8 Ways Global Leaders Protect Data in TeraData Database

8

WAYS GLOBAL LEADERS PROTECT DATA IN TERADATA DATABASE

8 WAYS GLOBAL LEADERS PROTECT DATA IN TERADATA DATABASE

CAPABILITIES

COMPLIANCE

PAYMENT CARD INDUSTRY (PCI)

BIG DATA

PROTECTED HEALTH INFORMATION (PHI)

ENCRYPTION

PERSONALLY IDENTIFIABLE INFORMATION (PII)

TOKENIZATION

AUDIT & COMPLIANCE

2

8 WAYS GLOBAL LEADERS PROTECT DATA IN TERADATA DATABASE

HOW THIS EBOOK CAN HELP YOUR BRAND As Teradata’s data security partner, we’re keen to share with you the best practices for protecting sensitive data that we’ve honed over 10 years working with more than 50 global brands that use Teradata platforms to drive analytical excellence. Given the highly sensitive nature of the services we provide to our customers, their identities have been anonymized here to protect their security posture but further details are available upon request. Look out for icons in the following pages to easily recognize how the described use cases relate to your business enterprise.

8 WAYS GLOBAL LEADERS PROTECT DATA IN TERADATA DATABASE

3

1

MULTINATIONAL BANK

This multinational bank integrated data from individual European entities to a Teradata data warehouse located in their Italian Headquarters, but EU cross-border data protection laws meant that access to Austrian and German customer data needed to be restricted to only requesters in each respective country.

They chose to implement Protegrity Vaultless Tokenization locally to de-identify PII within the source banking entities before transferring it to the Teradata data warehouse in Italy. This solution ensured compliance with EU cross-border data security laws without compromise to business analysis capabilities. Centralized, rule-based access control policies were deployed, integrating LDAP and Active Directory, to restrict access to re-identified data to authorized users only, meeting country-specific requirements for both Austria and Germany. Over time the bank has made broader use of Protegrity’s capabilities, delivering data protection for Apache™ Hadoop® via a 30-node Cloudera® instance, to ensure

4

Protegrity allows us to centrally manage the security of sensitive data regardless of where it goes. that only authorized users can access data in the clear. As the bank explores their obligations under GDPR they recognize that the use of Protegrity has provided them with the visibility and security of sensitive PII that is foundational to compliance with the Regulation’s requirements.

8 WAYS GLOBAL LEADERS PROTECT DATA IN TERADATA DATABASE

SOLUTION

DRIVER The need to reliably restrict access to centralized data to country-specific user groups for compliance with EU cross-border data protection laws.

CHALLENGE Securely consolidate large volumes of multiple data types, sourced from several countries with disparate IT systems (including mainframe, ERP & SAS), across geographical borders, into a single Teradata environment in Italy.

STEPS TO SUCCESS Identified and prioritized specific PII fields that needed protection then applied fine-grained protection at source in each country using policyenforced controls to de-protect data only for authorized users in compliance with regulations.

Protegrity’s Enterprise Security Administrator allows this bank to ensure access to unprotected data is only given to authorized users. Protegrity’s Database and Application Protectors perform in-country protection of sensitive information before its transfer to the central Teradata enterprise data warehouse in Italy.

BENEFITS Protegrity maintained the efficiency and value of this bank’s single Teradata enterprise data warehouse while providing robust data protection that satisfied regulations without impacting appropriate business use of information. The foundation for GDPR compliance was established.

8 WAYS GLOBAL LEADERS PROTECT DATA IN TERADATA DATABASE

5

2

ECOMMERCE RETAILER

Compliance with internal privacy requirements and industry data protection standards within a very short turnaround time made this eCommerce giant seek advice from Teradata about security solutions to protect PII and PCI data within their data warehouse.

Protegrity came so highly recommended as the Teradata preferred security partner that the global online retailer immediately felt confident they had found a security solution they could trust to protect customer information without compromising performance. Within three weeks, data discovery was complete and the entire solution took fewer than six months to implement. The retailer started by providing Protegrity with a list of high priority sensitive data elements to be protected, which formed the basis of their organization’s security policies. Protegrity’s Enterprise Security Administrator enabled the retailer to centrally control and enforce security

6

policies throughout the data flow, and Protegrity Database Protectors ensured that sensitive information remained protected within the Teradata enterprise data warehouse. This deployment also allowed the retailer’s security team to restrict access to sensitive data to authorized users only, and automate monitoring, auditing and alerts on the entire data security system for compliance with not only internal privacy requirements but also those of the GDPR ahead of time. This global eCommerce company is now expanding the Protegrity model to bring their entire organization into compliance with international data protection regulations.

