SECURE YOUR GROWTH - GTUG - PP... · 2018-11-07 · protect your data with tokenization According...
Transcript of SECURE YOUR GROWTH - GTUG - PP... · 2018-11-07 · protect your data with tokenization According...
With Data Protection
Andreas Lutz
Senior Vice President Sales EMEA
SECURE YOUR GROWTH
Seit 25.07.2018 gibt es die comForte 21 GmbH nicht mehr.
comforte AGAm 30.09.2018 ging der COO von comforte Michael Weilbacher in seinenwohlverdienten Ruhestand. Viele von Ihnen kennen ihn aus frühenTandem Tagen.
comforte’s neuer Chief Financial Officer:
Herr Jochen Soder
Was gibt es Neues bei comforte?
Warum wichtiger und notwendiger denn je?
Guidelines und Regulations
Welche Konsequenzen und welche Auswirkungen hat ein Data Breach seit 2018?
Was bedeutet Data-Centric Security?
How to secure your Groth?
Secure Your Groth – secure your Data
PROBABILITY OF GETTING BREACHED INCREASES EVERY YEAR
$158Mio
AVERAGE COST per 1M lost or stolen records
> 50%
Number of CYBERINSURANCEpolicies becoming more
expensive due to increased risk
96%
Breaches happened where NOdata protection was in place
6 out of 10
Organizations will discover A BREACH in 2018
May 25th 2018
GDPR going into effect and adding to
the burden of compliance
The number of CRIMINAL DATA BREACHES
per year will double to 18,000 by 2022.
200%
Gartner research: prioritize enterprise wide encryption for critical datasets (june 2017)
0
100
200
300
400
500
600
2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
DATA
BRE
ACHE
S
HACKING INSIDER THEFT ACCIDENTAL DISCLOSURE
USA DATA BREACHES
WHAT DRIVES SECURITY INVESTMENTS?
Financial
Cloud
Reputational
Industry standards & regulations
National data privacy laws
International data protection regulations
Secure DevOps
Big Data
Modern application architecture
Risk Compliance & Regulations
Digital Innovation & New Technology
ORGANIZATIONS SPEND A LOT OF MONEY ON DIFFERENT MEASURES TO REDUCE RISK
Endpoint & Mobile Pro-
tection
Network &
Gateway Defense
Threat &
Vulnera-bility
MgmtApplication Security
Cloud Security
Security Monitor
ing & Operati
ons
These measuresonly protect youagainst knownattack methods
So, even with all these defenses in place, it is not possible to prevent breaches
THE ONLY SOLUTION IS TO PROTECT THE DATA ITSELF AND NOT JUST THE PERIMETER AROUND IT
Endpoint & Mobile
Protection
Network &
Gateway Defense
Threat & Vulnerabi
lity Mgmt
Application Security
Cloud Security
Security Monitoring
& Operations
DATA PROTECTION
Data is a pervasive critical asset that crosses traditional silo boundaries on-
premises and in the cloud.
This requires a data-centric security strategy that prioritizes datasets and
mitigates evolving business risks such as regulatory compliance and threats from
hacking, fraud and ransomware.
Gartner, July 2017
WITHOUT THE RIGHT PROTECTION, DIFFERENT TYPES OF DATA ARE AT STAKE
Payment card data (PAN, CHD)Payment processors, Merchants & Retailers,Financial industry
At the Point of Sale deviceStored in databases or files• traditionally on-premises• in transit between
processors
Protected health info (PHI)Tax IDs or SSNsIntelligent property or industry secrets
Healthcare, Insurance, Manufacturing, other industries
Stored in databases or files • on-premises• off-premise • in the cloud
Personally identifiable info (PII) Personal data All industries
Stored in databases or files • on-premises• off-premise • in the cloud
Type of data at risk Typical Industry Where is the data at risk
WHAT KIND OF RISK ARE WE TALKING ABOUT?
Company Reputation
Costs Customer Churn Job Loss
News headlines have shown no mercy when reporting a
data breach
Remediation steps (example: may have
to buy millions of customers credit
monitoring services)
Customers may lose loyalty and change to
a competitor as a result
C-level executives must justify to the board of directors whether the data breach could have
been prevented
Stock value (of public companies) may drop at
the time of a breach due to perception of the
problem
Fines for non-compliance with regulations and
additional costs relatedto legal action
Companies may choose to work with a
competitor if your organization has been
breached or cannot ensure future security
Non-executives may suffer the same fate if the company starts to
lose business and needs to downsize
After these breaches were announced shareholder value dropped:• Yahoo!’s
acquisition price devaluated $350m
• Chipotle lost of $400m in value
• Equifax stock dropped by >25%
ProbabilityImpact
PCI DSS 3.4 ASC X9Standard 119-2
GDPR
Render Primary Account Number (PAN) unreadable anywhere it is
stored
Defines the minimum security requirements for
implementing tokenization
Data security measures shouldallow Pseudonymization
(tokenizing or encrypting) of personal data
“Data protection with tokenization is proving to be more effective than network perimeter defenses or intrusion detection and is endorsed by the most well-known and respected compliance standards worldwide”
PROTECT YOUR DATA WITH TOKENIZATION
According to Gartner Research, tokenization has emerged as a best practice for protecting sensitive fields or columns in databases during the past few years.
