Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED. 1
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Outline
2
• Introduction and Context
– Key requirements for data security in P...
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Predix: PaaS for the Industrial Internet
3
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED. 4
Authorization
Encryption
Authentication
Auditing
Masking
Security within Paa...
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
BlueTalon: Data-Centric Security on Predix PaaS
5
Cloud
management
Edge
enforc...
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
6
• Security applied one system at a time
– Inconsistency, duplication, chaos
...
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Security and Regulatory Trends that Affect Industrial Businesses
EAR violation...
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Data Security Requirements in Predix
1. Data owners and regulatory entities de...
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Outline
9
• Introduction and Context
– Key requirements for data security in P...
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
[1] Policies are Defined by Business within a Context
 “Patient information a...
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
[1] Policies Applied at the Data Layer Enables Business
 Blocking
 Enabling
...
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
[1] Controlling Access for Different Users & Needs
Row filtering
Field level
C...
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
[1] Example of Controls Directly Applied On Data
• Access to client account is...
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
[1] Attributes Bring Context to Policies
type
location
title / role
group
func...
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Outline
15
• Introduction and Context
– Key requirements for data security in ...
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
[2] Why Centralizing Policy Decisions, Distributing Enforcement?
• IoT Platfor...
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
[2] Centralize Decisions to Manage Polices from One Place
17
 Authorization —...
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Example from Spark on Edge with BlueTalon on Predix
18
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Outline
19
• Introduction and Context
– Key requirements for data security in ...
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED. 20
[3] Visibility Leverage the Same Enforcement Points
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Visibility into Data Activity
• Complete audit trail of data usage with contex...
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Feedback Loop with Visibility and Control
22
DATADataVisibility Control
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED. 23
Examples of Data Security Visibility Reports
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Outline
24
• Introduction and Context
– Key requirements for data security in ...
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
How BlueTalon Delivers Data-Centric Security
Security
Admins
Hadoop RDBMS
Busi...
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED. 26
High Performance with BlueTalon
Single digit (<3%) overhead. Unnoticeable b...
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
How BlueTalon Works
Data Repositories
Applications
Business Users, Data Scient...
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Outline
28
• Introduction and Context
– Key requirements for data security in ...
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
“Organizations expecting to implement big
data projects should consider BlueTa...
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED.
Contact use today!
30
• What’s your use case?
– Contact us today at 1-888-534-...
© 2017 BLUETALON, INC. ALL RIGHTS RESERVED. 31
Prochain SlideShare
Chargement dans…5
×

Security of IoT Data: Implementing Data-Centric Security and User Access Strategy

830 vues

Publié le

Watch this video to learn how a data-centric security approach unifies all security policies around the data, for full visibility and better control.

Publié dans : Technologie
  • Soyez le premier à commenter

Security of IoT Data: Implementing Data-Centric Security and User Access Strategy

