With Data Protection

Andreas Lutz

Senior Vice President Sales EMEA

SECURE YOUR GROWTH

Seit 25.07.2018 gibt es die comForte 21 GmbH nicht mehr.

comforte AGAm 30.09.2018 ging der COO von comforte Michael Weilbacher in seinenwohlverdienten Ruhestand. Viele von Ihnen kennen ihn aus frühenTandem Tagen.

comforte’s neuer Chief Financial Officer:

Herr Jochen Soder

Was gibt es Neues bei comforte?

Warum wichtiger und notwendiger denn je?

Guidelines und Regulations

Welche Konsequenzen und welche Auswirkungen hat ein Data Breach seit 2018?

Was bedeutet Data-Centric Security?

How to secure your Groth?

Secure Your Groth – secure your Data

PROBABILITY OF GETTING BREACHED INCREASES EVERY YEAR

$158Mio

AVERAGE COST per 1M lost or stolen records

> 50%

Number of CYBERINSURANCEpolicies becoming more

expensive due to increased risk

96%

Breaches happened where NOdata protection was in place

6 out of 10

Organizations will discover A BREACH in 2018

May 25th 2018

GDPR going into effect and adding to

the burden of compliance

The number of CRIMINAL DATA BREACHES

per year will double to 18,000 by 2022.

200%

Gartner research: prioritize enterprise wide encryption for critical datasets (june 2017)

0

100

200

300

400

500

600

2007 2008 2009 2010 2011 2012 2013 2014 2015 2016

DATA

BRE

ACHE

S

HACKING INSIDER THEFT ACCIDENTAL DISCLOSURE

USA DATA BREACHES

WHAT DRIVES SECURITY INVESTMENTS?

Financial

Cloud

Reputational

Industry standards & regulations

National data privacy laws

International data protection regulations

Secure DevOps

Big Data

Modern application architecture

Risk Compliance & Regulations

Digital Innovation & New Technology

ORGANIZATIONS SPEND A LOT OF MONEY ON DIFFERENT MEASURES TO REDUCE RISK

Endpoint & Mobile Pro-

tection

Network &

Gateway Defense

Threat &

Vulnera-bility

MgmtApplication Security

Cloud Security

Security Monitor

ing & Operati

ons

These measuresonly protect youagainst knownattack methods

So, even with all these defenses in place, it is not possible to prevent breaches

THE ONLY SOLUTION IS TO PROTECT THE DATA ITSELF AND NOT JUST THE PERIMETER AROUND IT

Endpoint & Mobile

Protection

Network &

Gateway Defense

Threat & Vulnerabi

lity Mgmt

Application Security

Cloud Security

Security Monitoring

& Operations

DATA PROTECTION

Data is a pervasive critical asset that crosses traditional silo boundaries on-

premises and in the cloud.

This requires a data-centric security strategy that prioritizes datasets and

mitigates evolving business risks such as regulatory compliance and threats from

hacking, fraud and ransomware.

Gartner, July 2017

WITHOUT THE RIGHT PROTECTION, DIFFERENT TYPES OF DATA ARE AT STAKE

Payment card data (PAN, CHD)Payment processors, Merchants & Retailers,Financial industry

At the Point of Sale deviceStored in databases or files• traditionally on-premises• in transit between

processors

Protected health info (PHI)Tax IDs or SSNsIntelligent property or industry secrets

Healthcare, Insurance, Manufacturing, other industries

Stored in databases or files • on-premises• off-premise • in the cloud

Personally identifiable info (PII) Personal data All industries

Stored in databases or files • on-premises• off-premise • in the cloud

Type of data at risk Typical Industry Where is the data at risk

WHAT KIND OF RISK ARE WE TALKING ABOUT?

Company Reputation

Costs Customer Churn Job Loss

News headlines have shown no mercy when reporting a

data breach

Remediation steps (example: may have

to buy millions of customers credit

monitoring services)

Customers may lose loyalty and change to

a competitor as a result

C-level executives must justify to the board of directors whether the data breach could have

been prevented

Stock value (of public companies) may drop at

the time of a breach due to perception of the

problem

Fines for non-compliance with regulations and

additional costs relatedto legal action

Companies may choose to work with a

competitor if your organization has been

breached or cannot ensure future security

Non-executives may suffer the same fate if the company starts to

lose business and needs to downsize

After these breaches were announced shareholder value dropped:• Yahoo!’s

acquisition price devaluated $350m

• Chipotle lost of $400m in value

• Equifax stock dropped by >25%

ProbabilityImpact

PCI DSS 3.4 ASC X9Standard 119-2

GDPR

Render Primary Account Number (PAN) unreadable anywhere it is

stored

Defines the minimum security requirements for

implementing tokenization

Data security measures shouldallow Pseudonymization

(tokenizing or encrypting) of personal data

“Data protection with tokenization is proving to be more effective than network perimeter defenses or intrusion detection and is endorsed by the most well-known and respected compliance standards worldwide”

PROTECT YOUR DATA WITH TOKENIZATION

According to Gartner Research, tokenization has emerged as a best practice for protecting sensitive fields or columns in databases during the past few years.