TOKENIZATION REPLACES SENSITIVE VALUES WITH NON-SENSITIVE VALUES
Business ApplicationsFirst/Last: Alan TuringTax ID num: 101-66-7459Credit Card: 4321 1234 4568
9012
First/last: Alan EfplsmqyTax ID num: FD4-J2-96BGCredit Card: 4321 1299 9999
9012
Tokenization
DB or File
Sensitive values can be basically any type, e.g. names, DoB, account numbers, SSNs, etc
OUR SOLUTION OFFERS RELIABLE PROTECTION
When a hacker succeeds with any of
the attack vectors…
…the protected data has no exploitable value
Typical scenarios for data-centric security
USE CASES
SolutionDeployed and integrated
data protection using tokenization without interruption to the
payment application
Result
PCI DSS compliance with zero impact to the business
ChallengeOver 3 million
payment transactions per day were written to an on-premises data-base in
unprotected form
ExampleLeading
Payments Processor
ENSURING & MAINTAINING PCI DSS COMPLIANCE
Industry:Finance - Payments
Driver: PCI DSS compliance
PCI DSS requirement 3.4 states:Render PAN data unreadable anywhere it is stored. Technology solutions for this requirement may include strong one-way hash functions of the entire PAN, truncation, index tokens with securely stored pads, or strong cryptography
Considered as best practice and,
starting 1 February 2018
effective as requirement and must be used
Solution
Data protection beyond corporate boundaries: By sending tokenized
data, the bank is helping its customers to reduce
PCI scope
Result
The bank leverages data protection as a competitive
differentiator to retain existing customers and win
over new business
Challenge
How to achieve competitive
differentiation in payments to gain
more market share
Example
LeadingCanadian
Bank
BECOMING MORE COMPETITIVE WITH MooS
Industry:Finance - Payments
Driver: Competitive differentiationPCI DSS compliance
Payments is a highly competitive marketCustomers of payments processors are trying to reduce their PCI DSS scope and to save compliance costs. One way of achieving this, is to work with a payments processor that exchanges tokens with the merchant instead of PAN data taking the Merchant out of Scope (MooS)
Payments processors
should leverage this as a
competitive differentiator to
secure their growth
Solution
Protection of sensitive data with tokenization
for all data that is provided to help-desk teams through their
applications
Result
Ensuring & maintaining
compliance without interrupting the
work of customer-facing functions
Challenge
Provide customer data to internal or external help-desk functions. Ensure productivity without increasing compliance
concerns.
Example
Leading German
Bank
ACHIEVING COMPLIANCE FOR CALL CENTER/HELP DESK OPERATIONS
Industry:All industries
Driver: PCI DSS complianceGDPR complianceFinancial risk
Call-center or help-desk workers need to be able to do their job, but at the same time it does not make sense to give them access to all sensitive data. Especially if these functions have been outsourced to a 3rd party.
Gartner Research states that this is one of the mostcommon scenarios they hear about from end userorganizations
Call-Center and Help-Desk operations
commonly cause compliance headaches
Solution
Data protection with tokenization for sensitive data elements and integration with
core business applications
Result
Ensuring & maintaining GDPR compliance without
impacting the business
Challenge
Comply with GDPR, PCI and
related standards to avoid fines
Example
Payment Processor
ENSURING GDPR COMPLIANCE TO AVOID BIG FINES
Industry:All industries
Driver: GDPR complianceFinancial risk
General Data Protection Regulation (GDPR), article 32:
Data security measures should, at a minimum, allow: Pseudonymizing or encrypting personal data
Monetary fines for not compliying with GDPR will besignificant.
Affects all companies
that process personal data of
European residents
Solution
Deployed data protection to ensure that all sensitive data
in the Big Data store is tokenized
Result
Access to the Big Data store was reinstated after
compliance requirements were satisfied
Challenge
Big Data project for customer insight
analytics was shut down due to
compliance issues
Example
European Financial
Organization
ADDRESSING COMPLIANCE RISK FOR BIG DATA PROJECT SUCCESS
Industry:All industries
Driver: ComplianceRisk of Big Data project failure
Big data is becoming the weakest link in the data security chain The three biggest risks for Big Data projects:• Not being able to obtain data due to its sensitive
nature• Being shut down due to failing to comply with
regulations• Getting breached
“98% of brands are negligent with Big Data
security”
Source: Gartner
We know how to secure your growth
WHY COMFORTE?
