Uncover data protection in the world of Panama Papers

Slides:



Advertisements
Similar presentations
Review DirectQuery in SSAS 2016, best practices and use cases
Advertisements

Learn how the cloud is accelerating network transformation
C# and VB code-focused development with Visual Studio
2/20/2018 7:04 PM BRK1038 Meet Azure Information Protection customers and learn about their success stories Jeffrey Kalfut Strategy & Architecture Manager,
BRK1017 Taking your hybrid management and security strategy to the cloud with Operations Management Suite Jeremy Winter and Srini Chandrasekar.
Enterprise grade security in your Hadoop clusters on Azure
Microsoft Ignite /30/2018 9:28 PM BRK3174
Microsoft Ignite /27/2018 9:00 AM THR2016
Extending IT Best Practices to Microsoft Azure
Transform yourself and build your IT cloud career path
Deliver business insights with Microsoft Dynamics AX and Power BI
Accelerate application delivery and deployment: Red Hat OpenShift
Examine information management in Cortana Intelligence
Develop, debug and deploy containerized applications with Docker
Operational Analytics in SQL Server 2016 and Azure SQL Database
Build interactive data analysis environments using Apache Spark
Microsoft Ignite /2/2018 6:37 AM BRK2293
Microsoft /2/2018 3:42 PM BRK3129 Query Big Data using the Expanded T-SQL footprint with PolyBase in SQL Server 2016 Casey Karst Program Manager.
BRK3288-Discover data-driven apps that learn and adapt
Microsoft /4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,
Windows Server* 2016 & Intel® Technologies
Conduct a successful pilot deployment of Microsoft Intune
Review the Nutanix Cloud Platform System Standard solution
Microsoft Ignite /11/2018 1:18 AM BRK4017
Developing Hybrid Apps on Microsoft Azure Stack
Microsoft /23/2018 1:11 AM BRK3180 Migrate CRM OnPremise organizations to CRM Online cloud using Dynamics Lifecycle Services (LCS) Aditya Varma Ganapathy.
Web development productivity with Visual Studio
Deep Dive into the Azure Container Service
6/25/ :13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.
Innovate with Microsoft BI in the enterprise
Red Hat OpenShift on Microsoft Azure
Elastic database patterns for SaaS applications in Azure
The power of common identity across any cloud
Microsoft Ignite /17/ :54 PM BRK2092
Examine common architectures for hybrid identity
Microsoft Ignite /22/2018 3:27 PM BRK2121
Secure Remote Access to on-premises Web Apps using Azure AD
BRK2264 Move 13,000+ global Dynamics CRM users from on-premises to Online at Caterpillar Inc. Todd Byrne & John Finney 1 Business Unit Name Here.
7/29/2018 4:45 PM Manage SharePoint and OneDrive in Office 365: A field guide for administrators Chris Bortlik Modern Workplace Technical Architect Microsoft.
Microsoft Ignite /31/ :08 AM
Master Modern PaaS for the Enterprise with Azure App Service
BRK1018 Discover how Manulife and Rackspace manage their hybrid environments today Satya Vel Principal Program Manager Operations Management Suite + System.
Get Started with Common Data Model (CDM) and PowerApps
Design Seamless Upgrades to SQL Server 2016 with Query Store
Learn about the community of templates for Azure Stack
Microsoft /8/2018 4:45 PM BRK3062 BRK3062- Build smarter and scalable applications using Microsoft Azure Database Services Moshe Gutman CEO, GeoSafe.
Bring new levels of visibility to your datacenter with Cisco Tetration
BRK2198 Protect your data With a modern backup, archive & disaster recovery solution Avinash Belur, Sr. Product Marketing Manager Rajesh Goli, Sr. Product.
Using AAD B2C for WordPress & Secure Deployment Scenario
Microsoft Ignite /16/2018 2:39 PM BRK3307
Add intelligence to Dynamics AX with Cortana Intelligence suite
Use server-based personal desktops in Windows Server 2016
Azure SQL Data Warehouse Scaling: Configuration and Guidance
Accelerate Your Transition from Traditional IT to the Cloud
Protect your OneDrive and SharePoint files on mobile devices
Explore web development with Microsoft ASP.NET Core 1.0
Microsoft Ignite /14/ :21 AM BRK2101
Migrate to CRM Online - Tips and Tricks
Determine your role in a managed service
Dive into Predictive Maintenance using Cortana Intelligence Suite
Secure your Active Directory to mitigate risk in the cloud
Project Springfield Fuzz your code before hackers do
Microsoft Ignite /20/2018 2:21 PM
Microsoft Ignite /22/2018 3:58 PM BRK2254
Build and maintain applications with Azure Resource Manager
Automating Windows 10 and software deployments from the Cloud
Task recorder in Dynamics AX
Learn how to use and customize the Dynamics AX interactive help system
Meetup User Experience Design for SharePoint
Understand your Azure cloud assets dependencies with BMC Discovery
Presentation transcript:

