data security in a big data environment sweden
DESCRIPTION
Data Security in bid data environment - Dave ValovcinsTRANSCRIPT
© 2014 IBM Corporation
Data Security in a Big Data Environment
David Valovcin Worldwide Guardium [email protected]
May 2014
2 © 2014 IBM Corporation
Data Breaches are in the News Every Week A “Fear Factor” is causing some orgs to hold back on new mobile, cloud, and big data initiatives
Data-breach costs take toll on Target profit … its profit in the fourth quarter fell 46 percent on a revenue decline of 5.3 percent as the breach scared off customers worried about the security of their private data.
Account Takeover:
Bank Faces Two Suits
Health Breach Tally: 30 Million Victims More than 30.6 million individuals have been affected by major healthcare data breaches since September 2009
Canadian Breach: Sorting Out the Cause
Gaps in carrying out security policies led to the exposure of 583,000 records last year at Employment and Social Development Canada, totaling $1.5 million in
allegedly fraudulent wires
3 © 2014 IBM Corporation
Target – first the CIO, now the CEO fired
4 © 2014 IBM Corporation
Data Breaches Happen Close to Home
5 © 2014 IBM Corporation
Not Only For Financial Gain
6 © 2014 IBM Corporation http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf?CMP=DMC-SMB_Z_ZZ_ZZ_Z_TV_N_Z038
Time span of events by percent of breaches
Guardium Discovery Guardium DAM
Guardium VA Guardium DAM Adv. (block/mask) Guardium Encryption
Minutes To Compromise, Months To Discover & Remediate
Time span of events by percent of breaches
7 © 2014 IBM Corporation
Can you prove that privileged users have not inappropriately
accessed or jeopardized the integrity of your sensi7ve Big Data?
8 © 2014 IBM Corporation
Sensitive Data Is at Risk
70% of organizations surveyed use live customer data in non-production
environments (testing, Q/A, development) Database Trends and Applications. Ensuring Protection for Sensitive Test Data
The Ponemon Institute. The Insecurity of Test Data: The Unseen Crisis
52% of surveyed organizations outsource development
50% of organizations surveyed have no way
of knowing if data used in test was compromised
The Ponemon Institute. The Insecurity of Test Data: The Unseen Crisis
$188 per record
cost of a data breach The Ponemon Institute. 2013 Cost of Data Beach Study
$5.4M Average cost of a data breach
$3M cost of losing customer loyalty (lost business) following a data breach
The True Cost of Compliance, The Cost of a Data Breach, Ponemon Institute, 2011
The Ponemon Institute. 2013 Cost of Data Beach Study
62% of organizations surveyed are not
tracking their privileged users IBM CISO SUrvey
2012 Data Breach Report from Verizon Business RISK Team
90+% Breaches go after data in servers
9 © 2014 IBM Corporation
$3.5M Yearly average cost of
compliance
Company Data Security approach
Audit events/year
Average cost/ audit
Data loss events/year
Average cost/ data loss
Total cost (adjusted per TB)
w/o data security 6.3 $24K
2.3 $130K
$449K/TB w/ data security 1.7 1.4 $223K/TB Annual Cost of not implementing data security $226K/TB Total annual cost of doing nothing in BIG DATA compliance: (for average Big Data organization with 180 TB of business data) $40+ M
Source: Aberdeen Group. Why Information Governance Must be Addressed Right Now. 2012
Doing Nothing Is Expensive
Source: The True Cost of Compliance, The Cost of a Data Breach, Ponemon Institute, 2011
$5.4M Average cost of a data
breach
10 © 2014 IBM Corporation
A Key Driver: Maintaining Brand Reputation
• 66% of US Adults would not return to a business if personal data was stolen
• 76% of Survey respondents indicated that a data breach had a moderate to significant impact on their business
• $184M - $330M brand value lost each victim of a data breach
11 © 2014 IBM Corporation
Big Data Toolset: what is missing?
