virtual data & data masking - pspinfo.us data & data masking ... backup or stage write, read...
TRANSCRIPT
1© 2015 Delphix. All Rights Reserved. Private & Confidential.
Virtual Data & Data MaskingThe New Approach to Data Security
Charles Moore, Delphix
September 2016
2© 2015 Delphix. All Rights Reserved. Private & Confidential.
Identity & Data Breaches
Image goes here
3© 2015 Delphix. All Rights Reserved. Private & Confidential.
Data breaches in 2015
783Records exposed in 2015
170MAverage incident cost
$3.8M
4© 2015 Delphix. All Rights Reserved. Private & Confidential.
Data Is The New Perimeter
…and Data-Centric
Security is the new
trend
5© 2015 Delphix. All Rights Reserved. Private & Confidential.
PRODUCTION DATA
20%
80%
NON-PRODUCTION
DATA
Non-Production Data = Key
Source of Vulnerability
6© 2015 Delphix. All Rights Reserved. Private & Confidential.
The Surface Area of Risk
is Constantly Growing
Data Sprawl
Copies for
Dev/Test
Offshore
Workers &
Vendors
Different
Databases,
Tools, and
Security
Policies ???
7© 2015 Delphix. All Rights Reserved. Private & Confidential.
Non-Prod Environments = Less Secure & Greater Risks
80% of businesses
use production &
sensitive data for
non-production
activities such as
training, testing,
development, and
QA.
- Gartner Inc.
Production
Network
8© 2015 Delphix. All Rights Reserved. Private & Confidential.
Sensitive Data
Could Be In:
MetadataStructured
Data
Comments, Free Text
Fields
Embedded in Large Tables
… and anywhere else you
don’t expect
BLOBs, CLOBs
How Can You
• find PII data and identify risk
• in a reasonable amount of time
• with minimal effort or training
• to reach actionable conclusions
• that can be reported in event of
audit?
9© 2015 Delphix. All Rights Reserved. Private & Confidential.
10© 2015 Delphix. All Rights Reserved. Private & Confidential.
How Masking Eliminates Risk
John Smith
331-42-5319
303-623-8911
Mark Stevens
412-51-7533
512-523-7112
11© 2015 Delphix. All Rights Reserved. Private & Confidential.
How Masking Eliminates Risk
Masking replaces sensitive data with fictitious, but realistic data to eliminate the risk
of exposure to unauthorized parties.
John
Smith
#339-54-8234
5-12-1975
Production Non-Production
Sensitive data is masked as it is
moved downstream
QA
Mark
Stevens
#459-14-3334
4-09-1977
TEST DEV
TRAINING BI
12© 2015 Delphix. All Rights Reserved. Private & Confidential.
Without Masking With Masking
• Customer PII, Patient PHI
• Employee Info
• Intellectual Property
R HIPAA
R PCI DSS
R SOX
R State Privacy Laws
Secure Test Data
Management
Secure
Collaboration
De-risked cloud
migrations
Reduced
Insider Risk
Offshore
development
Unauthorized
Employees Vendors
Public Cloud
13© 2015 Delphix. All Rights Reserved. Private & Confidential.
Delphix Data Masking
PROFILE SECURE AUDIT
o VERIFY all sensitive data is
masked
o ALERT admins if
vulnerabilities are Identified
o DELIVER assessment to
auditors
o MASK data without any
programming
o MAINTAIN usability with fictitious,
but realistic data
o APPLY masking with consistency,
repeatability
o IDENTIFY sensitive data across
sources
o ASSIGN masking algorithms to
match data
o REPORT risk profile across the
enterprise
14© 2015 Delphix. All Rights Reserved. Private & Confidential.
Delphix Value
All at the Same Time
Accelerate Application Release Cycles
Meet Data Privacy Requirements
Tackle Large Scale Data Initiatives
Reduce Infrastructure Requirements
15© 2015 Delphix. All Rights Reserved. Private & Confidential.