8 WAYS GLOBAL LEADERS PROTECT DATA IN TERADATA DATABASE

IMPACT Negligible

DEPLOYMENT Less than 6 months

VOLUME PII protection in 500 tables

DRIVER

Protegrity came very highly recommended by Teradata, and they’ve more than met our expectations.

Compliance with internal requirements and industry standards for data protection

CHALLENGE A very short deadline for project completion

STEPS TO SUCCESS Working with data owners to discover sensitive data elements throughout the data flows

SOLUTION Protegrity’s Enterprise Security Administrator and Database Protectors for central control of data protection, monitoring and alerting

BENEFITS Compliant business performance continuity and an established model for GDPR success ahead of time

8 WAYS GLOBAL LEADERS PROTECT DATA IN TERADATA DATABASE

7

3

TELECOM COMPANY

Every day, this major Italian Mobile Virtual Network Operator (MVNO) processes thousands of input files containing sensitive customer and mobile phone traffic information generated by the billing platform and other source systems.

With the primary goal of achieving compliance with Italian Data Protection Authority (DPA) regulations, this meant protecting data in the Teradata enterprise data warehouse (EDW) and UNIX file servers that process load and unload input files from inside and outside this Italian corporate network. The MVNO selected Protegrity as the only data security vendor able to offer the highly scalable and transparent solution necessary to keep up with the high-transaction Teradata system without changes to functional processes. To ensure comprehensive protection, this MVNO protected data as early in the data flow as possible. They first implemented Protegrity File Protectors

8

on the UNIX servers to enable encryption of all source data files. Then before loading into the Teradata EDW, an ETL tool augmented with Protegrity software enabled transparent read access and encryption of individual columns of data. Finally, Protegrity’s Database Protector for Teradata Database was applied for column-level encryption and decryption, to make certain that all sensitive information remained secure within the Teradata environment, regardless of which analytical tools are used. Protegrity’s Enterprise Security Administrator for central administration and management of security policies allowed the MVNO’s security team to

8 WAYS GLOBAL LEADERS PROTECT DATA IN TERADATA DATABASE

IMPACT < 20%

DRIVER

We needed a security solution that was scalable and transparent to authorized users, so naturally we chose Protegrity. comply with the DPA’s “Separation of Duties” requirement to restrict access and sensitive data decryption to authorized users and processes only, as well as define alerts and monitor the entire data security system.

Protect sensitive data to the satisfaction of Italian DPA requirements

CHALLENGE Deliver a security solution to keep up with the high-transaction Teradata system with minimal impact to performance and no changes to functional processes

STEPS TO SUCCESS Fully understanding the flow of data input and output, and where it is stored

SOLUTION Protegrity’s File Protector, Database Protector for Teradata and ESA to protect data and control and monitor access to it

BENEFITS Regulatory compliance with minimal disruption to functional processes and performance

8 WAYS GLOBAL LEADERS PROTECT DATA IN TERADATA DATABASE

9

4

RETAIL BANK

A multinational, universal bank with a substantial retail banking arm has been using Teradata Database for over two decades for an extensive range of analytics touching all aspects of its operations and customer interactions. The Teradata environment has always been pivotal to their analytical capability, as part of a wider ecosystem that incorporates a range of applications and technologies.

Exploration of Hadoop® using the Cloudera® distribution led this retail bank to reconsider analytical processing and data handling efficiency, which resulted in a new strategy: to use the Hadoop® big data platform as a central landing area for all analytical sources. The bank understood it was optimal to tokenize all sensitive data elements as they land into Cloudera®, to keep information protected without impacting its value across the analytical ecosystem. They recognized the natural alignment of Protegrity with their goal to tokenize sensitive data as early as possible, to keep it protected throughout its analytical journey. Protegrity solutions

10

enforce a consistent policy to allow access to data in the clear only by authorized users and only when necessary. This approach has provided a solid basis for the bank’s GDPR program.

Our GDPR strategy is built on the ‘by design’ nature of Protegrity’s data security solutions.