TOKENIZATION REPLACES SENSITIVE VALUES WITH NON-SENSITIVE VALUES

Business ApplicationsFirst/Last: Alan TuringTax ID num: 101-66-7459Credit Card: 4321 1234 4568

9012

First/last: Alan EfplsmqyTax ID num: FD4-J2-96BGCredit Card: 4321 1299 9999

9012

Tokenization

DB or File

Sensitive values can be basically any type, e.g. names, DoB, account numbers, SSNs, etc

OUR SOLUTION OFFERS RELIABLE PROTECTION

When a hacker succeeds with any of

the attack vectors…

…the protected data has no exploitable value

Typical scenarios for data-centric security

USE CASES

SolutionDeployed and integrated

data protection using tokenization without interruption to the

payment application

Result

PCI DSS compliance with zero impact to the business

ChallengeOver 3 million

payment transactions per day were written to an on-premises data-base in

unprotected form

ExampleLeading

Payments Processor

ENSURING & MAINTAINING PCI DSS COMPLIANCE

Industry:Finance - Payments

Driver: PCI DSS compliance

PCI DSS requirement 3.4 states:Render PAN data unreadable anywhere it is stored. Technology solutions for this requirement may include strong one-way hash functions of the entire PAN, truncation, index tokens with securely stored pads, or strong cryptography

Considered as best practice and,

starting 1 February 2018

effective as requirement and must be used

Solution

Data protection beyond corporate boundaries: By sending tokenized

data, the bank is helping its customers to reduce

PCI scope

Result

The bank leverages data protection as a competitive

differentiator to retain existing customers and win

over new business

Challenge

How to achieve competitive

differentiation in payments to gain

more market share

Example

LeadingCanadian

Bank

BECOMING MORE COMPETITIVE WITH MooS

Industry:Finance - Payments

Driver: Competitive differentiationPCI DSS compliance

Payments is a highly competitive marketCustomers of payments processors are trying to reduce their PCI DSS scope and to save compliance costs. One way of achieving this, is to work with a payments processor that exchanges tokens with the merchant instead of PAN data taking the Merchant out of Scope (MooS)

Payments processors

should leverage this as a

competitive differentiator to

secure their growth

Solution

Protection of sensitive data with tokenization

for all data that is provided to help-desk teams through their

applications

Result

Ensuring & maintaining

compliance without interrupting the

work of customer-facing functions

Challenge

Provide customer data to internal or external help-desk functions. Ensure productivity without increasing compliance

concerns.

Example

Leading German

Bank

ACHIEVING COMPLIANCE FOR CALL CENTER/HELP DESK OPERATIONS

Industry:All industries

Driver: PCI DSS complianceGDPR complianceFinancial risk

Call-center or help-desk workers need to be able to do their job, but at the same time it does not make sense to give them access to all sensitive data. Especially if these functions have been outsourced to a 3rd party.

Gartner Research states that this is one of the mostcommon scenarios they hear about from end userorganizations

Call-Center and Help-Desk operations

commonly cause compliance headaches

Solution

Data protection with tokenization for sensitive data elements and integration with

core business applications

Result

Ensuring & maintaining GDPR compliance without

impacting the business

Challenge

Comply with GDPR, PCI and

related standards to avoid fines

Example

Payment Processor

ENSURING GDPR COMPLIANCE TO AVOID BIG FINES

Industry:All industries

Driver: GDPR complianceFinancial risk

General Data Protection Regulation (GDPR), article 32:

Data security measures should, at a minimum, allow: Pseudonymizing or encrypting personal data

Monetary fines for not compliying with GDPR will besignificant.

Affects all companies

that process personal data of

European residents

Solution

Deployed data protection to ensure that all sensitive data

in the Big Data store is tokenized

Result

Access to the Big Data store was reinstated after

compliance requirements were satisfied

Challenge

Big Data project for customer insight

analytics was shut down due to

compliance issues

Example

European Financial

Organization

ADDRESSING COMPLIANCE RISK FOR BIG DATA PROJECT SUCCESS

Industry:All industries

Driver: ComplianceRisk of Big Data project failure

Big data is becoming the weakest link in the data security chain The three biggest risks for Big Data projects:• Not being able to obtain data due to its sensitive

nature• Being shut down due to failing to comply with

regulations• Getting breached

“98% of brands are negligent with Big Data

security”

Source: Gartner

We know how to secure your growth

WHY COMFORTE?

