Is your current state really threat ready?
Amit Walia, Senior Vice President, General Manager of Data Integration and Security at Informatica, shares how to protect data from the inside and the outside from the 2015 Informatica Government Summit.
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Threat Ready Data: Protect Data from the Inside and the Outside
1.
2. Threat Ready Data:
Protect data from the Inside
and the Outside
Amit Walia
Senior Vice President, General Manager
Data Integration & Security
April 23, 2015
3. Current State – Threat ready…Really?
2010
2011
2012
2013
2014
4. Industry: Healthcare
ID Theft is Even More Pervasive
44%Of all data breaches are in
Healthcare
From Identity Theft Resource Center
90%Have experienced a breach
in the last 2 years
2013 ID Experts data security survey of 91 healthcare organizations
38%Have experienced > 5 breach
incidents in
the last 2 years
20-50XMedical identities are more valuable
than financial identities
5. Industry: Retail
The Real Cost of a Data Breach
Retail data breaches makes the headlines
Customer Loyalty and Revenue Declines
Stolen data used to defraud the retail company
Jobs of C-level leaders are at stake
2014 was the year of retail data breaches
Number of stolen records continue to increase
6. Industry: Financial Services
Impacted Not Only by Direct Breach, But Also Retail Breaches
45%Of financial services have been hit
2014 Economic Crime Survey by PWC of 5000 senior executives in 99
countries
$200MCard replacement cost of Target
data breach
$40MCard replacement cost of smaller
banks for 4M cards from Target
and Neiman Marcus breaches
8. • 73% of DBA’s can view all data, increasing risk of breach
• 50% say data has been compromised or stolen by
malicious insider such as a privileged user
• The cost of a breach averages $5.5 million
per organization
Data Breach: Internal Breaches and Growing
Challenges
Ponemon Institute May 2012
10. Data is the new OIL….and everyone
wants to steal it!
Why?
11. Data Breach: Shouldn’t we Focus on Protecting
the Data?
Host
Endpoint Network Devices
Application
Data
Do You Know the Most Critical Data to Protect?
What Level of Protection Is Required?
Against Outsiders?
Against Insiders?
BUT…
13. 13
“We’ve moved beyond just protecting endpoints and networks. APTs combined with trends like mobility, cloud, and outsourcing require us to
have security as close to the data as possible– independent of devices, applications, databases, storage platforms, and network topologies.
We need companies like Informatica, who understand data deeply, to take a more active role in helping us to secure information.” –CISO/
CRO, leading global bank
1. Traditional Security Architectures are
Insufficient
15. Is the risk
greater
out here? Or in here?
Data Points to Internal Users
Inside the Firewall
• Accidental
• Rogue employee
• Criminal activity
• Opportunistic
3. Insiders with privileged access
18. Where is your sensitive/private data that
should be protected?
Do you know its RISK exposure?
“…only 26 percent (CEOs) say they have identified
which types of data they hold are the most
attractive to hackers…”
Washington Post, 2014
N=1587, Source: Ponemon Research, May 2014
13%
20%
15%16%
30%
19%
45%
27%
42%
26%
23% 24%
ROW EMEA North America
Yes, All Data Yes, Most Data Yes, Some Data No
Do you know where your structured sensitive
and confidential data resides?
19. Primary Research of 1500+ enterprise customers
validates key pain points
19
Source: Ponemon Institute June 2014; 1,587 Global IT and Security practitioners in 16 countries
20. You Need Insights to Manage Your Sensitive Data
Risks
Do you have this information to prioritize your security investments?
Where Is
Your
Sensitive
Data?
Where Is Its
Residency?
Where Is
It Going?
Is It
Protected?
What Are
The
Regulations
That Apply?
Who Has
Access To
It?
What Is Its
Cost If
Stolen?
21. Data-Centric Security Intelligence & Analytics
Security approach that focuses on gaining
insights about the data context to enable cost-
effective data security controls, complementing
security solutions that focus on protecting the
network perimeter, endpoints, and infrastructure.
