Business Intelligence In Cloud Computing A Tokenization Approach Final

Business Intelligence in Cloud Computing:

A Tokenization ApproachMaster’s Defense

Conducted by:Eng.Hossam El-Din Hassanien

Supervised by:Prof. Dr. Ahmed Elragal

Introduction Business Intelligence

◦ Technological Approaches◦ Issues & Challenges

Cloud Computing◦ Technological Approaches◦ Issues & Challenges

Tokenization Security◦ Technological Approaches◦ Benefits & Contribution

The framework◦ Architecture & Components◦ Cryptography◦ Results

Conclusion & Future work

Agenda

December, 27th 2011 2By: Hossam El-Din Hassanien








Introduction

December, 27th 2011

•Advanced Multi-Dimensional Analytics•Efficient and Accurate Enterprise Performance Management

Decision Support

•Leveraging sophisticated Business Computing solutions for SMEs

•TCO (Total Cost of Ownership) reduction/management expanding organizational ROI (Return on Investment)

Cap-Ex to Op-Ex Transformation

•Advanced Cryptography mechanisms•Untraceable ciphers omitting reverse engineering to plain texts

Secure Data Perimeters B

usin

ess-I

nte

llig

en

ce

Solu

tion

4By: Hossam El-Din Hassanien








Term Formulated by Howard Dressner, Vice President and Research Fellow in Gartner research during the1980’s.

Initially known as DSS (Decision Support System).

Refers to Computer based methodologies and techniques used to identify, extract and analyze crucial historical, current and predictive business data through employing advanced technological tools serving enhanced decision making.

December, 27th 2011

Business Intelligence

Act

MeasureAnalyze

Plan

Transactions

Extract, Transform and Load

Data Warehouse

Business Modeling

Reporting and

Analysis

Decision Making and

Planning


“Getting data in, Getting information out.”◦ Data Warehousing:

Schema structures Star Snowflake

OLAP data stores Transforming transactional data

processing to analytical data processing.

◦ Tactical and Strategic Analytics Dashboards and Scorecards Multi-dimension analysis Cross functional

comparisons Trend analysis

December, 27th 2011

Technological approaches

Data Warehousing Architectures

OLAP cubes

Dashboards and Scorecards


Requires massive amounts resources.◦ Network◦ Storage◦ Processing Power◦ Advanced technological tools

Requires extreme secure perimeter ◦ Protecting the tactical and strategic

confidential data Financial Inter-departmental Etc.

Limitations in a nutshell◦ Elevated Security requirements◦ Increasing TCO and ROI reduction

December, 27th 2011

Issues & Challenges

Photo taken during World War II.“If you talk too much, this man may die.”









“Among the top 3 technology trends to impact IT Infrastructure, top 10 to impact Business Development”. Gartner Inc.

Is the new utility model of IT services delivery on a “Pay-per-Use” schemes, through deploying scalable virtualized resources that are allocated on a user choice of combinations of types and models.

December, 27th 2011

Cloud Computing


Cloud Computing Types:

◦ SaaS (Software-as-a-Service) Defines the utility services and

user control provided by the SP (Service Provider) over the application level.

◦ PaaS (Platform-as-a-Service) Defines the utility services and

user control provided by the SP over the application as well as the platform level.

◦ IaaS (Infrastructure-as-as-Service) Defines the utility services and

user control provided by the SP over the application ,the platform level. and Infrastructure level.

December, 27th 2011

Technological approachesCloud Computing Types


Cloud Computing Models:◦ Public Cloud

Virtualized to be shared and used by the public with no segregations done by SPs over user classifications.

Widely adopted Least Expensive Usually poses security

constraints

◦ Private Cloud Virtual remote privately

dedicated and leased to the users.

Adopted by enterprises interested in full resource outsourcing and highest security measures.

Comparatively expensive. Security constrained by SP

defense mechanisms.

December, 27th 2011

Technological approaches (Contd.)Cloud Computing Models

◦ Community Cloud Virtualized to be shared and

used by the public with access to several communityy groups.

Adopted by community groups.

Security constrained only by adversarial frequencies within the community.

◦ Hybrid Cloud Combines outsourcing virtual

resources with on-premise resource hosting.

Usually adopted by stakeholders seeking expanding present infrastructures,

Security constraints complemented by merging SP enforced rules and stakeholders measures.


Security , privacy and trust.◦ Third party control over production resources.◦ Hosting confidential data, posing leakage threats.

Currently based on Open-Standards◦ Ad-hoc standards as the only real standards.

Customized SLAs between customers and SPs.

Data lock-in◦ Probable inabilities towards completely relinquishing outsized restricted

organizational data.

Random instance placement◦ Multi-tenancy over the different types and models of CC.

December, 27th 2011

Issues & Challenges









Payment Card Industry-Data Security Standard(PCI-DSS).

Emerged through research and developments done by Payment Card Industry- Security Standards Council (PCI-SSC).

Originally adopted to elevate security measures in PCI.

Token Servers originates surrogate values called tokens, replacing sensitive data in applications and databases. These tokens are stored in Central Data Vaults that is unlocked only by proper authorization credentials.

December, 27th 2011

Tokenization Security


tokenization-edits8.swf

Easier to manage and more secure.◦ Reducing points of crucial data is stored to

only CDVs, hence less exposure.◦ Consolidating and centralizing security

systems to be audited.

Eliminates impedance introduced by inconsistencies aroused from random encryption.◦ Records created only once in CDV (Reducing

storage space).◦ DW sensitive encrypted data values used in

referential integral analytics queries are consistent.

Reverse-Engineering Omission:◦ Eliminates mathematical relations

between plain-texts and cipher-texts.

