Solving the Really Big Tech Problems with IoT –Data Security and PrivacyHPE Security – Data Security
March 16, 2017
2
IoT Everywhere - Promising New Value
Manufacturing
Insurance
Telecom
Transportation
Energy / UtilitiesBanks / Financial
Retail
Healthcare
Government
Threat Vectors in the IoT space
3
Collector Control
PMTS
Config
Logging/monitoring
Back-end infrastructure
4
Data Privacy Regulations – High Bar, Worldwide Impact– What is The EU General Data Protection Regulation (GDPR)?
• GDPR replaces EU’s previous Data Protection Directive
• Data Protection Directive created to regulate control of
Personally Identifiable Information (PII)
• GDPR will harmonize data protection laws across 28 EU
member states
• Clearer rules for data transfer across borders
• Better control over individual’s data and its use
• Comes into force May 25, 2018
GDPR and Encryption
– GDPR calls out encryption as an approach to mitigate risks associated with the processing of sensitive data.
– Encryption and pseudonymisation are appropriate safeguards for sensitive data – with specific criteria listed
– HPE SecureData with Hyper FPE meets these criteria – i.e., encryption does not break existing business process, data can be securely decrypted as needed, and if data is encrypted then breach notification is not required
– Designation of a Data Protection Officer (DPO) will be mandatory for companies with over 250 employees based in EU, or processing data of over 5000 people per year
– Responsible for ensuring GDPR compliance and conducting GDPR audits
– What it means
– Organizations must review their entire security posture to understand the processes and controls needed to protect the privacy of EU citizens
5
2016 Saw First IoT Breaches
6
Obstacles to IoT Initiatives
DBTA – 78% of buyer-side respondents indicate lack of data security will impact their IoT progress
Forrester – 67% of security decision-makers rated privacy violations as a high level of concern
7
Security concerns now rank No.1 barrier to IoT success
– Top initiatives are around creating smart connected products that allow data from customers to be received by the enterprise (72%)
– Top barrier to IoT success is Security (35%)
– IoT has its own P&L today or will by the end of 2018 (55%)
8Gartner Survey of 2,539 Respondents in Six Countries
Encryption is an area poised for wider adoption: 2nd highest ROI against cyber crime
Why do enterprises care about encryption?
Format-Preserving Encryption (FPE)
10
– Supports data of any format: name, address, dates, numbers, etc.
– Preserves referential integrity
– Only applications that need the original value need change
– Used for production protection and data masking
– NIST-standard using FF1 AES Encryption
AES - CBC
AES - FPE 253- 67-2356
8juYE%Uks&dDFa2345^WFLERG
First Name: Uywjlqo Last Name: Muwruwwbp
SSN: 253- 67-2356
DOB: 18-06-1972
Ija&3k24kQotugDF2390^32 0OWioNu2(*872weW
Oiuqwriuweuwr%oIUOw1@
First Name: Gunther
Last Name: Robertson
SSN: 934-72-2356
DOB: 20-07-1966Tax ID
934-72-2356
Introducing “Data-centric” security
11
Traditional IT
Infrastructure Security
Disk encryption
Database encryption
SSL/TLS/firewalls
Authentication
Management
Threats to
Data
Malware,
Insiders
SQL injection,
Malware
Traffic
Interceptors
Malware,
Insiders
Credential
Compromise
Security
Gaps
HPE SecureData
Data-centric Security
SSL/TLS/firewalls
Da
ta s
ec
uri
ty c
ov
era
ge
En
d-t
o-e
nd
Pro
tecti
on
Data
Ecosystem
Storage
File systems
Databases
Data and applications
Security gap
Security gap
Security gap
Security gap
Middleware
60 Data Sources,600 Billion
records per day
250 Nodes
LDAP
Sensitive
structured
sources
Hadoop Cluster
Sqoop
Flume
Storm
Hive
UDFs
Map Reduce
Staging Area
HPE SecureData
File Processor
Teradata EDW
UDFs
Data
Virtualization
layer
Tableau
Analytics &
Data Science
HPE SecureData
Key Servers & WS
API’s
Leading Telecoms Provider – Big Data Primary Data Flow
Data
Cleansing
22
Big Data Ingestion
–Hadoop tools, Sqoop, Flume, etc.
–ETL, Informatica
–Apache™ NiFi™
–Hortonworks DataFlow (HDF)
13
Leading car manufacturer – Big Data primary data flow
14
Sensitive
structured data
Hadoop Edge
Nodes
HPE SecureData
Hadoop Tools
Hadoop Cluster Data Warehouse
Sensitive
structured
sources
Cognos
Analytics &
Data Science
HPE SecureData
Key Servers &
WS API’s
~2 Billion real time transactions/day
Other real-time data feeds – customer
data from dealerships,
manufacturers
Sqoop
Hive
UDFs
Map Reduces
“Landing
zone”
“Integration
Controls”
Flume real
time ingest
Existing data sets and 3rd party data, e.g.. accident data
UDFs
IBM DataStage
Securing the Big Data Space
15
Public
data Sqoop
Hive
UDFs
Map
Reduce
“Landing
zone”
TD
E
SQL
Spark
Sensor
Data
Power
user re-
identifies
data
BI tools
work on
protected
data
Business
processes
use
protected
data
Laptop
log files
Server
log files
Any data
Source
Storm
Kafka
Data Center & Cloud IT
Sensor
Data
THE EDGE
Edge IT
+ HPE SecureData
Teradata EDW, Vertica
Flume
Top Related