Uncover data protection in the world of Panama Papers Microsoft Ignite 2016 8/27/2018 2:29 AM BRK3162 Uncover data protection in the world of Panama Papers Subhra Bose CEO, Financial Fabric Paul Stirpe CTO, Financial Fabric Jakub Szymaszek Program Manager, Microsoft © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Data Security and Secrecy in Financial Services What we are saying Data security and secrecy are topical for Financial Services What we are NOT saying Legality and Ethics of data security and secrecy in any given scenario

2020 Global Alternative Assets is projected to grow from USD 8 Trillion to USD 15 Trillion [source: PwC] Transition from Institutional Quality to Industrial Strength Period of transformation as firms look to calibrate their businesses and operations Data-driven decision making is the key ARE YOU READY? The “data” quandary Data-driven Business Data Secrecy Effective data solution is to enable data driven business without compromising data security and secrecy

Financial Fabric DataHub on Azure Enabling data driven business for Investment Managers

Our Approach to Data Security and Privacy Assume data breach will happen Separation of service accounts and encryption keys on a per client basis minimize hacker and whistleblower exposure. Use data in its encrypted form when possible We used Always Encrypted in Azure SQL Database to enable data scientists for analysis without revealing sensitive fields, such as investor name, social security etc. Enforce secure authentication policies Multi-factor authentication for end-users Integrated authentication (no passwords) for services

Financial Fabric DataHub for Investment Managers, Institutional Investors

Financial Fabric Global Infrastructure Leverages Microsoft Azure Cloud IaaS and PaaS Capabilities Infrastructure, Security Controls & Operational Controls Fully Hosted within Microsoft Azure Data Centers Extended with the Financial Fabric Overlay Architecture & Capabilities Infrastructure Architecture Security Architecture and Controls Operational Controls Disaster Recovery & Business Continuity Plan Near real-time replication from Primary to DR data centers, Microsoft Always On DB replication technology. Americas EMEA Jurisdictional Boundaries Primary DR Primary DR Secure Channel Secure Channel APAC Secure Channel Primary DR Secure Channel Global Infrastructure: leverages Microsoft Azure worldwide datacenters certified or compliant with: Safe Harbor ISO 27001 SSAE 16 FISMA

Financial Fabric Architecture Office 365 inbox Data Providers (Brokers, Admins…) Public Sources Web Portal Always Encrypted – point of decryption Ingress Files Smart Loader Always Encrypted – point of encryption Azure SQL Database Encryption at-rest via Transparent Database Encryption (TDE)

Always Encrypted – What Is it? Client-side encryption Client-side encryption using keys that are never given to the database system Queries on encrypted data Support for GROUP BY, point lookups, equality joins via deterministic encryption Application transparency Minimal application changes via server and client driver enhancements