December, 27th 2011

Benefits & Contribution


Simpler to

Implement

Simpler to

Audit

Simpler to

Manage

Absolutely

Secure








December, 27th 2011

The Framework


Bu

sin

ess-I

nte

llig

en

ce

Solu

tion

Decision

Support



•Leveraging sophisticated Business Computing solutions for SMEs •Cost reduction/management expanding organizational ROI

Secure Data

Perimeters


Business

Intelligence/ Data

Warehouse

Hybrid Cloud Computing

Model

Tokenization Data

Security

Virtual CC resources:◦ BI/Reporting Server.◦ Data Warehouse back-end (Tokenized).◦ Extraction, Transform and Load Server.

On-premise/Private-Cloud resources:◦ Virtual Private Cloud (VPC) interlink.◦ Tokenization Server

Tokenization Data Vault. Algorithmic packages and functions orchestrating/maintaining tokens:

Fine Grained Audit conditional policies (DBMS_FGA) over DB DML operations.

maintain_Tokenization_lookup_algorithm. substitute_values_Actual_to_Token. Supervisory global_Algorithm.

December, 27th 2011

Components & Architecture


Tokenization Server

BI/Reporting Server

ETL Server and Data-Warehouse

December, 27th 2011

Components & Architecture (Contd.)


Disparate source systems Present inside or outside Cloud networks

Actual Sensitive Data Flow:

Logical Sensitive Data Flow:

Legend:

Tokenization Server

Tokenization Sever present on-premise or inside a Private Cloud

Network

BI/DWH components hosted inside a Cloud (Public, Private Etc.)

ETL Server and Data-Warehouse

BI/Reporting Server

December, 27th 2011By: Hossam El-Din Hassanien 21

•Algorithm maintain_Tokenization_lookup_algorithm:

maintain_Tokenization_lookup_algorithm(SET unique_Token = 0; GET <sensitive_Data_column_name>;GET <sensitive_Data_table_name>; CURSOR sensitive_Data_Cursor IS SELECT <sensitive_Data_Column_Name> FROM <sensitive_Data_Table_Name>; FOR I = 0 TO sensitive_Data_Cursor.length ( IF SELECT COUNT(token) FROM tokenization_lookup_table = 0 ; THEN INSERT INTO tokenization_lookup_table (token, corresponding_Sensitive_Data) VALUES (unique_Token, sensitive_Data_Cursor.current_Actual_Data); unique_Token ++;

ELSE SELECT <sensitive_Data_Column_Name>_Token

FROM tokenization_lookup_table WHERE ROWID=(SELECT MAX(ROWID) FROM tokenization_lookup_table); IF sensitive_Data_Cursor.current_Actual_Data exists in tokenization lookup table; THEN END; ELSEINSERT INTO tokenization_lookup_table (token, corresponding_Sensitive_Data) VALUES (unique_Token, sensitive_Data_Cursor.current_Actual_Data); unique_Token ++; ENDIF;

I ++; ) End LOOP;) End maintain_Tokenization_lookup_algorithm;;

Cryptography Customized Token generation.

1. maintain_Tokenization_lookup_algorithm2. substitute_values_Actual_to_Token

Global algorithm:

http://psoug.org/definition/INSERT.htm

http://psoug.org/definition/INTO.htm

http://psoug.org/definition/VALUES.htm




December, 27th 2011By: Hossam El-Din Hassanien 22

Cryptography

•Algorithm substitute_values_Actual_to_Token:

substitute_values_Actual_to_Token( GET <sensitive_Data_column_name>;GET <sensitive_Data_table_name>; CURSOR sensitive_Data_Cursor IS SELECT <sensitive_Data_Column_Name> FROM <sensitive_Data_Table_Name>; FOR I = 0 TO sensitive_Data_Cursor.length ( Token_Value = SELECT token FROM tokenization_lookup_table WHERE sensitive_Data_Cursor. current_sensitive_Data = tokenization_lookup_table. current_Corresponding_Sensitive_Data; INSERT INTO <actual_table_name> (<actual_column_name>_token) VALUES (Token_Value); DELETE <actual_table_name>.<actual_column_name> WHERE <actual_table_name>.<actual_column_name>_token = tokenization_lookup_table.token; ) End LOOP;) End substitute_values_Actual_to_Token;

Customized Token generation.1. maintain_Tokenization_lookup_algorithm2. substitute_values_Actual_to_Token

Global algorithm:




Customized Token generation.◦ maintain_Tokenization_lookup_algorithm

◦ substitute_values_Actual_to_Token

Global algorithm:

December, 27th 2011

Cryptography


December, 27th 2011

Results


Decision

Support



•Leveraging sophisticated Business Computing solutions for SMEs •Cost reduction/management expanding organizational ROI

Secure Data

Perimeters


Business

Intelligence/ Data

Warehouse

Hybrid Cloud Computing

Model

Tokenization Data

Security








December, 27th 2011



Conclusion◦ BI is important for organizations.

Performance analysis. Fact based decision making.

◦ Cloud Computing extensively addresses expense issues with large scale implementations. CapEx to OpEx. Undermined resources.

◦ Non-convenitional data security approaches imperative combining BI with CC. Simplified Infrastructure management, Data audit, Implementations. Elevated levels of data security.

◦ Almost all the current applications does not support Tokenization Data Security.

Future work◦ Driving motivations for vendors to support out-of-the-box Tokenization Data

Security.◦ Sophisticated Tokenization algorithms.◦ Propagation and Replication of current approaches to different frameworks in

organizations, forming complete center points of truth for data security.


Q & A

Documents

Business Intelligence In Cloud Computing A Tokenization Approach Final