Presentation is loading. Please wait.

Presentation is loading. Please wait.

ELIMINATING COMPLIANCE RISKS - DATA MASKING WITH AZURE

Published byYuliani Atmadjaja Modified over 6 years ago

Similar presentations

Presentation on theme: "ELIMINATING COMPLIANCE RISKS - DATA MASKING WITH AZURE"— Presentation transcript:

1 ELIMINATING COMPLIANCE RISKS - DATA MASKING WITH AZURE

2 SECURITY THREATS INTENTIONAL (FRAUD) UNINTENTIONAL
Ponemon institute study of 60 large organizations Cost of cybercrime rose 26% to 11.6 Mil per company The most costly: Distributed Denial of Service (DDS) Web-based attacks Malicious Insiders SEI Study Of the 80 of internal fraud cases, 34 % involved Personally Identifiable Information UNINTENTIONAL Innocent insider is being set up by outsider with malicious code Insider negligence or accidental disclosure ( loss of laptop) The theft of an unencrypted laptop from an employee's car resulted in a breach affecting more than 61,000 patients in 2010 in Cincinnati Data courtesy of

3 IT RESPONDS BY TIGHTENING SECURITY
Separation of environments Tightened controls Standards, policies, audits, drills, security framework Due to increased security processes, development slows down DEVELOPMENT LOOKS SOMEWHERE ELSE : CLOUD = EASY PROVISIONNING = SPEED TO MARKET SECURITY SPEED Development

4 IS CLOUD RISK FREE? Avoiding The Hidden Costs of The Cloud (Symantec)
Of 3,236 companies : 40% exposed confidential info 25% suffered account takeover and digital theft 40% loss of data 23% fined for privacy violation IT RESTRICTIONS PRESSURE TO DEVELOP AT BREAKNECK SPEED PUBLIC CLOUD BECOMES DEVELOPMENT SANDBOX SECURTY BREACHES IN CLOUD –SLAs HOW DO WE PROTECT DATA?

5 DOES IT MEAN WE SHOULD AVOID CLOUD DEVELOPMENT?
LETS TAKE A CLOSER LOOK AT DEVELOPMENT PROCESSES AND DATA FLOWS ACROSS ENVIRONMENTS

6 BIG PICTURE : DIFFERENT COMPANIES –DIFFERENT NEEDS
STARTUP There is no data in organization. Development speed is high. Developers create their own data with “insert” statements. DEVELOPED ORGANIZATION Data in other systems and in production. It is used to populate development environments. Speed of development slows down. New Projects – add files and data feeds Continuous Development – adds its own production data Maintenance – no new features, no “inserts” any more Migration – only production data, moving on

7 NEW DEVELOPMENT When we start from Scratch, there is nothing and we can initially treat everything as if databases were code. Your Application Your Database Copyright 2005 / Scott W. Ambler

8 NEW DEVELOPMENT We create data with “INSERT” statements, saving them as code in Source Control. Cloud or no Cloud- makes no difference. Yes, promote to Staging Yes, promote to production CLEAR ALL THE TEST CASES LEAVE MASTER DATA Yes, promote to the QA SANDBOX: Create master data and test cases. test QA: Move new master data Run test cases Staging / UAT: Move New Master data, test for deployment Do UAT NO errors? NO errors? NO errors? Create a DDL and DML script in the source control Production Now, users are “testers” ERRORS ERRORS ERRORS

9 TO INFINITY AND BEYOND : IN PRODUCTION
Big day being behind, we are in production Lots of transactions Database size reaches GB, TB, PT – think Amazon, we all want our business be there We scale in various ways, yet the CRUD logic is the same Master data matures and gets into DB via GUI WE BECOME THE “DEVELOPED ORGANIZATION” WITH EXISTING SYSTEMS AND CONTINUOUS DEVELOPMENT

10 THE USUAL WAY OF DOING DATA CYCLE
DATABASE Master Data Transactional Yes, promote to Staging Yes, promote to production Yes, promote to the QA Back Up CLEAR ALL THE TEST CASES LEAVE MASTER DATA SANDBOX: Create master data and test cases. test QA: Move new master data Run test cases Staging/UAT:Move New Master data, test for deployment Do UAT NO errors? NO errors? NO errors? Create a DDL script in the source control Create DML Scripts - optional Production Now, users are “testers” ERRORS ERRORS ERRORS BACK UP Mask Sensitive Data BACK UP with Reduced data set Truncate Transactional Data Apply code

