Post on 15-Aug-2015
Threat Ready Data: Protect data from the Inside and the Outside
Amit Walia Senior Vice President, General Manager Data Integration & Security April 23, 2015
Industry: Healthcare ID Theft is Even More Pervasive
44% Of all data breaches are in
Healthcare From Identity Theft Resource Center
90% Have experienced a breach
in the last 2 years
2013 ID Experts data security survey of 91 healthcare organizations
38% Have experienced > 5 breach
incidents in the last 2 years
20-50X Medical identities are more valuable
than financial identities
Industry: Retail The Real Cost of a Data Breach
Retail data breaches makes the headlines Customer Loyalty and Revenue Declines Stolen data used to defraud the retail company
Jobs of C-level leaders are at stake
2014 was the year of retail data breaches Number of stolen records continue to increase
Industry: Financial Services Impacted Not Only by Direct Breach, But Also Retail Breaches
45% Of financial services have been hit 2014 Economic Crime Survey by PWC of 5000 senior executives in 99
countries
$200M Card replacement cost of Target
data breach
$40M Card replacement cost of smaller banks for 4M cards from Target and Neiman Marcus breaches
• 73% of DBA’s can view all data, increasing risk of breach • 50% say data has been compromised or stolen by
malicious insider such as a privileged user • The cost of a breach averages $5.5 million
per organization
Data Breach: Internal Breaches and Growing Challenges
Ponemon Institute May 2012
Data Breach: Shouldn’t we Focus on Protecting the Data?
Host Endpoint Network Devices Application Data
Do You Know the Most Critical Data to Protect?
What Level of Protection Is Required?
Against Outsiders?
Against Insiders?
BUT…
13
“We’ve moved beyond just protecting endpoints and networks. APTs combined with trends like mobility, cloud, and outsourcing require us to
have security as close to the data as possible– independent of devices, applications, databases, storage platforms, and network topologies.
We need companies like Informatica, who understand data deeply, to take a more active role in helping us to secure information.” –CISO/
CRO, leading global bank
1. Traditional Security Architectures are Insufficient
Is the risk greater out here? Or in here?
Data Points to Internal Users Inside the Firewall • Accidental • Rogue employee • Criminal activity • Opportunistic
3. Insiders with privileged access
Where is your sensitive/private data that should be protected?
Do you know its RISK exposure?
“…only 26 percent (CEOs) say they have identified which types of data they hold are the most
attractive to hackers…” Washington Post, 2014
N=1587, Source: Ponemon Research, May 2014
13%
20% 15% 16%
30%
19%
45%
27%
42%
26% 23% 24%
ROW EMEA North America
Yes, All Data Yes, Most Data Yes, Some Data No
Do you know where your structured sensitive and confidential data resides?
Primary Research of 1500+ enterprise customers validates key pain points
19 Source: Ponemon Institute June 2014; 1,587 Global IT and Security practitioners in 16 countries
You Need Insights to Manage Your Sensitive Data Risks
Do you have this information to prioritize your security investments?
Where Is Your
Sensitive Data?
Where Is Its Residency?
Where Is It Going?
Is It Protected?
What Are The
Regulations That Apply?
Who Has Access To
It?
What Is Its Cost If Stolen?
Data-Centric Security Intelligence & Analytics
Security approach that focuses on gaining insights about the data context to enable cost-
effective data security controls, complementing security solutions that focus on protecting the
network perimeter, endpoints, and infrastructure.
