Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Data- and database security & GDPR: end-to-end offer

2 494 vues

Publié le

GDPR Luncheon 23 Feb, Stockholm. Presentation by Christer Jansson and Kim Boermans

Publié dans : Technologie
  • Login to see the comments

Data- and database security & GDPR: end-to-end offer

  1. 1. Data- and database security & GDPR: end-to-end offer Christer Jansson Kim Boermans February 2017
  2. 2. 2Copyright © 2017 Capgemini and Sogeti. All Rights Reserved GDPR & context  In May 2018 the General Data Protection Regulation (2016/679, known as GDPR) will come into force.  The GDPR is EU regulation related to the protection of personal data and free movement of such data.  Organizations will be held more accountable for their data collection and use than ever before.  Risk evaluation is key and mitigation measures may include encryption or pseudonymization.  Although many organizations have already adopted processes consistent with GDPR, the new regulation will impact most organizations on all levels.  Failing to comply with the GDPR can lead to a fine up to 4 percent of the worldwide turnover or 20 million euro.
  3. 3. 3Copyright © 2017 Capgemini and Sogeti. All Rights Reserved End-to-end offering for database security (1) In our vision databases and their security are critical for operations, innovation and competitive position. Capgemini and Oracle are leading companies to secure databases. Results: findings and recommendations to get ready for GDPR Results: road map to get ready for GDPR Results: Privacy impact, risk & compliance assessment Results: access solutions, encryption and logging for databases 2 weeks 6 weeks 3 months 10 months GDPR readiness assessment GDPR road map Privacy impact assessment DB solution implementation
  4. 4. 4Copyright © 2017 Capgemini and Sogeti. All Rights Reserved End-to-end offering for database security (2) Your databases contain your most prized assets. Clients entrust you with these assets. In our vision databases and their security are critical your operations, innovation and competitive position. Capgemini and Oracle are leading companies to secure your databases. And get ready for the GDPR too. Capgemini knows how to bridge business issues with technology solutions. Oracle has the best understanding of databases. Main activities: • Analysis and recommendations on planning, governance, process, culture, data and technology • Interview key persons responsible for these areas • Check available data in databases Main activities: • Preparation • Kick-Off • Information gathering • Analysis and assessment • Building roadmap with stakeholders in Capgemini ASE • Presentation of key findings and road map Main activities: • Preparation • Awareness & instruction • Tooling set-up, PIA triage and PIA execution • Dashboard & reporting • Validation • Auditing & iteration Main activities: • Streamlining, formalizing and securing access to databases • Ensure encryption key management and process • Database log and security alert management and monitoring • Installing and configuring the solution and process Results: ion gathering • List of findings, conclusions and actionable recommendations to prepare for the GDPR, including: • Territorial Scope, data breach notification, record keeping, DPO and consent and notice Results: • Analysis for readiness based on ISF Framework, Interviews and documentation • ISF Health check • Project charter for each Gap • GDPR Roadmap to May 2018 Results: • Privacy impact, risk & compliance assessment. • Customer charter • Permission management • Design & test audits for high impact initiatives. Results: • Access solution, process and governance in place • Encryption key management solution and process in place • Database log and security solution and process in place Timeline: 2 weeks Timeline: 6 weeks Timeline: 3 months Timeline: 10 months GDPR readiness assessment GDPR road map Privacy impact assessment DB solution implementation
  5. 5. 5Copyright © 2017 Capgemini and Sogeti. All Rights Reserved How to manage your data … to manage 6 key topics of data protection / privacy Organizational Awareness Classification Policies Governance Processes Information Technology Step 1: As-is Assessment Identifying the digital “crown jewels”, being business oriented with stakeholders Step 2: Framework & Operating Model Mitigating the risk by deploying consistent cybersecurity rules, measures and processes thought-out data lifecycle Step 3: Implementation Establishing tools & run processes to detect leaks and loss (be prepared to notify) Detection & Reaction Protection & Operations Classification & Governance A continuum...
  6. 6. 6Copyright © 2017 Capgemini and Sogeti. All Rights Reserved MONITORPROTECTBASELINEDISCOVERDEFINE  Understand overall data security strategy  Determine data protection objectives  Develop organizational data model / taxonomy  Understand data environment, infrastructure and lifecycle  Perform iterative discovery, analysis and classification  Establish baseline security requirements for personal data  Assess current data security processes and controls  Determine gaps and identify solutions  Plan and prioritize technical and business process transformations  Design and implement solutions that protect critical data, enable access and align to business growth objectives  Develop governance framework, risk metrics and monitoring processes  Periodically validate data protection strategy and methodology Five steps in protecting critical data What is the personal data? Where are they? How are they used? What is required to protect critical data? How to plan, design and implement? How to manage critical data protection? Do not perceive Data Loss Prevention (DLP) as the holy grail… Data at Rest – sitting idle in storage  File servers  Databases  Portals/Sharepoint  Laptops Data in Motion – traveling across network  Email  Web  Network  FTP Data in Use – Being used at the endpoint  USB  CD/DVD/BluRay  Printers  Applications
  7. 7. 7Copyright © 2017 Capgemini and Sogeti. All Rights Reserved Oracle - Layered defense of critical data (1) DB Access Control • Ability to assure access only to authorized users and to control when/where/how the data are accessed Monitoring / Blocking and Audit • Ability to analyze the transactional activities (threats/blocks) and to view current transactional activities and historically information Data Protection • Processes and controls to secure storage, transmission and accessing of an Organization’s data throughout its lifecycle Secure Configuration • Process and controls to assure DB configuration for security and compliance Datasecurity
  8. 8. 8Copyright © 2017 Capgemini and Sogeti. All Rights Reserved Oracle - Layered defense of critical data (2) *7#$%!!@!%afb ##<>*$#@34 Data Encryption Data Redaction dob:xx/xx/xxxx ssn:xxx-xx-4321 DB Controls Access denied Sensitive Data, IP, PCI, PII, PHI Privileged UsersPrivileged Users Region, Year Size-based Data Subsetting Dev/Test Partners, BI dob: 12/01/1987 Data Masking 11/05/1999 xxxxxxxxxx
  9. 9. 9Copyright © 2017 Capgemini and Sogeti. All Rights Reserved Contact details  Christer Jansson  Head Center of Excellence Cybersecurity  christer.jansson@capgemini.com  +46 703 149 359  https://www.linkedin.com/in/christerjansson  Kim Boermans  Director data- and database security  kim.boermans@capgemini.com  +31654237563  https://nl.linkedin.com/in/kimboermans

×