecuPi protects excel, CSV & PDF files created in LoB applications: Automatic & accurate labeling Automatically labels documents at creation Data Protection RMS encryption is applied on file exports to secure sensitive data Enhanced Monitoring Provides visibility on which sensitive data was exported Dynamic controls Apply dynamic masking or data redaction to secure sensitive data at source
  20. 20. Information Security Level 2 – Sensitive © 2017 – Proprietary & Confidential Information of SecuPI21 Classification of Unstructured Content The exported file contains the classifications that are derived both from the AIP and the SecuPi classifications Automatic and accurate labeling
  21. 21. Information Security Level 2 – Sensitive © 2017 – Proprietary & Confidential Information of SecuPI22 Install SecuPi on business applications Discover personal data & map personal data-flows from source to destination Define policies to apply data minimization, consent & “Forgotten” Enforce subject rights while auditing and monitoring in real-time all personal data flows and processes Install 4 Steps to GDPR Get your business applications GDPR ready in days and with no development effort Start! 01 02 03 04 Ready! Discover Set Go Live
  22. 22. Information Security Level 2 – Sensitive © 2017 – Proprietary & Confidential Information of SecuPI23 SecuPi Retention & Deletion > Simple installation, on-prem or on-cloud > No agent required anywhere! > Discovery of personal data (to be anonymized) > Recording and parsing of existing customer deletion processes for faster and safer implementation
  23. 23. Information Security Level 2 – Sensitive © 2017 – Proprietary & Confidential Information of SecuPI24 SecuPi Implementation Options for “Right to be forgotten” SecuPi Deletion Methods Value at source 213-436-5723John Smith After ~10 years of Retention 999-999-9999JXXXX XXX Logical Deletion on data-flows & processes Physical Anonymization on databases App. Screen/ APIs On DB Level Physical Deletion on databases1 2 3 XXX-XXX-XXXXABCD EF During ~10 years of Retention On DB Level Use During Retention Period or when physical deletion not feasible (e.g., Big Data) Use After Retention Period Use For SalesForce/when App. deletion API exist
  24. 24. Information Security Level 2 – Sensitive © 2017 – Proprietary & Confidential Information of SecuPI25 SecuPi Retention and Deletion Module Logical Anonymization & Masking (Big data) Physical Deletion SecuPi Policies Retention Workbench Record & Analyze Existing Personal Data Changes and Deletion Processes Retention Orchestration Workflow 1 2 3 Auditability Operability Scalability Physical Anonymization & Masking
  25. 25. Information Security Level 2 – Sensitive © 2017 – Proprietary & Confidential Information of SecuPI26 Retention & Deletion Workbench Define retention & physical/logical deletion or pseudonymization action
  26. 26. Information Security Level 2 – Sensitive © 2017 – Proprietary & Confidential Information of SecuPI27 Retention Orchestration Workflow Server Graphical workflow engine for deletion orchestration across data silos
  27. 27. Information Security Level 2 – Sensitive © 2017 – Proprietary & Confidential Information of SecuPI28 EnterpriseCompliance Time Wave-2 Wave-3Wave-1 Get Your Top-Risk Applications GDPR Ready in Few Weeks It is Fast to Deploy, No DB Agents, No Code-Changes CRM Marketing e-Commerce Compliance Ready! SQL-Plus Toad Campaign Mng. • Fast to Deploy • No DB Agents • Minimal Code-Changes • Agile implementation Business Applications Business Applications Analytics Environments * Order of waves is subject to DPO preference Privileged Access Tools
  28. 28. Information Security Level 2 – Sensitive © 2018 – Proprietary & Confidential Information of SecuPI29 SecuPi Capabilities Addressing Additional Use Cases Monitor real-time activity, Data-flow visibility Audit Data Access (both Views/Reads & Writes) Anomaly Detection/UEBA for insider threat Data-minimization (masking, hiding, blocking access) Audit Monitor Control Detect Cloud Onboarding Security DBA/Dev. Access Control Preventing Insider-threat Big-data Data Protection Capabilities Use Cases
  29. 29. Information Security Level 2 – Sensitive © 2017 – Proprietary & Confidential Information of SecuPI30 SecuPi Benefits Centralized, quick and wide GDPR coverage across applications - CONFIDENTIAL - Most comprehensive GDPR solution, covering all GDPR articles across wide LoB applications Agile solution meeting current & future compliance requirements Quick and scalable implementation with no code changes CRM e-Commerce Front-officeBI Tool Dev. Tools ERP Finance HR-App

×