Focus security investments on high risk data assets
Data Centric Security: 2 Key Components
DATA SECURITY CONTROLS
PERSISTENT MASKING
DYNAMIC MASKING VALIDATION & AUDIT
ARCHIVE
DATA SECURITY INTELLIGENCE
DISCOVERY
CLASSIFICATION PROLIFERATION ANALYSIS
RISK ASSESSMENT
REDUCE RISK OF SENSITIVE DATA EXPOSURE
Data-Centric Security Maturity Model
23
DISCOVER
Classification Proliferation
ANALYZE
Exposure Risk
LDAP IAM
DAM/DAP DLP SIEM
DETECT
Access Controls
User Activity
Controls Remediation
PROTECT ORCHESTRATE
Block Alert Mask
Archive
Encrypt Tokenize
MONITOR
Baselines Usage Patterns
Behavioral Anomalies
PREDICT
Threats Behaviors
COLLECT & CORRELATE
Informatica Data Security Keep Data Safe Throughout Its Lifecycle
Data Security Intelligence
Data Protec2on with Data Masking
Secure Tes2ng with Test Data
Management
Safely Retain and Dispose with Data
Archive
DISCOVER CLASSIFY ANALYZE MONITOR
MANAGE RISK
DYNAMIC MASKING PERSISTENT MASKING
COMPLY
SUBSET GENERATE MAINTAIN
MASK TEST DATA
RETIRE LEGACY APPLICATIONS
MANAGE RETENTION COMPLY
REDUCE COSTS
OPTIMIZE PERFORMANCE
What is it? • Gather insights from data context
and metadata to deliver location and risk analytics
• Leverages information from existing data management and security solutions
It answers:
• Where is my sensitive data? • Is it protected? • What country is it resident in? • Where is it proliferating? • Who has access to it? • Who uses it? • What is its value if stolen? • What is my risk?
Data Security Intelligence: Understand Risks
A ‘single pane of glass' to continuously monitor sensitive data stores and their risks • Enterprise-wide sensitive data
risk analytics • Sensitive data classification &
discovery • Proliferation analysis • Policy-based alerting • Integrates data security
information from 3rd parties: • Data stores • Data owners • Classification • Protection status
Secure@Source Overview
Informatica Data Privacy and Test Data Mgmt Solution Architecture
Production
Dev
Test
Train
Informatica Dynamic Data Masking
Informatica Test Data
Management Informatica Data Subset
Informatica Persistent Data Masking
Sensitive Data Discovery
Users
Production Support
CRM Custom
Billing ERP
Packaged EDW
Data Privacy Compliance Validation
Synthetic Test Data
Informatica Test Data Generation
Apply Persistent Data Masking Protect Sensitive Information in Test & Dev
Masked Values
5992-9989-1333-5429
3724-6743-8000-2421
Masked Values
5992-9989-1333-5429
3724-6743-8000-2421
Development
Masked Values 5992-9989-1333-5429
3724-6743-8000-2421
Shuffle Substitution
Skewing Credit Card
Informatica Persistent Data Masking
Testing Training
Apply Dynamic Data Masking Protect Sensitive Information in Production
(Sr. Analyst) Original Values
5992-9989-1333-5429
3724-6743-8000-2421
Masked Values
1234-6789-1000-4422
2233-6789-3456-5555
Custom Application (IT Administrator) Masked Values
xxxx-xxxx-xxxx-0093
xxxx-xxxx-xxxx-7658
National ID Credit Card
Blocking
Informatica Dynamic Data Masking
(Offshore Support)
Why Informatica? Thinking Data First: The Intelligent Data Platform Uniquely Addresses Data Security Challenges
Intelligent Data Platform
Data Intelligence Metadata meets machine learning
Data Infrastructure Industry leading data integration, profiling, masking, complex event processing across all sources, anywhere
Define Once. Deploy Anywhere.
On-premise or in cloud
Data Warehouse
Transactional Applications
CRM ERP HR FIN
Big Data
Unstructured Semi-Structured
Real-time Events
Mainframe Systems
Cloud, Social, Partner Data
Enterprise Applications
Platform for Universal Data Access
We have been are building off a strong foundation - Strong showing at RSA 2013, 2014, and 2015
Informatica won awards at Product Award reception at RSA 2013, 2014 & 2015 • Gold Award for Best New Security Product - Informatica Secure@Source • Gold Award for Database Security, Data Leakage Prevention/Extrusion Prevention -
Informatica Dynamic Data Masking • Bronze Award for New Product - Informatica Cloud Test Data Management