How Customers Leverage Delphix
Faster Data Delivery
Provision and refresh environments in minutes
Eliminate developer and end user wait-time
through Self-Service
Data Center or Public/Private/
Cloud Migration
Migrate 50% - 80% less data
Eliminate downtime
Accelerate migration projects by 50%
Elastic Expansion of Environments
Massive economies of scale
Ability to make critical business decisions
Data Masking
Audit and governance model for distribution of sensitive data to lower
environments
80% surface area risk reduction
Integrated Data Protection
RTO in minutes, RPO in seconds
Additional level of production support
Storage Reduction
50% to 80% reduction in non-production storage
Reduction in servers
Increase Development Agility, Throughput, and Quality
1 2 3 4 5 6
Lower Costs
16© 2015 Delphix. All Rights Reserved. Private & Confidential.
On-Demand Data Across the Application Lifecycle
THE LEGACY WAY:
Impact on People & Systems
DELPHIX:
Self-service & Non-disruptive
Backups, batch
jobs, extracts
Data transfer to
backup or stage
Write, read
Data transfer to
target
Server and storage
impact
Developer
Submits
request
DBA
Backup
Admin
Storage
Admin
Manager
Systems
Admin
Approves
request
Readies
storage
Restores
version
Configures
database
Readies
target
1
2
4
5
6
3
Developer
Production
Network
Network
Backup
Target
Days, weeks, or
months later
VIRTUAL DATA
FILES,
DATABASES
1 One-Step Self-Service
V
Provision data
in minutes
Eliminates the process of copying
and moving data across systems
1
2
4
5
3
100x Faster
17© 2015 Delphix. All Rights Reserved. Private & Confidential.
Branch
Refresh
Integrate
Bookmark
Rewind
Delphix Virtualization Engine
APPS & FILES
DATABASES
Compress Provision
MASK PROVISION
RETAIN
VIRTUAL COPIES
SELF-SERVICE
DEV TEST STAGE
COLLECT CONTROL CONSUME
1/10th 1/10th 1/10th
18© 2015 Delphix. All Rights Reserved. Private & Confidential.
► ► ► ►
C I
H
F
HH
HHH
Capture Application Data
19© 2015 Delphix. All Rights Reserved. Private & Confidential.
March 22 08:41March 22 12:43March 23 06:11
Continuously Record Changes
► ► ► ►Incremental change data
C I
H
F
HH
HHHH H H
20© 2015 Delphix. All Rights Reserved. Private & Confidential.
Share Data Blocks Instead of
Duplicating Data
► ► ►
D
C I
B
G
H
F
A
H
D
C IB
GH
F
AH
DEV
D
C IB
GH
F
AH
TEST
D
C IB
GH
F
AH
REPORTING
21© 2015 Delphix. All Rights Reserved. Private & Confidential.
SOURCEApp files and databases
The Delphix Data Virtualization Platform
NON-PRODUCTIONAny physical or virtual target server environment
DEV TEST STAGE
STORAGE: 1 TB
RDBMS
APP
RDBMS
APP
RDBMS
APP
RDBMS
APP
DELPHIX VIRTUAL MACHINE
Installs on any supported hypervisor
…Scale out to 10x virtual
copies in the space of one
physical
STORAGE: < 1 TB
ANY STORAGE
Configured for high performance
One-time, compressed copy then
unique, incremental changes onlySource
22© 2015 Delphix. All Rights Reserved. Private & Confidential.
Virtualize Data Across the Application Lifecycle
Prod
Support
Dev
& Test
Backup
& DR
Report-
ing &
ETL
Archive,
Legal
Hold
Redundant Data Across Application Lifecycle Data Consolidation, Automation
10 TB Total, 2 Weeks to Deliver 1 TB Total, 10 Minutes
CapEx: 90% redundant data across application lifecycle environments
OpEx: data management consumes time across multiple teams
23© 2015 Delphix. All Rights Reserved. Private & Confidential.
