Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Hadoop and Financial Services

3 427 vues

Publié le

Today, financial services firms rely on data as the basis of their industry. In the absence of the means of production for physical goods, data is the raw material used to create value for and capture value from the market. However, as data volume and variety increase, so do the susceptibility to fraud and the temptation to hackers. Learn how an enterprise data hub built on Hadoop enables advanced security and machine learning on much more descriptive and real-time data to detect and prevent fraud, from payment encryption to anti-money-laundering processes.

Publié dans : Logiciels
  • Soyez le premier à commenter

Hadoop and Financial Services

  1. 1. PCI Compliant Big Data Environment Speaker Name // Speaker Title Build a PCI-Compliant Big Data Environment with Hadoop
  2. 2. 3© Cloudera, Inc. All rights reserved. • Big Data Is Getting Bigger • The Costs & Benefits of PCI Compliance • A Hub for Your Big Data Strategy • Building a Secure Data Vault • Experience & Leadership Agenda
  3. 3. 4© Cloudera, Inc. All rights reserved. Information is the Basis of Industry for Merchants & Banks Security Enables Strategy to Unlock New Value from More Data Credit Cards & Payments • Card Transactions • Customer Data • Online Activity • Merchant / Retailer / Bank Co-Branding • Loyalty Programs / Promotions / Offers Banking • Bank Transactions • ATM Activity • Online Activity • Mobile Activity Retail Customer & Operations • POS / TLOG • E-commerce / Mobile • Memberships / Loyalty • Warranties • In-Store Sensors / Surveillance / IoT • Schematic / Display • Supply Chain / Inventory Marketing & CRM • Promotions / Offers • Website / SEO • Campaigns / Affiliate • Surveys • Competitive Intelligence Public & Trade • Demographic / Census • Psychographic • Inflation / Macroeconomic • Gas Prices • Labor Statistics • Weather Data • Industry Research • Social / Sentiment Cost SavingsCompliance Customer Insight Competitive Advantage
  4. 4. 5© Cloudera, Inc. All rights reserved. Customer Insight Compliance is mandatory for any data strategy An Enterprise Data Hub transforms risk from a cost center into a profit center and enables immediate rather than staged delivery Cost Savings Compliance Competitive Advantage Information is the Basis of Industry for Merchants & Banks Security Enables Strategy to Unlock New Value from More Data
  5. 5. 6© Cloudera, Inc. All rights reserved. How Prevalent Are Data Violations? A Snapshot of 2014’s Mega Payment Card Information Breaches 40 million payment cards and 70 million records stolen 145 million accountholders affected 76 million households and 7 million small businesses affected 56 million payment cards stolen 2.6 million customers affected 1.1 million customers affected 115 retail stores affected Source: 2014: A Year of Mega Breaches. Ponemon Institute. January 2015.
  6. 6. 7© Cloudera, Inc. All rights reserved. What is PCI Compliance? Payment Card Industry Data Security Standard (PCI DSS) The trillion-dollar growth of the digital economy has made Hadoop an absolute necessity for storage of credit card data. All credit card data must be properly secured and protected both at rest and in motion, including digital channels. All applications, databases, and file systems, including those owned or managed by merchants and third-party solution providers, must meet minimum encryption and privacy levels when storing, processing, or transmitting account-related data.
  7. 7. 8© Cloudera, Inc. All rights reserved. The High Cost of Compliance and Non-Compliance Lessons from the Banking Battlefield Steep Fines & Legal Fees Greater Scrutiny Brand Damage Suspension or Termination Average Data Breach Costs Banks $206 Per Compromised Account 30,000 People Work on Control Functions in Each Large Bank Cyber Crime Expenses Average $13 Million Annual Per Bank Sources: 2014 Cost of Data Breach Study: Global Analysis. Ponemon Institute. May 2014. 2014 Global Report on the Cost of Cyber Crime. Ponemon Institute. October 2014. Dodge, Matt. “Financial Industry Wrestles with Compliance Costs.” Mainbiz.com. 1 April 2013.