Always Encrypted - How Does It Work? Microsoft Ignite 2016 8/27/2018 2:29 AM Always Encrypted - How Does It Work? Only applications/users with access to the keys can encrypt/decrypt data Encrypted sensitive data are never revealed to DBAs and host admins trust boundary SQL Server or SQL Database Client "SELECT Name FROM Customers WHERE SSN = @SSN", 0x7ff654ae6d ciphertext "SELECT Name FROM Customers WHERE SSN = @SSN", "111-22-3333" ADO .NET Result Set Result Set Name Wayne Jefferson Name 0x19ca706fbd9a dbo.Customers ciphertext Name SSN Country 0x19ca706fbd9a 0x7ff654ae6d USA © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Computation without Revelation Encrypt identifying data on ingestion Using Always Encrypted in Azure SQL Database Sensitive data never stored in the database in plaintext Use deterministic encryption to enable: Account value aggregation Performance, exposure and attribution calculations Time series analytics Name SSN BirthDate Balance John Smith 678-13-7865 10/28/1965 7,034,905 Name SSN BirthDate Balance 0xA07E47… 0x018C88... 0x45C5B… 7,034,905

Demo: Analytics on Always Encrypted columns Financial Fabric

Financial Fabric Architecture Office 365 inbox Data Providers (Brokers, Admins…) Public Sources Web Portal Azure AD Always Encrypted – point of decryption Ingress Files On premises AD federated with Azure AD Smart Loader Always Encrypted – point of encryption Integrated authentication using Active Directory Authentication Azure SQL Database ADFS/MFA Azure AD Connect Encryption at-rest via Transparent Database Encryption (TDE) Active Directory (AD)

Demo: Multi factor Authentication must have for financial services Financial Fabric

8/27/2018 2:29 AM Always Encrypted & AD Authentication Business Benefits in our Architecture Clients can share data, but keep sensitive data private Enables business growth through transparency, e.g. Financial Fabric Data Science team Stronger controls for accessing sensitive data Provides stronger controls with respect to who is permitted to read sensitive data Azure Operations, SaaS Operations staff are further constrained from accessing sensitive data Active Directory Integrated Authentication Provides Enterprise strong authentication for hybrid and Azure environments © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Next Steps and Goals Enable owners of data to control data access We are working with Microsoft Azure SQL Database team to enable storage of Always Encrypted master keys within client’s direct control, although the database is completely managed by us. Nirvana: practical homomorphic encryption Computations are limited with Deterministic Encryption Would like to see enhancements to provide: Top ‘n’ calculations on encrypted data Aggregate and statistical computations of encrypted data

Resources Financial Fabric DataHub http://www.financialfabric.com/ Step-by-step Tutorial on Always Encrypted https://azure.microsoft.com/en-us/documentation/articles/sql-database-always-encrypted-azure-key-vault/ Always Encrypted Samples at GitHub https://github.com/Microsoft/azure-sql-security-sample Securing your SQL Database https://azure.microsoft.com/en-us/documentation/articles/sql-database-security/ SQL Server Security Blog http://blogs.msdn.com/b/sqlsecurity/

Free IT Pro resources To advance your career in cloud technology Microsoft Ignite 2016 8/27/2018 2:29 AM Free IT Pro resources To advance your career in cloud technology Plan your career path Microsoft IT Pro Career Center www.microsoft.com/itprocareercenter Cloud role mapping Expert advice on skills needed Self-paced curriculum by cloud role $300 Azure credits and extended trials Pluralsight 3 month subscription (10 courses) Phone support incident Weekly short videos and insights from Microsoft’s leaders and engineers Connect with community of peers and Microsoft experts Get started with Azure Microsoft IT Pro Cloud Essentials www.microsoft.com/itprocloudessentials Demos and how-to videos Microsoft Mechanics www.microsoft.com/mechanics Connect with peers and experts Microsoft Tech Community https://techcommunity.microsoft.com © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Please evaluate this session 8/27/2018 2:29 AM Please evaluate this session Your feedback is important to us! From your PC or Tablet visit MyIgnite at http://myignite.microsoft.com From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting https://aka.ms/ignite.mobileapp © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8/27/2018 2:29 AM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.