COMFORTE IS A MARKET LEADER IN DATA PROTECTION TODAY

Our continued success since entering the field of data protection

We are proud to be the trusted partner for some of the world's most successful companies

The 2 largest credit card

processors in the world

2 of the 15 largest retailers in the world

15 of the 25 largest banks in the world

First active customer went live in 2014

Patent for tokenization algorithm received in 2015

Completed over 40 data protection projects

In production at more than 20 enterprise customers

COMFORTE DATA PROTECTION BENEFITS

Easy integration with your

business-critical applications

Ensures your sensitive data is protected on-premises and in the cloud

Fault-tolerance is

not an option, it is built-in

MinimalAttack Surface

Proven in complex

environments

START SECURING YOUR GROWTH WITH COMFORTE DATA PROTECTION

https://www.comforte.com/dataprotection/

Don’t wait until a breach happens – be prepared and secure your growth

comforte is a leader in mission critical tokenization

Tokenization is the best possible data protection approach today We selected data protection from

comforte to deliver the highest level of data security for our payments processing. The comforte team has been an excellent partner throughout theproject. There is a high level of commitment, understanding and trust.IT Team Government Savings Bankcomforte offers strong support that is not only available whenever needed, but that is also very knowledgeable. IT Manager & Application Owner Leading Canadian Bank

What made the difference for us was finding a solution that not only offered a state-of-the-art data protection, but also provided application transparency that meant the solution could be integrated quickly and seamlessly into our existing applications.IT Manager Bankart, d.o.o

CAPABILITIES & ARCHITECTURE

YOUR DATA DESERVES BEST-IN-CLASS TOKENIZATION

Stateless / Vault-less tokenization

Validated by independent cryptologists

Linearly scalable for extreme performance

Collision-free

Patented technology based on unbalanced Feistel networks

Supports various element formats to be tokenized (PII, PHI,…)

comforte Tokenization Engine

Tokenization Algorithm

Tokenization Table

SOLID ARCHITECTURE YOU CAN RELY ON – COMFORTE DATA PROTECTION CLUSTER

PN

PN

PN PN

PN

PN

EA

EA

EA

EA EA

EA

EAEA

EA

EA

MC AC

Cluster of Protection

Nodes PN

monitor/restart each other

Failure of single PN will have no impact to enterprise application (EA), as another PN will automatically take over

Management Console (MC) configures SDF (configuration file) and generates token tablesMC can be stopped after cluster startup

SDF & token tables & endpoint authentication data loaded into PN

Audit Console creates a solid audit trail and allows real-time insights into key questions around enterprise data protection

PN

EA

AC

MC

Protection Node in a virtual appliance

Enterprise Application

Audit Console

Management Console

INTEGRATION OPTIONS - OVERVIEW

No code changes required

Transparent integration for MS Windows, Linux, Unix and HPE NonStop

Allows for protecting files accessed by 3rd party applications that cannot be changed, such as file transfer clients or OS tools

Data processing layer locates and replaces sensitive data in the intercepted I/O stream

Transparency enables implementation of tokenization without interruption of service

API-based integration SmartAPI Transparent Integration

TokensTKNs

Application AJava.NET SmartAPI

TokensTKNs

SecurDPSTransparency Layer

SecurDPS Data Processing Layer

SmartAPI(Java; .Net)

Application B

EA

OUR SMARTAPI MAKES INTEGRATION OF HIGH AVAILABILITY TOKENIZATION EASY

PNPN PNPN PN PN

All transparent to business

applications

Automatic load balancing Automatic (re)distribution

Automatic integrity assurance

Automatic failover

SmartAPI

Automatic scaling

EA

SmartAPI

App w/o protection

SIMPLIFYING DATA PROTECTION WITH TRANSPARENT INTEGRATION

Interpose/Intercept(Linux/Unix/NonStop)

Virtual File System(Linux/Windows)

DATA PROTECTION THAT MATCHES THE SPEED OF YOUR BUSINESS PERFORMANCE

High performance

minimal overhead

communication protocol

PNs can be co-located close to EA, resulting in extremely low

latency

Linear scalable cluster with each PN easily able to perform > 100k

tokenizations per second

Optimized performance due to

intelligent streaming and load

distribution

Anywhere. Anytime.

OUR GLOBAL REACH

Germany & Europe

comforte AGAbraham-Lincoln-Str. 22

65189 Wiesbaden

Phone: +49 611 93199 00Fax:+49 611 93199 05

North America

comforte Inc.4600 S. Syracuse St.

#900 Denver, Co 80237 USA

Phone: +1 303-256-6257Fax: +1 303-256-6205

Singapore & Asia

comforte Asia Pte. Ltd. 16 Collyer Quay

#18-00 Singapore 049318

Phone: +65 6818 9725Fax: +65 68189842

Australia

comforte Pty.Suite 20, 1 Rivett RoadNorth Ryde, NSW 2113

Postal: PO Box 1710, Lane Cove, NSW 1595

Phone: +61 2909 84824

Let us know and we will happily discuss them with you

Andreas LutzSenior Vice President Sales EMEAa.Lutz@comforte.com+49 176 2448 1915www.comforte.dom

QUESTIONS?