  8. 8. 9© Cloudera, Inc. All rights reserved. The High Value of Compliance Unlock the Business Potential of Big Data: Security Enables Strategy Next Best Offer Better profile the customer and use collaborative and content-based filtering to offer the most appropriate product or bundle of products at any given time. Unified Customer Identity Compress the customer IDs created through various siloed and third-party touch points to correlate as a single customer identity across all operational systems. Policy Personalization Differentiate coverage options by customizing plans based on information collected about customers’ lifestyle, health patterns, habits, and preferences. Productizing Deep Insights Combine, analyze, and digest complex data from across multiple business units and data sources to drive segmentation and profiling partners, merchants, etc.
  9. 9. 10© Cloudera, Inc. All rights reserved. What Is Universal Compliance? Centralized and Secure Management of All Data Central, Scalable Data Security Regulations • Payment Card Industry Data Security Standard (PCI DSS) • European Data Protection Directive • Cyber Security (emerging) Capabilities & Tools • Only PCI-certified Hadoop (Cloudera Navigator) • Native data encryption (Navigator Encrypt) • Integrated key management (Key Trustee) • Hardware-enabled security (Intel partnership) Key Partners MasterCard Advisors, Intel, Symantec, Fortscale, Voltage Enterprise Data Hub
  10. 10. 11© Cloudera, Inc. All rights reserved. Start with the Hadoop Security Maturity Model Achieve Scale and Cost Effectiveness via Best Practices Data Free-for-All: Available & Error-Prone Basic Security Controls: Authorization Authentication Comprehensive Auditing Data Security & Governance: Lineage Visibility Metadata Discovery Encryption & Key Management Fully Compliance Ready: Audit-Ready & Protected Audit Ready For: EU Data Protection Directive PCI DSS HIPAA FERPA FISMA PII Full encryption, key management, transparency, and enforcement for all data-at-rest and data-in-motion Security Compliance & Risk Mitigation 0 Highly Vulnerable Data at Risk 1 Reduced Risk Exposure 2 Managed, Secure, Protected 3 Enterprise Data Hub: Secure Data Vault
  11. 11. 12© Cloudera, Inc. All rights reserved. AUTHENTICATION Guarding access to the system, its data, and its various systems LDAP Kerberos RPC PROTECTION Encryption for data at rest or in motion with full key management Cloudera Navigator: Encrypt & Key Trustee AUTHORIZATION Controlling who or what has access to a resource or service POSIX Permissions Apache Sentry AUDIT Capture a complete and immutable record of all activity Cloudera Navigator SIEM Tools Enterprise-Grade Security Governing Access to, and Management of, All Data-at-Rest and Data-in-Motion Table Stakes for Big Data and Native to Cloudera Enterprise • Cloudera Manager and Navigator automate protections for Hadoop and related projects • Perimeter security • Role-based access control • The only complete policy-based management of sensitive data • Data lineage and discoverability
  12. 12. 13© Cloudera, Inc. All rights reserved. Enterprise-Grade Security, Full Regulatory Compliance Meeting PCI DSS Requirements with Cloudera Enterprise PCI Requirement Detail Apache Sentry Kerberos Cloudera Navigator Cloudera Manager Cloudera CSE Customer Build and Maintain a Secure Network and Systems Install and maintain a firewall configuration to protect cardholder data ✔ Do not use vendor-supplied defaults for system passwords and other security parameters ✔ Protect Cardholder Data Protect stored cardholder data ✔ Encrypt transmission of cardholder data across open, public networks ✔ Maintain a Vulnerability Management Program Protect all systems against malware and regularly update anti-virus software of programs ✔ Develop and maintain secure systems and applications ✔ Implement Strong Access Control Measures Restrict Access to cardholder data by business need to know ✔ Identify and authenticate access to system components ✔ Restrict physical access to cardholder data ✔ Regularly Monitor and Test Networks Track and monitor all access to network resources and cardholder data ✔ Regularly test security systems and processes ✔ Maintain an Information Security Policy Maintain a policy that addresses information security for all personnel ✔