11 NEW DEVELOPMENT – EXISTING ORGANIZATION
PRODUCTION SYSTEMS DIFFERENCE ETL MASK Yes, promote to Staging Yes, promote to production CLEAR ALL THE TEST CASES LEAVE MASTER DATA Yes, promote to the QA SANDBOX: Create master data and test cases. test QA: Move new master data Run test cases Staging / UAT: Move New Master data, test for deployment Do UAT NO errors? NO errors? NO errors? Create a DDL and DML script in the source control Production Now, users are “testers” ERRORS ERRORS ERRORS

12 WE NEED TO MASK BEFORE WE DEVELOP !
BUMMER! COMPLIANCE!!! SO WHAT IS THE CATCH? MASKING IS DEVELOPMENT ACTIVITY AND TAKES TIME THAT IS WHY IT IS OFTEN “FORGOTTEN” IN THE BEGINNING OF THE CYCLE, MAKING YOUR ORGANIZATION INSTANTLY NON-COMPLIANT CURRENT SOLUTIONS USUALLY WORK ON A GOLDEN DB COPY OF EXISTING SYSTEMS

13 SOLUTION :: YET ANOTHER WAY :: MASKING IN ETL
PRODUCTION SYSTEMS ETL MASK Yes, promote to production Transactional Data Master Data Yes, promote to Staging Yes, promote to the QA QA: Move new master data Run test cases Staging/UAT:Move New Master data, test for deployment Do UAT SANDBOX: Create master data and test cases. test NO errors? NO errors? NO errors? DATABASE Create a DDL script in the source control Create DML Scripts - optional Production Now, users are “testers” ERRORS CLEAR ALL THE TEST CASES LEAVE MASTER DATA Get Delta ETL Package Move Staging Mask Sensitive Data Move To Sandbox Move To QA Apply a Transform To Accommodate DDL change

14 YET ANOTHER WAY : ETL SLA constraints on backup/load – you might not have privileges with your provider You need instant deltas of production data for development You have ETL already established You want masking be part of your already established ETL Requirements of GLBA, HIPAA, PSS/DSA Part of SDLC in Relational and in BI, with transforms Files Feeds from other production systems Benefits of HushHush No significant upfront investment No learning curve Part of development toolbox

15 ETL WITH AZURE AZURE FILES FTP ETL ETL MASK MASK VM VM DATABASE
HADOOP

16 DATA FLOW WITH SSIS MASKING EXAMPLE

17 PERILS OF ENVIRONMENTS:
DATA HOMOGNEITY ACROSS ENVIRONMENTS How close should environments be in terms of data? SANDBOXAND INTEGRATION ENVIRONMENTS hold the least amount of data. A rule of thumb: data set sufficient enough for developing functional requirements. Pros: speeds up development, cons: can’t accommodate all the test cases and needs constant data set assessments. The QA/Staging should hold complete data set to allow for UAT and for performance and regression testing. Break Fix environment holds data set and schema as close to production as possible to allow for speedy production issues resolutions. PHYSICAL CONSTRAINTS goes without saying. NO disk space means no disk space.

18 PERILS OF ENVIRONMENTS CONT.:
ENVIRONMENT SLAs is development around the clock with international development team, 24/7 or only happens in one place with 8 hours development day/time? RATE OF REFRESHES depends on whether we do continuous deployments or scheduled releases DATA RETENTION how much and often transactional data gets purged? SCHEMA MANAGEMENT Schema/data in source control? Are deployments automated including data? Are there specific structures that support metadata?

19 DATA LOAD SOLUTION STRATEGIES
ARCHITECTURAL PATTERNS Backup/Load ETL Solutions (different kinds) IN-CLOUD PATTERN - NEW VM Provisioning/IMAGE CONSTRAINTS Operational requirements for data availability data consistency performance data integrity Development Requirements for: development time skill sets Environmental Monetary (space and processors) Political (we just do not want to use third party)

20 QA/STAGING/BREAK FIX ENVIRONMENTS
BE AWARE ! Backup/Load takes time. Count on it. Refactoring takes time. Count on it. ETL takes time. Count on it. Masking has its own architectures. Chose the one appropriate.

