Redgate DLM Demo Webinar - Git & Atlassian Bamboo - 23rd August 2016
Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc....
Transcript of Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc....
![Page 1: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/1.jpg)
![Page 2: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/2.jpg)
Crucial data privacy and
protection insights for 2019
Richard Macaskill and Kendra Little
![Page 3: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/3.jpg)
Richard [email protected]
20 years Oracle and SQL Server experience
Product Manager
at Redgate
Data Governance
bolshevik!
![Page 4: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/4.jpg)
@Kendra_Little
Founder of
SQL Workbooks
Evangelist at
Redgate
Microsoft MVP &
Microsoft Certified
Master
![Page 5: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/5.jpg)
Agenda
![Page 6: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/6.jpg)
Compliance is shifting left
![Page 7: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/7.jpg)
What do we mean by ‘Shift Left’?
![Page 8: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/8.jpg)
Employers are responsible for employees’ actions
![Page 9: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/9.jpg)
Organizations as a whole are responsible
“If a business can’t show that good data protection is
a cornerstone of their practices, they’re leaving
themselves open to a fine or other enforcement action
that could damage bank balance or business
reputation.”
Elizabeth Denham, UK Information Commissioner
![Page 10: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/10.jpg)
Microsoft
Confidential
https://assets.red-gate.com/products/dba/sql-clone/sql-server-database-provisioning-report.pdf
![Page 11: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/11.jpg)
![Page 12: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/12.jpg)
![Page 13: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/13.jpg)
![Page 14: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/14.jpg)
![Page 15: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/15.jpg)
![Page 16: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/16.jpg)
A few words on Static Data Masking
1. Realistic Values – how useful are they?
2. Correlating & syncing values across columns
3. Retaining table integrity post-masking
4. Cross-database & cross-server masking
5. Performance when masking large sets of data
➢ Applications actually work for debug/test
➢ Data rarely exists in isolation
➢ Are there keys that should be masked?
➢ ‘Systems’ use multiple data sources
➢ We can’t block our day’s work
![Page 17: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/17.jpg)
![Page 18: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/18.jpg)
![Page 19: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/19.jpg)
![Page 20: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/20.jpg)
![Page 21: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/21.jpg)
![Page 22: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/22.jpg)
![Page 23: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/23.jpg)
![Page 24: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/24.jpg)
Perimeter protection is no longer
sufficient
![Page 25: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/25.jpg)
2018 Data Breach Investigations Report · Verizon ·
https://enterprise.verizon.com/resources/reports/dbir/
• 53,000 incidents
• 2,216 confirmed data breaches
• 43,000 successful accesses involving botnets
![Page 26: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/26.jpg)
2018 Data Breach Investigations Report · Verizon ·
https://enterprise.verizon.com/resources/reports/dbir/
![Page 27: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/27.jpg)
2018 Data Breach Investigations Report · Verizon ·
https://enterprise.verizon.com/resources/reports/dbir/
![Page 28: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/28.jpg)
2018 Data Breach Investigations Report · Verizon ·
https://enterprise.verizon.com/resources/reports/dbir/
![Page 29: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/29.jpg)
DBAs are famous for having
“zero trust” for developers
![Page 30: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/30.jpg)
2018 Data Breach Investigations Report · Verizon ·
https://enterprise.verizon.com/resources/reports/dbir/
![Page 31: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/31.jpg)
We need
proactive,
general “zero
trust”
![Page 32: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/32.jpg)
The Future of Data Security: A Zero Trust Approach · John Kindervag,
Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc.
“There is a fatal flaw in the assumption… that there is
a ‘trusted’ internal network where data is safe”
![Page 33: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/33.jpg)
Key takeaways
Security must become data-centric
A security and control framework should define, analyze, and protect the data
Data breaches dangerously erode consumer trust
The Future of Data Security: A Zero Trust Approach · John Kindervag,
Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc.
![Page 34: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/34.jpg)
Limit access Classify data
Dispose of data when no longer needed
Devalue or “kill” data using abstraction techniques
The Future of Data Security: A Zero Trust Approach · John Kindervag,
Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc.
![Page 35: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/35.jpg)
KEPRO: Ensuring HIPAA compliance with SQL Provision ·
Redgate · http://bit.ly/2RtUCoB
“SQL Provision has given us the ability to mask data
and push it out to multiple locations almost instantly.
That saves hours compared to the way we used to
refresh.”
![Page 36: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/36.jpg)
You risk overspending when you
implement security controls
![Page 37: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/37.jpg)
Executives havetraditionally under-estimated risk
relative to tech professionals
![Page 38: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/38.jpg)
But that’s changing
Source: Redgate-commissioned survey, 378 respondents in mid-large enterprises, senior roles
![Page 39: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/39.jpg)
But that’s changing
Source: https://uk.pcmag.com/feature/118088/gartners-cio-agenda-and-ceo-perspective-for-2019
![Page 40: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/40.jpg)
Or misconstrued
its nature
![Page 41: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/41.jpg)
2018 Data Breach Investigations Report · Verizon ·
https://enterprise.verizon.com/resources/reports/dbir/
![Page 42: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/42.jpg)
Alignment protects
against over-spend
![Page 43: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/43.jpg)
![Page 44: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/44.jpg)
![Page 45: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/45.jpg)
![Page 46: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/46.jpg)
![Page 47: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/47.jpg)
Discussion: chat on YouTube,
Slack, or Twitter #sqlinthecity
![Page 48: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/48.jpg)
Crucial DPP insights for 2019
1. Compliance is shifting left
2. Perimeter protection is no longer sufficient, adopt a
“Zero Trust” mindset for your data
3. Alignment of developers, ops, and IT Managers
protects against over spending when implementing
security controls
![Page 49: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/49.jpg)
Next steps
Download the Data
Privacy Influencer PDF
red-gate.com/sitc
Contact
![Page 50: Crucial data privacy and - Redgate · Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal](https://reader033.fdocuments.in/reader033/viewer/2022042912/5f481df34a2ef22b726a3ec7/html5/thumbnails/50.jpg)
References & Resources
2018 Data Breach Investigations Report · Verizon · https://enterprise.verizon.com/resources/reports/dbir/
KEPRO: Ensuring HIPAA compliance with SQL Provision · Redgate · http://bit.ly/2RtUCoB
SQL Provision adds fully integrated data masking · Redgate · https://www.red-gate.com/hub/product-learning/sql-provision/sql-provision-adds-fully-integrated-data-masking
The Future of Data Security: A Zero Trust Approach · John Kindervag, Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc.
Zero Trust: Your Knight In Cyber Armor · Forrester Research, Inc. · https://go.forrester.com/what-it-means/ep93-zero-trust-cyber-armor/