COMFORTE IS A MARKET LEADER IN DATA PROTECTION TODAY
Our continued success since entering the field of data protection
We are proud to be the trusted partner for some of the world's most successful companies
The 2 largest credit card
processors in the world
2 of the 15 largest retailers in the world
15 of the 25 largest banks in the world
First active customer went live in 2014
Patent for tokenization algorithm received in 2015
Completed over 40 data protection projects
In production at more than 20 enterprise customers
COMFORTE DATA PROTECTION BENEFITS
Easy integration with your
business-critical applications
Ensures your sensitive data is protected on-premises and in the cloud
Fault-tolerance is
not an option, it is built-in
MinimalAttack Surface
Proven in complex
environments
START SECURING YOUR GROWTH WITH COMFORTE DATA PROTECTION
https://www.comforte.com/dataprotection/
Don’t wait until a breach happens – be prepared and secure your growth
comforte is a leader in mission critical tokenization
Tokenization is the best possible data protection approach today We selected data protection from
comforte to deliver the highest level of data security for our payments processing. The comforte team has been an excellent partner throughout theproject. There is a high level of commitment, understanding and trust.IT Team Government Savings Bankcomforte offers strong support that is not only available whenever needed, but that is also very knowledgeable. IT Manager & Application Owner Leading Canadian Bank
What made the difference for us was finding a solution that not only offered a state-of-the-art data protection, but also provided application transparency that meant the solution could be integrated quickly and seamlessly into our existing applications.IT Manager Bankart, d.o.o
CAPABILITIES & ARCHITECTURE
YOUR DATA DESERVES BEST-IN-CLASS TOKENIZATION
Stateless / Vault-less tokenization
Validated by independent cryptologists
Linearly scalable for extreme performance
Collision-free
Patented technology based on unbalanced Feistel networks
Supports various element formats to be tokenized (PII, PHI,…)
comforte Tokenization Engine
Tokenization Algorithm
Tokenization Table
SOLID ARCHITECTURE YOU CAN RELY ON – COMFORTE DATA PROTECTION CLUSTER
PN
PN
PN PN
PN
PN
EA
EA
EA
EA EA
EA
EAEA
EA
EA
MC AC
Cluster of Protection
Nodes PN
monitor/restart each other
Failure of single PN will have no impact to enterprise application (EA), as another PN will automatically take over
Management Console (MC) configures SDF (configuration file) and generates token tablesMC can be stopped after cluster startup
SDF & token tables & endpoint authentication data loaded into PN
Audit Console creates a solid audit trail and allows real-time insights into key questions around enterprise data protection
PN
EA
AC
MC
Protection Node in a virtual appliance
Enterprise Application
Audit Console
Management Console
INTEGRATION OPTIONS - OVERVIEW
No code changes required
Transparent integration for MS Windows, Linux, Unix and HPE NonStop
Allows for protecting files accessed by 3rd party applications that cannot be changed, such as file transfer clients or OS tools
Data processing layer locates and replaces sensitive data in the intercepted I/O stream
Transparency enables implementation of tokenization without interruption of service
API-based integration SmartAPI Transparent Integration
TokensTKNs
Application AJava.NET SmartAPI
TokensTKNs
SecurDPSTransparency Layer
SecurDPS Data Processing Layer
SmartAPI(Java; .Net)
Application B
EA
OUR SMARTAPI MAKES INTEGRATION OF HIGH AVAILABILITY TOKENIZATION EASY
PNPN PNPN PN PN
All transparent to business
applications
Automatic load balancing Automatic (re)distribution
Automatic integrity assurance
Automatic failover
SmartAPI
Automatic scaling
EA
SmartAPI
App w/o protection
SIMPLIFYING DATA PROTECTION WITH TRANSPARENT INTEGRATION
Interpose/Intercept(Linux/Unix/NonStop)
Virtual File System(Linux/Windows)
DATA PROTECTION THAT MATCHES THE SPEED OF YOUR BUSINESS PERFORMANCE
High performance
minimal overhead
communication protocol
PNs can be co-located close to EA, resulting in extremely low
latency
Linear scalable cluster with each PN easily able to perform > 100k
tokenizations per second
Optimized performance due to
intelligent streaming and load
distribution
Anywhere. Anytime.
OUR GLOBAL REACH
Germany & Europe
comforte AGAbraham-Lincoln-Str. 22
65189 Wiesbaden
Phone: +49 611 93199 00Fax:+49 611 93199 05
North America
comforte Inc.4600 S. Syracuse St.
#900 Denver, Co 80237 USA
Phone: +1 303-256-6257Fax: +1 303-256-6205
Singapore & Asia
comforte Asia Pte. Ltd. 16 Collyer Quay
#18-00 Singapore 049318
Phone: +65 6818 9725Fax: +65 68189842
Australia
comforte Pty.Suite 20, 1 Rivett RoadNorth Ryde, NSW 2113
Postal: PO Box 1710, Lane Cove, NSW 1595
Phone: +61 2909 84824
Let us know and we will happily discuss them with you
Andreas LutzSenior Vice President Sales [email protected]+49 176 2448 1915www.comforte.dom
QUESTIONS?