8 WAYS GLOBAL LEADERS PROTECT DATA IN TERADATA DATABASE

IMPACT SLA for 1 hour end-to-end processing met

DEPLOYMENT Initial focus on PAN only

VOLUME Upward of 120m records per day

DRIVER Re-engineering a complex analytical environment to improve analytical processes, make effective use of Hadoop® and stay GDPR compliant

CHALLENGE Securely evolving a long established analytic history that touches all aspects of retail banking operational change

STEPS TO SUCCESS Prioritizing the sensitivity of data and recognizing the value of protecting it as early as possible; tokenizing it at the point it lands in Cloudera®

SOLUTION Protegrity File Gateway Protectors tokenize data as it is captured and Protegrity’s Enterprise Security Administrator limits access to unprotected data to defined, authorized users within Cloudera® and Teradata and via front-end analytic tools

BENEFITS Tokenization and a data centric approach to securing sensitive information provides a blueprint for ensuring that all sensitive data is protected while analytic value is preserved

8 WAYS GLOBAL LEADERS PROTECT DATA IN TERADATA DATABASE

11

5

HEALTHCARE

Fear of data breaches, HIPAA compliance and patient expectations drove this healthcare organization to take extra measures to secure Protected Health Information (PHI) stored and analyzed within Teradata Database and improve their security posture to enable new opportunities for data. They sought to secure PHI from theft, insider and outsider abuse, unintentional loss, and enforce accountability for individuals.

This organization was very resistant to security approaches that made it difficult to have the complete view of the member data critical to patient-centric programs. They chose to implement Protegrity’s data-centric security and vaultless tokenization which uniquely ensures usability by individualizing patients without exposing their identity, and reduces risk potential and liability should a breach occur. Using HIPAA 18 as a guide, the organization launched their implementation of tokenization by focusing on one high risk data element, the success of which became the model for securing all other data elements at the

12

field level, on not just Teradata Database but also Oracle and SQL Server. The organization leveraged Protegrity’s centralized controls to enforce policies enterprise wide that define the sensitive data to be protected, and which roles and users have authorization to access data in the clear, portions of data, or only tokenized values. In this way this healthcare organization has been able to deliver “separation of duties’’ and “least privilege” rules for compliance with data protection regulations and to reduce risk throughout the enterprise, without impeding their ability to use data for a single view of patients and improved outcomes.

8 WAYS GLOBAL LEADERS PROTECT DATA IN TERADATA DATABASE

DRIVER

Usability of data is a mantra in the data warehouse world… that’s why we chose Protegrity.

To mitigate breach impact, compliantly improve patient outcomes and reduce costs utilizing predictive analytics

CHALLENGE De-identification of PHI without hindering care by permitting appropriate access to data as necessary

STEPS TO SUCCESS Prioritizing a single sensitive data element and protecting it with tokenization to maintain referential integrity

SOLUTION Protegrity Database Protectors to de-identify PHI across Teradata Database, Oracle, and SQL Server, applications, files and front-end analytic tools, centrally managed by the Protegrity Enterprise Security Administrator

BENEFITS Enforcement of “separation of duties” and “least privilege rules” ensures compliance and reduces risk while tokenization enables secure analytics to improve patient outcomes and reduce costs, without violating privacy 8 WAYS GLOBAL LEADERS PROTECT DATA IN TERADATA DATABASE

13

6

MULTINATIONAL RETAILER

Internal privacy policies dictated that this multi-billion dollar retailer protect the identities of their many customers and employees, an ambitious goal for a global brand committed to analytics for “digital lift” and subject to regulations including the U.S. Food & Drug Administration (FDA) reporting requirements.

Protegrity data security solutions inimitably allowed the retailer to realize their ambitions in a complicated, heterogeneous IT landscape. Starting with Social Security Numbers (SSN), this retailer deployed Protegrity Database Protectors to protect employee data in the integrated data warehouse from Teradata. This became the blueprint for expanding Protegrity’s footprint to include SQL Server and big data Protectors for Pivotal HD, to protect sensitive information and business processes throughout the enterprise.

type and length, has enabled this retail brand to democratize access to data without the need for changes to existing tables, applications and operational processes including analytics. Using Protegrity’s Enterprise Security Administrator enables this retailer’s security team to centrally monitor and restrict access to sensitive data, define alerts for the entire data security system and automate auditing and reporting for compliance with the FDA.

Leveraging Protegrity Vaultless Tokenization, which replaces sensitive data with secure tokens of the same data

14

8 WAYS GLOBAL LEADERS PROTECT DATA IN TERADATA DATABASE

IMPACT Almost no negative effect on business processes

DRIVER

Internal customers need access to data in real time. They need to be able to do experiments, and to do those on entire data sets. If we can clean and tokenize data, we can allow people to access it.