Focus security investments on high risk data assets
22. Data Centric Security: 2 Key Components
DATA SECURITY
CONTROLS
PERSISTENT MASKING
DYNAMIC MASKING
VALIDATION & AUDIT
ARCHIVE
DATA SECURITY
INTELLIGENCE
DISCOVERY
CLASSIFICATION
PROLIFERATION ANALYSIS
RISK ASSESSMENT
REDUCE RISK
OF SENSITIVE DATA EXPOSURE
24. Informatica Data Security
Keep Data Safe Throughout Its Lifecycle
Data
Security
Intelligence
Data
Protec2on
with
Data
Masking
Secure
Tes2ng
with
Test
Data
Management
Safely
Retain
and
Dispose
with
Data
Archive
DISCOVER
CLASSIFY
ANALYZE
MONITOR
MANAGE RISK
DYNAMIC MASKING
PERSISTENT MASKING
COMPLY
SUBSET
GENERATE
MAINTAIN
MASK TEST DATA
RETIRE LEGACY
APPLICATIONS
MANAGE RETENTION
COMPLY
REDUCE COSTS
OPTIMIZE
PERFORMANCE
25. What is it?
• Gather insights from data context
and metadata to deliver location and
risk analytics
• Leverages information from existing
data management and security
solutions
It answers:
• Where is my sensitive data?
• Is it protected?
• What country is it resident in?
• Where is it proliferating?
• Who has access to it?
• Who uses it?
• What is its value if stolen?
• What is my risk?
Data Security Intelligence: Understand Risks
26. A ‘single pane of glass' to
continuously monitor sensitive data
stores and their risks
• Enterprise-wide sensitive data
risk analytics
• Sensitive data classification &
discovery
• Proliferation analysis
• Policy-based alerting
• Integrates data security
information from 3rd parties:
• Data stores
• Data owners
• Classification
• Protection status
Secure@Source Overview
27. Informatica Data Privacy and Test Data Mgmt
Solution Architecture
Production
Dev
Test
Train
Informatica Dynamic
Data Masking
Informatica
Test Data
Management
Informatica
Data Subset
Informatica Persistent
Data Masking
Sensitive Data
Discovery
Users
Production Support
CRM
Custom
Billing
ERP
Packaged
EDW
Data Privacy
Compliance Validation
Synthetic Test Data
Informatica
Test Data Generation
28. Apply Persistent Data Masking
Protect Sensitive Information in Test & Dev
Masked Values
5992-9989-1333-5429
3724-6743-8000-2421
Masked Values
5992-9989-1333-5429
3724-6743-8000-2421
Development
Masked Values
5992-9989-1333-5429
3724-6743-8000-2421
Shuffle
Substitution
Skewing
Credit Card
Informatica Persistent
Data Masking
Testing
Training
29. Apply Dynamic Data Masking
Protect Sensitive Information in Production
(Sr. Analyst)
Original Values
5992-9989-1333-5429
3724-6743-8000-2421
Masked Values
1234-6789-1000-4422
2233-6789-3456-5555
Custom Application
(IT Administrator)
Masked Values
xxxx-xxxx-xxxx-0093
xxxx-xxxx-xxxx-7658
National ID
Credit Card
Blocking
Informatica Dynamic
Data Masking
(Offshore Support)
30. Why Informatica?
Thinking Data First: The Intelligent Data Platform Uniquely
Addresses Data Security Challenges
Intelligent Data Platform
Data Intelligence
Metadata meets machine learning
Data Infrastructure
Industry leading data integration, profiling, masking, complex event processing across all sources, anywhere
Define Once. Deploy Anywhere.
On-premise or in cloud
Data
Warehouse
Transactional
Applications
CRM ERP HR FIN
Big
Data
Unstructured
Semi-Structured
Real-time
Events
Mainframe
Systems
Cloud, Social,
Partner Data
Enterprise
Applications
Platform for Universal Data Access
31. We have successfully LOWER
RISKS, REDUCE COSTS, and
PROTECT SENSITIVE DATA for
600+ customers…
32. We have been are building off a strong foundation -
Strong showing at RSA 2013, 2014, and 2015
Informatica won awards at Product Award reception at RSA 2013, 2014 & 2015
• Gold Award for Best New Security Product - Informatica Secure@Source
• Gold Award for Database Security, Data Leakage Prevention/Extrusion Prevention -
Informatica Dynamic Data Masking
• Bronze Award for New Product - Informatica Cloud Test Data Management