DEV:Comprehensive Data Features
to Accelerate SDLC
Self-Service Data Controls
ROLLBACK
Reset to run A/B tests, recover
from errors and data loss
SYNCHRONIZE
Dial multiple applications to
exact same time
BOOKMARK
Mark release changes,
business events
BRANCH
Pass environments to/from
Dev and QA
REFRESH
Refresh to the latest data
for high fidelity testing,
analytics
RBAC
Set up role-based
access controls,
permissions
MASK
Replace private,
sensitive data with
masked values
RETAIN
Store 30 days in space
of one for backup
restore, archiveREPLICATE
Replicate within, across
sites, or to the cloud for DR
SOURCE, TARGETS
Enable, set automation
templates for source, targets
OPS:Full Security, Control, & Resource
Allocation to Enable Self Service
24© 2015 Delphix. All Rights Reserved. Private & Confidential.
Dev Console: Self-Service UI for End Users
» Self-service portal optimized for app teams,
analysts
» Powerful data control features to accelerate
collaboration, enhance developer flexibility
» Data governance and management framework for
operations teams
» Web-based, Restful APIs enable ready integration
with existing DevOps tools and workflows
25© 2015 Delphix. All Rights Reserved. Private & Confidential.
Accelerate Data Delivery & Increase Project Output
BEFORE
» Errors more costly to fix later in SDLC
» Setup, teardown, wait-times limit testing
» Delphix enables 10X increase in test cycles
» Reduced re-code results in 50% more output
Dev Test QA Integration
TEST:
20 MIN
RESTORE:
10 MIN
TEST: 20 MIN TEST: 20 MIN TEST: 20 MIN TEST: 20 MIN
RESTORE:
8 HOURS
-----------------DBA, Sys Admin
RESTORE:
8 HOURS
-----------------DBA, Sys Admin
RESTORE:
8 HOURS
-----------------DBA, Sys Admin
RESTORE:
8 HOURS
-----------------DBA, Sys Admin
RESTORE:
8 HOURS
-----------------DBA, Sys Admin
TEST: 20 MIN
RESTORE:
8 HOURS
-----------------DBA, Sys Admin
26© 2015 Delphix. All Rights Reserved. Private & Confidential.
A Perfect Marriage of
SECURITY + SPEED
27© 2015 Delphix. All Rights Reserved. Private & Confidential.
Add Masking to Virtualization
► ►
D
C I
B
G
H
F
A
H
Mask Once
D
C IB
GH
F
AH
DEV
D
C IB
GH
F
AH
TEST
D
C IB
GH
F
AH
REPORTING
28© 2015 Delphix. All Rights Reserved. Private & Confidential.
Data-Centric Security And Reduced Risk
SECURE, VIRTUAL DATA SETS:
» REDUCE PRIVILEGED USER RISK
by automatically masking data prior to access
» REDUCE SURFACE AREA OF RISK
by eliminating admin touch points
» SECURE DATA RECORD FROM VANDALISM
with independent, granular time machine
29© 2015 Delphix. All Rights Reserved. Private & Confidential.
Over $10M Saved, 2x Faster Releases
App, data explosion due to:
• Regional expansion, Affordable Care Act, HIPAA50% Reduction
In Application Release Schedules
80% Reduced Data Risk With Data Masking
8+ PB Storage Saved6000+ Virtual Apps and DBs
Key ResultsMolina: Case Study for Consolidation
In my 4 years as CIO here at
Molina, the best ROI of any
technology investment that I’ve
made has been with Delphix.
—Rick Hopfer, Molina CIO
CIO 100 Award Winner with Delphix Implementation
A FORTUNE 500 COMPANY
30© 2015 Delphix. All Rights Reserved. Private & Confidential.
FINANCIAL HEALTHCAR
E
TELECOMMANUFACTURINGRETAILTECHNOLOGY
Over 30% of the Fortune 100 run on Delphix
31© 2015 Delphix. All Rights Reserved. Private & Confidential.
Thank You!