21 USED TOOLS AND OTHER TOOLS THAT HELP
I used: SQL Server, SSMS, SSIS, HushHush components, Data Quality Services, TFS, VS, Visio If you do not have VS and TFS: Red Gate: SQL Compare, SQL Data Compare,SQL Data Generator, SQL Source Control Embarcadero: E/R Studio, DB Change Manager HUSH-HUSH Masking components for ETL architectures from FSI

22 CONTACT US 855.YOU.HUSH

Download ppt "ELIMINATING COMPLIANCE RISKS - DATA MASKING WITH AZURE"

Similar presentations

NetPay provides best and effective solution for company Managers to maintain their employee scheduling task (including staff in/out details, overtime,

NetPay provides best and effective solution for company Managers to maintain their employee scheduling task (including staff in/out details, overtime,
Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.

Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.
Data Warehousing: Defined and Its Applications Pete Johnson April 2002.

Data Warehousing: Defined and Its Applications Pete Johnson April 2002.
Intro Informatica Productivity Pack Save Time and Money while Increasing the Quality of Your PowerCenter Deployment Louis Hausle.

Intro Informatica Productivity Pack Save Time and Money while Increasing the Quality of Your PowerCenter Deployment Louis Hausle.
MANIT WEB HOSTING SERVICES Presented by - Sandeep Jain & Devesh Lal CRISP, Bhopal.

MANIT WEB HOSTING SERVICES Presented by - Sandeep Jain & Devesh Lal CRISP, Bhopal.
Information Systems Security Computer System Life Cycle Security.

Information Systems Security Computer System Life Cycle Security.
Database Change Management One solution to an often complex problem Kevin Hurwitz Headspring Systems

Database Change Management One solution to an often complex problem Kevin Hurwitz Headspring Systems
Database Security and Data Protection Suseel Pachalla, CISSP.

Database Security and Data Protection Suseel Pachalla, CISSP.
© 2005 Princeton Softech, Inc. Princeton Softech Anatomy of an Archive Project Let’s Talk About Data!! April 18, 2007 Alan Schneider.

© 2005 Princeton Softech, Inc. Princeton Softech Anatomy of an Archive Project Let’s Talk About Data!! April 18, 2007 Alan Schneider.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Bring Your Own Security (BYOS™): Deploy Applications in a Manageable Java Container with Waratek Locker on Microsoft Azure MICROSOFT AZURE ISV PROFILE:

Bring Your Own Security (BYOS™): Deploy Applications in a Manageable Java Container with Waratek Locker on Microsoft Azure MICROSOFT AZURE ISV PROFILE:
Cloud Cellar Offers Users a Cost-Effective, Turnkey Backup and Restore Solution for Their Applications and Data Hosted in the Microsoft Azure Cloud MICROSOFT.

Cloud Cellar Offers Users a Cost-Effective, Turnkey Backup and Restore Solution for Their Applications and Data Hosted in the Microsoft Azure Cloud MICROSOFT.
Enterprise Database Systems Introduction to SQL Server Dr. Georgia Garani Dr. Theodoros Mitakos Technological.

Enterprise Database Systems Introduction to SQL Server Dr. Georgia Garani Dr. Theodoros Mitakos Technological.
Copyright © New Signature 2016. Who we are: Focused on consistently delivering great customer experiences. What we do: We help you transform your business.

Copyright © New Signature Who we are: Focused on consistently delivering great customer experiences. What we do: We help you transform your business.
Data Flow and SDLC HUSH via Firm Solutions, Inc. Virginia Mushkatblat copyright.

Data Flow and SDLC HUSH via Firm Solutions, Inc. Virginia Mushkatblat copyright.
Www.Vormetric.com Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President.

Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President.
INSIDER THREATS BY: DENZEL GAY COSC 356. ROAD MAP What makes the insider threat important Types of Threats Logic bombs Ways to prevent.

INSIDER THREATS BY: DENZEL GAY COSC 356. ROAD MAP What makes the insider threat important Types of Threats Logic bombs Ways to prevent.
Veeam software Risk Mitigation and Protection

Veeam software Risk Mitigation and Protection
Maciej Pęciak Robert Dąbroś

Maciej Pęciak Robert Dąbroś
Stephen W. Thomas Integration MVP

Stephen W. Thomas Integration MVP

Similar presentations

Ads by Google