  1. 1. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. 1
  2. 2. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. Outline 2 • Introduction and Context – Key requirements for data security in Predix – Managing data rights across platforms • Principles applied (BlueTalon + Predix Team) 1. Bring business context to policies 2. Distribute enforcement, centralize policy decisions 3. Get visibility over data activities and actions requested • How BlueTalon Works
  3. 3. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. Predix: PaaS for the Industrial Internet 3
  4. 4. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. 4 Authorization Encryption Authentication Auditing Masking Security within PaaS for the Industrial Internet Data Network Application Endpoint IaaS
  5. 5. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. BlueTalon: Data-Centric Security on Predix PaaS 5 Cloud management Edge enforcement
  6. 6. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. 6 • Security applied one system at a time – Inconsistency, duplication, chaos • Security applied with a central policy – Consistency, efficiency, simplicity BlueTalon: Data-Centric Security Across Data Platforms
  7. 7. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. Security and Regulatory Trends that Affect Industrial Businesses EAR violations criminal fines increased in excess of 5,000% YTY in 2014 and almost 1,000% in administrative penalties (Source: US DOC BIS) Enforcement is on the Rise ITAR violation risks • Significant Accrual of Fines • Denial of Export Privileges • Mandatory Increase in Staffing • Regular External Audits • Loss of, or Completely Damaged, Public Reputation Due to Facebook European Privacy Violations and NSA practices on Oct 6, 2015 European Court of Justice declares Safe Harbor invalid Facebook is facing daily fines of €250,000 in Belgium after a data protection court ruling for illegally tracking data from non members Results of the 2013 Data Breach • CEO steps down • 46% drop in profits due to reputational damage with $1.47 negative affect on EPS • $100M Cost to upgrade affected systems • 2014 SEC filing – Total expenses $252M • On going settlement costs Fines are Higher Data Breaches Affect the Bottom Line 5
  8. 8. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. Data Security Requirements in Predix 1. Data owners and regulatory entities define policies of use - Definition of policies must be owned by business stakeholders 2. Automated enforcement of policies across data platforms - Policies managed by business owners must be enforceable independent of data platform - Enforcement of these policies must be demonstrable to auditors - Enforcement must distributed and consistent 3. Preserving end user experience is paramount - End users of the data must be able to use any tool they want - Policy management processes/applications must be focused on business users 8
  9. 9. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. Outline 9 • Introduction and Context – Key requirements for data security in Predix – Managing data rights across platforms • Principles applied (BlueTalon + Predix Team) 1. Bring business context to policies 2. Distribute enforcement, centralize policy decisions 3. Get visibility over data activities and actions requested • How BlueTalon Works
  10. 10. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. [1] Policies are Defined by Business within a Context  “Patient information and exams are sensitive data”  “Our contracts prohibit the use of machine diagnostics data to redesign products”  “Service managers should be able to see only their fleet data” 10
  11. 11. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. [1] Policies Applied at the Data Layer Enables Business  Blocking  Enabling 11  “Patient information and exams are sensitive data”  “Our contracts prohibit the use of customer data outside west coast”
  12. 12. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. [1] Controlling Access for Different Users & Needs Row filtering Field level Cell level Sub-cell level masking 12 Joyce looks up her data Her manager looks up Joyce’s data
  13. 13. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. [1] Example of Controls Directly Applied On Data • Access to client account is conditional, based on zipcode • Data is partially masked Results Rules on Data 13
  14. 14. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. [1] Attributes Bring Context to Policies type location title / role group function clearance level LOB user session location timestamp application connection type data sensitivity clearance required action requested # of rows returned data source • Context helps assess whether the data request is legitimate 14
  15. 15. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. Outline 15 • Introduction and Context – Key requirements for data security in Predix – Managing data rights across platforms • Principles applied (BlueTalon + Predix Team) 1. Bring business context to policies 2. Distribute enforcement, centralize policy decisions 3. Get visibility over data activities and actions requested • How BlueTalon Works
  16. 16. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. [2] Why Centralizing Policy Decisions, Distributing Enforcement? • IoT Platforms and Predix are hybrid environments that make use of multiple modern data management platforms: – RDBMS – Hadoop – Spark – Cassandra – Cloud repositories 16 Cloud On-prem
  17. 17. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. [2] Centralize Decisions to Manage Polices from One Place 17  Authorization — what a user or a role can do with the data  Decision — against all rules, can a user see a data element  Enforcement — apply the decision at the time of user’s request
  18. 18. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. Example from Spark on Edge with BlueTalon on Predix 18
  19. 19. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. Outline 19 • Introduction and Context – Key requirements for data security in Predix – Managing data rights across platforms • Principles applied (BlueTalon + Predix Team) 1. Bring business context to policies 2. Distribute enforcement, centralize policy decisions 3. Get visibility over data activities and actions requested • How BlueTalon Works
  20. 20. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. 20 [3] Visibility Leverage the Same Enforcement Points
  21. 21. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. Visibility into Data Activity • Complete audit trail of data usage with contextual information • Key to detection of unusual data access patterns • Tracks policy changes to ensure compliance What policy was triggered Original and modified queriesWhat they tried to do 21
  22. 22. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. Feedback Loop with Visibility and Control 22 DATADataVisibility Control
  23. 23. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. 23 Examples of Data Security Visibility Reports
  24. 24. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. Outline 24 • Introduction and Context – Key requirements for data security in Predix – Managing data rights across platforms • Principles applied (BlueTalon + Predix Team) 1. Bring business context to policies 2. Distribute enforcement, centralize policy decisions 3. Get visibility over data activities and actions requested • How BlueTalon Works
  25. 25. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. How BlueTalon Delivers Data-Centric Security Security Admins Hadoop RDBMS Business Users, Data Scientists, Developers BlueTalon Enforcement Points Any Application Data Repositories BlueTalon Policy Engine BlueTalon Audit Engine CloudSpark NoSQL 25
  26. 26. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. 26 High Performance with BlueTalon Single digit (<3%) overhead. Unnoticeable by end users! 6.9 125.55 7.03 124.98 Teragen Terasort Files (1TB, mins) Without BlueTalon With BlueTalon Queries Tested in EMC lab Tested on GE Predix platform
  27. 27. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. How BlueTalon Works Data Repositories Applications Business Users, Data Scientists, Developers BlueTalon Enforcement Points BlueTalon Policy Engine Active Directory USER REQUEST 2 3 USER REQUEST 4 MODIFIED, COMPLIANT REQUEST COMPLIANT RESULTS5 6 BlueTalon Auditing Security Admins 1 BlueTalon Policy Console Security Admins 27
  28. 28. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. Outline 28 • Introduction and Context – Key requirements for data security in Predix – Managing data rights across platforms • Principles applied (BlueTalon + Predix Team) 1. Bring business context to policies 2. Distribute enforcement, centralize policy decisions 3. Get visibility over data activities and actions requested • How BlueTalon Works
  29. 29. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. “Organizations expecting to implement big data projects should consider BlueTalon wherever sensitive data is or may be exposed.” Merv Adrian, Gartner Group, “Cool Vendors in DBMS”, 2016 29
  30. 30. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. Contact use today! 30 • What’s your use case? – Contact us today at 1-888-534-7154 or info@bluetalon.com • Download BlueTalon today! • http://pages.bluetalon-security.com/SecureAccess-for-WebHDFS
  31. 31. © 2017 BLUETALON, INC. ALL RIGHTS RESERVED. 31

×