Data security in a big data environment sweden

© 2014 IBM Corporation

Data Security in a Big Data Environment

David Valovcin Worldwide Guardium [email protected]

May 2014

2 © 2014 IBM Corporation

Data Breaches are in the News Every Week A “Fear Factor” is causing some orgs to hold back on new mobile, cloud, and big data initiatives

Data-breach costs take toll on Target profit … its profit in the fourth quarter fell 46 percent on a revenue decline of 5.3 percent as the breach scared off customers worried about the security of their private data.

Account Takeover:

Bank Faces Two Suits

Health Breach Tally: 30 Million Victims More than 30.6 million individuals have been affected by major healthcare data breaches since September 2009

Canadian Breach: Sorting Out the Cause

Gaps in carrying out security policies led to the exposure of 583,000 records last year at Employment and Social Development Canada, totaling $1.5 million in

allegedly fraudulent wires


Target – first the CIO, now the CEO fired


Data Breaches Happen Close to Home


Not Only For Financial Gain

6 © 2014 IBM Corporation http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf?CMP=DMC-SMB_Z_ZZ_ZZ_Z_TV_N_Z038

Time span of events by percent of breaches

Guardium Discovery Guardium DAM

Guardium VA Guardium DAM Adv. (block/mask) Guardium Encryption

Minutes To Compromise, Months To Discover & Remediate

Time span of events by percent of breaches


Can you prove that privileged users have not inappropriately

accessed or jeopardized the integrity of your sensi7ve Big Data?


Sensitive Data Is at Risk

70% of organizations surveyed use live customer data in non-production

environments (testing, Q/A, development) Database Trends and Applications. Ensuring Protection for Sensitive Test Data

The Ponemon Institute. The Insecurity of Test Data: The Unseen Crisis

52% of surveyed organizations outsource development

50% of organizations surveyed have no way

of knowing if data used in test was compromised

The Ponemon Institute. The Insecurity of Test Data: The Unseen Crisis

$188 per record

cost of a data breach The Ponemon Institute. 2013 Cost of Data Beach Study

$5.4M Average cost of a data breach

$3M cost of losing customer loyalty (lost business) following a data breach

The True Cost of Compliance, The Cost of a Data Breach, Ponemon Institute, 2011

The Ponemon Institute. 2013 Cost of Data Beach Study

62% of organizations surveyed are not

tracking their privileged users IBM CISO SUrvey

2012 Data Breach Report from Verizon Business RISK Team

90+% Breaches go after data in servers


$3.5M Yearly average cost of

compliance

Company Data Security approach

Audit events/year

Average cost/ audit

Data loss events/year

Average cost/ data loss

Total cost (adjusted per TB)

w/o data security 6.3 $24K

2.3 $130K

$449K/TB w/ data security 1.7 1.4 $223K/TB Annual Cost of not implementing data security $226K/TB Total annual cost of doing nothing in BIG DATA compliance: (for average Big Data organization with 180 TB of business data) $40+ M

Source: Aberdeen Group. Why Information Governance Must be Addressed Right Now. 2012

Doing Nothing Is Expensive

Source: The True Cost of Compliance, The Cost of a Data Breach, Ponemon Institute, 2011

$5.4M Average cost of a data

breach


A Key Driver: Maintaining Brand Reputation

• 66% of US Adults would not return to a business if personal data was stolen

• 76% of Survey respondents indicated that a data breach had a moderate to significant impact on their business

• $184M - $330M brand value lost each victim of a data breach


Big Data Toolset: what is missing?

§  Authentication –  Interface –  Interprocess

§  Authorization –  Coarse –  Fine grained –  Role based

§  Encryption –  Interprocess –  At-rest –  Real-time

§  Privacy protection –  At rest –  Real-time

§  Auditing §  Monitoring §  Governance

–  Discovery –  Entitlements


IBM InfoSphere Data Security and Privacy Solutions

InfoSphere Data Privacy for Hadoop

InfoSphere Data Privacy and Security for Data

Warehousing

Exadata

InfoSphere Data Security and Privacy

Define and Share Discover and Classify

Mask and Redact Monitor Data Activity

Purpose-Built Capabilities

• Secure and Protect Sensitive big data • Extend Compliance Controls • Promote Information Sharing • Employ across diverse environments

• Achieve and enforce compliance • Secure and Protect sensitive data in data warehouses • Reduce costs of attaining enterprise security


Applying IBM’s Data Security Approach to Big Data

SOURCE SYSTEMS, DATA MARTS, SILOS

BIG DATA PLATFORM

USER ACCESS REQUESTS

3) Mitigating Risks with Data Protection

1) Understanding the Risks

2) Uncovering the Exposure

4) Maintaining a Tolerant Risk Level

5) Expansion to the Enterprise

1 2

3 4

5


Where is the sensitive data?

How to prevent unauthorized

activities?

How to protect sensitive data to

reduce risk?

How to secure the repository?

Discovery Classification

Identity & Access Management

Activity Monitoring

Blocking Quarantine

Masking/ Encryption Assessment

Who should have

access?

What is actually happening?

Discover Harden Mask Monitor Block

Security Policies

Dormant En9tlements

Dormant Data

Compliance Repor9ng &

Security Alerts Data Protec9on &

Enforcement

Key Questions . . .


Discovery Classification

Identity & Access Management

Activity Monitoring

Blocking Quarantine

Masking/ Encryption Assessment

Discover Harden Mask Monitor Block

Guardium VA ü Assessment reports ü Subscrip7on ü Configura7on Changes ü En7tlement Repor7ng

Guardium Standard ü  Discovery & Classifica7on ü  Queries & Reports ü  Compliance Workflow ü  Group Management ü  Integra7ons ü  Incident Management ü  Self Monitoring

Guardium Data Redaction ü  Redact sensi7ve documents

Optim Data Privacy ü  Mask sensi7ve data in test, publishing in databases and Big Data environments

Guardium DAM ü Ac7vity Monitoring ü Real-‐7me alerts ü Compliance Repor7ng

ü  Blocking ü  Dynamic Masking ü  Users Quaran7ne

ü Federate large deployment ü Central control ü Central audit collec7on

Guardium Data Encryption ü File-‐level encryp7on ü Policy-‐based Access control

IBM Can Help With the Answers

Guardium DAM ü Ac7vity Monitoring ü Real-‐7me alerts ü Compliance Repor7ng

ü  Blocking ü  Dynamic Masking ü  Users Quaran7ne

ü Federate large deployment ü Central control ü Central audit collec7on

InfoSphere Data Privacy and Security for Hadoop


InfoSphere BigInsights

DATABASES

FTP

Exadata DATABASE

HANA

Optim Archival

Siebel, PeopleSoft, E-Business

Master Data Management

Data Stage

CICS

One Technology to Control it All

DAM Encryption Masking

VA Redaction

16


Scalable Multi-Tier Architecture

Integration with LDAP, IAM, SIEM, IBM TSM,

BMC Remedy, …


Link to the case study

http://public.dhe.ibm.com/common/ssi/ecm/en/imc14573usen/IMC14573USEN.PDF

A Private Bank in the UAE automates security compliance reporting in a big data environment

Need •  The bank processes several terabytes of data

daily and required a solution which addressed the new security risks evolving around the world, especially with respect to protecting big data environments.

Benefits

•  Achieves ROI in 8 months

•  A scalable security monitoring solution that supports diverse database environment and does not impact application performance

•  The time required to produce audit and compliance reports has gone from two months to near real-time


Data & Analytics

Data security in a big data environment sweden