Presentation is loading. Please wait.

Presentation is loading. Please wait.

Uncover data protection in the world of Panama Papers

Published byLynne Stevens Modified over 6 years ago

Similar presentations

Presentation on theme: "Uncover data protection in the world of Panama Papers"— Presentation transcript:

1 Uncover data protection in the world of Panama Papers
Microsoft Ignite 2016 8/27/2018 2:29 AM BRK3162 Uncover data protection in the world of Panama Papers Subhra Bose CEO, Financial Fabric Paul Stirpe CTO, Financial Fabric Jakub Szymaszek Program Manager, Microsoft © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Data Security and Secrecy in Financial Services
What we are saying Data security and secrecy are topical for Financial Services What we are NOT saying Legality and Ethics of data security and secrecy in any given scenario

3 2020 Global Alternative Assets is projected to grow from USD 8 Trillion to USD 15 Trillion [source: PwC] Transition from Institutional Quality to Industrial Strength Period of transformation as firms look to calibrate their businesses and operations Data-driven decision making is the key ARE YOU READY? The “data” quandary Data-driven Business Data Secrecy Effective data solution is to enable data driven business without compromising data security and secrecy

4 Financial Fabric DataHub on Azure
Enabling data driven business for Investment Managers

5 Our Approach to Data Security and Privacy
Assume data breach will happen Separation of service accounts and encryption keys on a per client basis minimize hacker and whistleblower exposure. Use data in its encrypted form when possible We used Always Encrypted in Azure SQL Database to enable data scientists for analysis without revealing sensitive fields, such as investor name, social security etc. Enforce secure authentication policies Multi-factor authentication for end-users Integrated authentication (no passwords) for services

6 Financial Fabric DataHub for
Investment Managers, Institutional Investors

7 Financial Fabric Global Infrastructure
Leverages Microsoft Azure Cloud IaaS and PaaS Capabilities Infrastructure, Security Controls & Operational Controls Fully Hosted within Microsoft Azure Data Centers Extended with the Financial Fabric Overlay Architecture & Capabilities Infrastructure Architecture Security Architecture and Controls Operational Controls Disaster Recovery & Business Continuity Plan Near real-time replication from Primary to DR data centers, Microsoft Always On DB replication technology. Americas EMEA Jurisdictional Boundaries Primary DR Primary DR Secure Channel Secure Channel APAC Secure Channel Primary DR Secure Channel Global Infrastructure: leverages Microsoft Azure worldwide datacenters certified or compliant with: Safe Harbor ISO 27001 SSAE 16 FISMA

8 Financial Fabric Architecture
Office 365 inbox Data Providers (Brokers, Admins…) Public Sources Web Portal Always Encrypted – point of decryption Ingress Files Smart Loader Always Encrypted – point of encryption Azure SQL Database Encryption at-rest via Transparent Database Encryption (TDE)

9 Always Encrypted – What Is it?
Client-side encryption Client-side encryption using keys that are never given to the database system Queries on encrypted data Support for GROUP BY, point lookups, equality joins via deterministic encryption Application transparency Minimal application changes via server and client driver enhancements

10 Always Encrypted - How Does It Work?
Microsoft Ignite 2016 8/27/2018 2:29 AM Always Encrypted - How Does It Work? Only applications/users with access to the keys can encrypt/decrypt data Encrypted sensitive data are never revealed to DBAs and host admins trust boundary SQL Server or SQL Database Client "SELECT Name FROM Customers WHERE SSN 0x7ff654ae6d ciphertext "SELECT Name FROM Customers WHERE SSN " " ADO .NET Result Set Result Set Name Wayne Jefferson Name 0x19ca706fbd9a dbo.Customers ciphertext Name SSN Country 0x19ca706fbd9a 0x7ff654ae6d USA © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Computation without Revelation
Encrypt identifying data on ingestion Using Always Encrypted in Azure SQL Database Sensitive data never stored in the database in plaintext Use deterministic encryption to enable: Account value aggregation Performance, exposure and attribution calculations Time series analytics Name SSN BirthDate Balance John Smith 10/28/1965 7,034,905 Name SSN BirthDate Balance 0xA07E47… 0x018C88... 0x45C5B… 7,034,905

12 Demo: Analytics on Always Encrypted columns
Financial Fabric

13 Financial Fabric Architecture
Office 365 inbox Data Providers (Brokers, Admins…) Public Sources Web Portal Azure AD Always Encrypted – point of decryption Ingress Files On premises AD federated with Azure AD Smart Loader Always Encrypted – point of encryption Integrated authentication using Active Directory Authentication Azure SQL Database ADFS/MFA Azure AD Connect Encryption at-rest via Transparent Database Encryption (TDE) Active Directory (AD)