  13. 13. 14© Cloudera, Inc. All rights reserved. More Value from More Data for More Users in Less Time Maximize Benefit from All Your Data for Mission-Critical Jobs and Innovation Data Sources Data Systems Data Access Business Analytics Custom Applications Existing Data Databases Operational Applications New Data Keep Unlimited Data From disparate and limited views, to unlimited information access. Unlock Value from Data From analytics for some, to insights for all. Manage Compliance From risk due to regulations and customer privacy concerns, to trust in a secure and compliant platform. Enterprise Data Hub Security and Administration Unlimited Storage Process Discover Model Serve
  14. 14. 15© Cloudera, Inc. All rights reserved. Hadoop Data Security Reference Architecture Drawing on Insight from Successful Deployments in the Wild
  15. 15. 16© Cloudera, Inc. All rights reserved. MasterCard and Cloudera PCI Compliance Solution A Three-Phase Services Engagement to Deliver Certifiable Data Security Assess • Assess data strategy and security* • Review Hadoop environment* • Map to maturity model • Identify and document gaps • Layout roadmap to address gaps • Complete necessary technology prerequisites prior to next stage* Report & Present • Audit assessment • Monitor system • Perform internal testing of protocols • Prepare final: - Documentation - Network diagrams - Compensation controls • Educate auditors on Hadoop* 8 – 10 weeks 24 – 32 weeks 2 – 3 weeks Configure & Repair • Create roles and responsibilities, processes and procedures, and control documentation for: - Authentication - Authorization - Data protection - Data governance - Architecture review - Auditor and internal alignment • Configure software* *Cloudera roles
  16. 16. 17© Cloudera, Inc. All rights reserved. Getting to Universal Compliance An Enterprise Data Hub is the Core of a Regulatory & Security Center of Excellence Tech Process People PCI Compliance Ongoing Process Transformation with Global Systems Integrators:
  17. 17. 18© Cloudera, Inc. All rights reserved. Partnering with MasterCard Advisors Delivering Deep Insights and Best Practices in Big Data Security and Compliance • First PCI-certified Hadoop platform • Secures 10 PB in a PCI-compliant manner every day • Founding member of the PCI Security Council • Sits on the PCI Executive Committee • Four decades of data security experience • Secures 2 billion payment cards and 65 million transactions per minute across 210 countries • Never, ever had a data breach Checkout lines are too slow. We help them move faster. Commuters are busy. We speed them on their way. Consumers want better ways to pay. We invent them. People want financial access. We find ways to serve them. Procurement is complicated. We make it simple.
  18. 18. 19© Cloudera, Inc. All rights reserved. Thank you
  19. 19. 20© Cloudera, Inc. All rights reserved. Hadoop Is the Scalable Solution for Managing Customer Data Cloudera Delivers the Only Big Data Platform with Native Data Security and Encryption Securing Data at Rest Large Volumes of Private Data • Encrypt all data at rest with isolated key management • Securely store more data without losing performance Built-In Encryption • Navigator is the only encryption tool native to Hadoop • Transparent layer between application and file system Safeguarding Data in Motion Insecure Shared Networks • Ensure compliant transmission across public networks • Insufficient key release policies for cloud applications Key Management via Secure Vault • Keys are separated in secure, access-controlled servers • Trustee approval and audit logs for all access requests Managing Access to the Cluster Preventing Intruders and Nefarious Insiders • Keep tenants from accessing privileged apps and data • Audit Hadoop interactions and manage data lifecycle Multi-Stage Administration and Authorization • Kerberos and Sentry provide strong role-based access • Full governance, lineage, and discovery with Navigator Customer Pain Point Cloudera Solution
  20. 20. 21© Cloudera, Inc. All rights reserved. • Contributed by Intel in 2013 • Blueprint for enterprise-grade security Rhino Goal: Unified Authorization Engineers at Intel and Cloudera (together with Oracle and IBM) are now jointly contributing to Apache Sentry Rhino Goal: Encryption and Key Management Framework Cloudera and Intel engineers are now contributing HDFS encryption capabilities that can plug into enterprise key managers Cloudera and Intel’s Project Rhino Collaboration Developing the Leading Edge of Hadoop Data Security Hardware- Integrated Software