Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc....
Transcript of Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc....
Crucial data privacy and
protection insights for 2019
Richard Macaskill and Kendra Little
Richard [email protected]
20 years Oracle and SQL Server experience
Product Manager
at Redgate
Data Governance
bolshevik!
@Kendra_Little
Founder of
SQL Workbooks
Evangelist at
Redgate
Microsoft MVP &
Microsoft Certified
Master
Agenda
Compliance is shifting left
What do we mean by ‘Shift Left’?
Employers are responsible for employees’ actions
Organizations as a whole are responsible
“If a business can’t show that good data protection is
a cornerstone of their practices, they’re leaving
themselves open to a fine or other enforcement action
that could damage bank balance or business
reputation.”
Elizabeth Denham, UK Information Commissioner
Microsoft
Confidential
https://assets.red-gate.com/products/dba/sql-clone/sql-server-database-provisioning-report.pdf
A few words on Static Data Masking
1. Realistic Values – how useful are they?
2. Correlating & syncing values across columns
3. Retaining table integrity post-masking
4. Cross-database & cross-server masking
5. Performance when masking large sets of data
➢ Applications actually work for debug/test
➢ Data rarely exists in isolation
➢ Are there keys that should be masked?
➢ ‘Systems’ use multiple data sources
➢ We can’t block our day’s work
Perimeter protection is no longer
sufficient
2018 Data Breach Investigations Report · Verizon ·
https://enterprise.verizon.com/resources/reports/dbir/
• 53,000 incidents
• 2,216 confirmed data breaches
• 43,000 successful accesses involving botnets
2018 Data Breach Investigations Report · Verizon ·
https://enterprise.verizon.com/resources/reports/dbir/
2018 Data Breach Investigations Report · Verizon ·
https://enterprise.verizon.com/resources/reports/dbir/
2018 Data Breach Investigations Report · Verizon ·
https://enterprise.verizon.com/resources/reports/dbir/
DBAs are famous for having
“zero trust” for developers
2018 Data Breach Investigations Report · Verizon ·
https://enterprise.verizon.com/resources/reports/dbir/
We need
proactive,
general “zero
trust”
The Future of Data Security: A Zero Trust Approach · John Kindervag,
Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc.
“There is a fatal flaw in the assumption… that there is
a ‘trusted’ internal network where data is safe”
Key takeaways
Security must become data-centric
A security and control framework should define, analyze, and protect the data
Data breaches dangerously erode consumer trust
The Future of Data Security: A Zero Trust Approach · John Kindervag,
Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc.
Limit access Classify data
Dispose of data when no longer needed
Devalue or “kill” data using abstraction techniques
The Future of Data Security: A Zero Trust Approach · John Kindervag,
Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc.
KEPRO: Ensuring HIPAA compliance with SQL Provision ·
Redgate · http://bit.ly/2RtUCoB
“SQL Provision has given us the ability to mask data
and push it out to multiple locations almost instantly.
That saves hours compared to the way we used to
refresh.”
You risk overspending when you
implement security controls
Executives havetraditionally under-estimated risk
relative to tech professionals
But that’s changing
Source: Redgate-commissioned survey, 378 respondents in mid-large enterprises, senior roles
But that’s changing
Source: https://uk.pcmag.com/feature/118088/gartners-cio-agenda-and-ceo-perspective-for-2019
Or misconstrued
its nature
2018 Data Breach Investigations Report · Verizon ·
https://enterprise.verizon.com/resources/reports/dbir/
Alignment protects
against over-spend
Discussion: chat on YouTube,
Slack, or Twitter #sqlinthecity
Crucial DPP insights for 2019
1. Compliance is shifting left
2. Perimeter protection is no longer sufficient, adopt a
“Zero Trust” mindset for your data
3. Alignment of developers, ops, and IT Managers
protects against over spending when implementing
security controls
Next steps
Download the Data
Privacy Influencer PDF
red-gate.com/sitc
Contact
References & Resources
2018 Data Breach Investigations Report · Verizon · https://enterprise.verizon.com/resources/reports/dbir/
KEPRO: Ensuring HIPAA compliance with SQL Provision · Redgate · http://bit.ly/2RtUCoB
SQL Provision adds fully integrated data masking · Redgate · https://www.red-gate.com/hub/product-learning/sql-provision/sql-provision-adds-fully-integrated-data-masking
The Future of Data Security: A Zero Trust Approach · John Kindervag, Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc.
Zero Trust: Your Knight In Cyber Armor · Forrester Research, Inc. · https://go.forrester.com/what-it-means/ep93-zero-trust-cyber-armor/