14 Demo: Multi factor Authentication must have for financial services
Financial Fabric

15 8/27/2018 2:29 AM Always Encrypted & AD Authentication Business Benefits in our Architecture Clients can share data, but keep sensitive data private Enables business growth through transparency, e.g. Financial Fabric Data Science team Stronger controls for accessing sensitive data Provides stronger controls with respect to who is permitted to read sensitive data Azure Operations, SaaS Operations staff are further constrained from accessing sensitive data Active Directory Integrated Authentication Provides Enterprise strong authentication for hybrid and Azure environments © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Next Steps and Goals Enable owners of data to control data access
We are working with Microsoft Azure SQL Database team to enable storage of Always Encrypted master keys within client’s direct control, although the database is completely managed by us. Nirvana: practical homomorphic encryption Computations are limited with Deterministic Encryption Would like to see enhancements to provide: Top ‘n’ calculations on encrypted data Aggregate and statistical computations of encrypted data

17 Resources Financial Fabric DataHub
Step-by-step Tutorial on Always Encrypted Always Encrypted Samples at GitHub Securing your SQL Database SQL Server Security Blog

18 Free IT Pro resources To advance your career in cloud technology
Microsoft Ignite 2016 8/27/2018 2:29 AM Free IT Pro resources To advance your career in cloud technology Plan your career path Microsoft IT Pro Career Center Cloud role mapping Expert advice on skills needed Self-paced curriculum by cloud role $300 Azure credits and extended trials Pluralsight 3 month subscription (10 courses) Phone support incident Weekly short videos and insights from Microsoft’s leaders and engineers Connect with community of peers and Microsoft experts Get started with Azure Microsoft IT Pro Cloud Essentials Demos and how-to videos Microsoft Mechanics Connect with peers and experts Microsoft Tech Community © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Please evaluate this session
8/27/2018 2:29 AM Please evaluate this session Your feedback is important to us! From your PC or Tablet visit MyIgnite at From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 8/27/2018 2:29 AM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Uncover data protection in the world of Panama Papers"

Similar presentations

Review DirectQuery in SSAS 2016, best practices and use cases

Review DirectQuery in SSAS 2016, best practices and use cases
Learn how the cloud is accelerating network transformation

Learn how the cloud is accelerating network transformation
C# and VB code-focused development with Visual Studio

C# and VB code-focused development with Visual Studio
2/20/2018 7:04 PM BRK1038 Meet Azure Information Protection customers and learn about their success stories Jeffrey Kalfut Strategy & Architecture Manager,

2/20/2018 7:04 PM BRK1038 Meet Azure Information Protection customers and learn about their success stories Jeffrey Kalfut Strategy & Architecture Manager,
BRK1017 Taking your hybrid management and security strategy to the cloud with Operations Management Suite Jeremy Winter and Srini Chandrasekar.

BRK1017 Taking your hybrid management and security strategy to the cloud with Operations Management Suite Jeremy Winter and Srini Chandrasekar.
Enterprise grade security in your Hadoop clusters on Azure

Enterprise grade security in your Hadoop clusters on Azure
Microsoft Ignite 2016 4/30/2018 9:28 PM BRK3174

Microsoft Ignite /30/2018 9:28 PM BRK3174
Microsoft Ignite 2016 4/27/2018 9:00 AM THR2016

Microsoft Ignite /27/2018 9:00 AM THR2016
Extending IT Best Practices to Microsoft Azure

Extending IT Best Practices to Microsoft Azure
Transform yourself and build your IT cloud career path

Transform yourself and build your IT cloud career path
Deliver business insights with Microsoft Dynamics AX and Power BI

Deliver business insights with Microsoft Dynamics AX and Power BI
Accelerate application delivery and deployment: Red Hat OpenShift

Accelerate application delivery and deployment: Red Hat OpenShift
Examine information management in Cortana Intelligence

Examine information management in Cortana Intelligence
Develop, debug and deploy containerized applications with Docker

Develop, debug and deploy containerized applications with Docker
Operational Analytics in SQL Server 2016 and Azure SQL Database

Operational Analytics in SQL Server 2016 and Azure SQL Database
Build interactive data analysis environments using Apache Spark

Build interactive data analysis environments using Apache Spark
Microsoft Ignite 2016 6/2/2018 6:37 AM BRK2293

Microsoft Ignite /2/2018 6:37 AM BRK2293
Microsoft 2016 6/2/2018 3:42 PM BRK3129 Query Big Data using the Expanded T-SQL footprint with PolyBase in SQL Server 2016 Casey Karst Program Manager.

Microsoft /2/2018 3:42 PM BRK3129 Query Big Data using the Expanded T-SQL footprint with PolyBase in SQL Server 2016 Casey Karst Program Manager.
BRK3288-Discover data-driven apps that learn and adapt

BRK3288-Discover data-driven apps that learn and adapt
Microsoft 2016 6/4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,

Microsoft /4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,

Similar presentations

Ads by Google