§ Authentication – Interface – Interprocess
§ Authorization – Coarse – Fine grained – Role based
§ Encryption – Interprocess – At-rest – Real-time
§ Privacy protection – At rest – Real-time
§ Auditing § Monitoring § Governance
– Discovery – Entitlements
12 © 2014 IBM Corporation
IBM InfoSphere Data Security and Privacy Solutions
InfoSphere Data Privacy for Hadoop
InfoSphere Data Privacy and Security for Data
Warehousing
Exadata
InfoSphere Data Security and Privacy
Define and Share Discover and Classify
Mask and Redact Monitor Data Activity
Purpose-Built Capabilities
• Secure and Protect Sensitive big data • Extend Compliance Controls • Promote Information Sharing • Employ across diverse environments
• Achieve and enforce compliance • Secure and Protect sensitive data in data warehouses • Reduce costs of attaining enterprise security
13 © 2014 IBM Corporation
Applying IBM’s Data Security Approach to Big Data
SOURCE SYSTEMS, DATA MARTS, SILOS
BIG DATA PLATFORM
USER ACCESS REQUESTS
3) Mitigating Risks with Data Protection
1) Understanding the Risks
2) Uncovering the Exposure
4) Maintaining a Tolerant Risk Level
5) Expansion to the Enterprise
1 2
3 4
5
14 © 2014 IBM Corporation
Where is the sensitive data?
How to prevent unauthorized
activities?
How to protect sensitive data to
reduce risk?
How to secure the repository?
Discovery Classification
Identity & Access Management
Activity Monitoring
Blocking Quarantine
Masking/ Encryption Assessment
Who should have
access?
What is actually happening?
Discover Harden Mask Monitor Block
Security Policies
Dormant En9tlements
Dormant Data
Compliance Repor9ng &
Security Alerts Data Protec9on &
Enforcement
Key Questions . . .
15 © 2014 IBM Corporation
Discovery Classification
Identity & Access Management
Activity Monitoring
Blocking Quarantine
Masking/ Encryption Assessment
Discover Harden Mask Monitor Block
Guardium VA ü Assessment reports ü Subscrip7on ü Configura7on Changes ü En7tlement Repor7ng
Guardium Standard ü Discovery & Classifica7on ü Queries & Reports ü Compliance Workflow ü Group Management ü Integra7ons ü Incident Management ü Self Monitoring
Guardium Data Redaction ü Redact sensi7ve documents
Optim Data Privacy ü Mask sensi7ve data in test, publishing in databases and Big Data environments
Guardium DAM ü Ac7vity Monitoring ü Real-‐7me alerts ü Compliance Repor7ng
ü Blocking ü Dynamic Masking ü Users Quaran7ne
ü Federate large deployment ü Central control ü Central audit collec7on
Guardium Data Encryption ü File-‐level encryp7on ü Policy-‐based Access control
IBM Can Help With the Answers
Guardium DAM ü Ac7vity Monitoring ü Real-‐7me alerts ü Compliance Repor7ng
ü Blocking ü Dynamic Masking ü Users Quaran7ne
ü Federate large deployment ü Central control ü Central audit collec7on
InfoSphere Data Privacy and Security for Hadoop
16 © 2014 IBM Corporation
InfoSphere BigInsights
DATABASES
FTP
Exadata DATABASE
HANA
Optim Archival
Siebel, PeopleSoft, E-Business
Master Data Management
Data Stage
CICS
One Technology to Control it All
DAM Encryption Masking
VA Redaction
16
17 © 2014 IBM Corporation
Scalable Multi-Tier Architecture
Integration with LDAP, IAM, SIEM, IBM TSM,
BMC Remedy, …
18 © 2014 IBM Corporation
Link to the case study
http://public.dhe.ibm.com/common/ssi/ecm/en/imc14573usen/IMC14573USEN.PDF
A Private Bank in the UAE automates security compliance reporting in a big data environment
Need • The bank processes several terabytes of data
daily and required a solution which addressed the new security risks evolving around the world, especially with respect to protecting big data environments.
Benefits
• Achieves ROI in 8 months
• A scalable security monitoring solution that supports diverse database environment and does not impact application performance
• The time required to produce audit and compliance reports has gone from two months to near real-time
19 © 2014 IBM Corporation