Maintaining privacy as a corporate brand value while enabling analytics for “digital lift” and complying with FDA regulations

CHALLENGE Democratizing data access while satisfying stringent corporate and legal requirements without compromising business processes

STEPS TO SUCCESS Focusing on one sensitive data element as a priority and using tokenization to protect it without diminishing its value which served as a blueprint to scale and expand security to other business systems

SOLUTION Protegrity’s Enterprise Security Administrator and Database and Big Data Protectors enable this organization to centrally control, audit and report access to sensitive information

BENEFITS Compliant data democratization without compromise to analytical value or business continuity

8 WAYS GLOBAL LEADERS PROTECT DATA IN TERADATA DATABASE

15

7

TRANSPORT & TRAVEL

Providing ticket transaction settlement services between airlines and travel agencies, this global organization needed to protect the credit card and personal information of 2.2 billion passengers for regulatory compliance in a multi-tenant environment, without compromising the ability to utilize it for air travel industry insights.

The complexities of large data volumes, from multiple source systems, meant that this “data store for the airline industry” needed a consistent, centrally managed, flexible, scalable and highly performing security solution to avoid performance impact on the Teradata platform. They chose Protegrity’s Database Protector for Teradata as it uniquely met all security, performance, administration and usability requirements.

the organization continue to compliantly provide data as a single record of truth to their industry, without risk of data loss. Starting with PCI data in Teradata Database as their model for success, this organization has successfully implemented Protegrity solutions as their business needs have evolved, to also secure sensitive personally identifiable information within Oracle and SQL Server environments.

Data-centric protection, leveraging encryption and tokenization, took Teradata Database out of scope for PCI audit, and provided increased data security, in transit, in use and at rest throughout the organization. This helps

16

8 WAYS GLOBAL LEADERS PROTECT DATA IN TERADATA DATABASE

IMPACT Less than 5% on CPU

DEPLOYMENT Less than 9 months

VOLUME 17 terabytes, 50 columns

DRIVER

The results speak for itself. It’s been great. We have a really great relationship with Protegrity.

Payment card data protection for PCI compliance and privacy as a corporate brand value

CHALLENGE Protecting over 60% of worldwide airline ticket transaction data from 2.2 billion passengers and multiple sources consolidated in a multitenant, distributed estate

STEPS TO SUCCESS Started by protecting PCI data itself, then expanded to PII throughout the enterprise

SOLUTION Protegrity’s Enterprise Security Administrator and Database Protectors enable this organization to centrally control, audit and report data access by authorized users in a multitenant scenario

BENEFITS Compliance with data protection regulations in multiple data environments without compromise to analytical value or business continuity and processes

8 WAYS GLOBAL LEADERS PROTECT DATA IN TERADATA DATABASE

17

8

RETAIL GIANT

To remain agile and competitive this massive data-driven retailer needed to shift to cloud infrastructure while still respecting its role as a health and financial data-fiduciary and remaining in compliance with industry and geographic privacy regulations.

This retailer wanted to enable data-driven innovation by creating infrastructure to securely analyze customer purchases in aggregate across their many subsidiaries. The security was paramount to this effort because the data included HIPAA regulated information from medical devices, and personal financial data subject to government and banking industry scrutiny, they recognized that a one-stop shop in the cloud of customers’ high value, private information came with considerable risk and responsibility. As the retailer sought data protection that could help them protect privacy throughout an IT ecosystem complicated by legacy technology, multiple environments, disparate use cases and conflicting regulatory requirement. They

18

quickly came to regard Protegrity as setting the enterprise standard for total protection of all data for the ability to protect sensitive data from a diversity of sources, then control access to it – in use, in motion, and at rest. Protegrity’s solution preserves privacy and renders data valueless in case of a breach without compromising critical processes or analytic ambition. This is accomplished by de-identifying personal information as early in its lifecycle as possible by transforming the data through encryption or patented Vaultless Tokenization (PVT). Despite looming budget cuts, the retailer’s Data Security team embraced Protegrity’s “all-in” Prime subscription for simplified procurement of unlimited data protection, on-premise and in the cloud.

8 WAYS GLOBAL LEADERS PROTECT DATA IN TERADATA DATABASE

VOLUME 12m+ customers

SOURCES 2,500 locations

VARIETY PII, PHI and financial data

DRIVER Using Protegrity’s Enterprise Security Administrator (ESA) and Data Security Gateway (DSG), the retailer can centrally and transparently enforce the protection and unprotection of all sensitive information, and access to it by role. In this way they can securely deliver an enterprise data hub for real-time analytics and digital services – without the need for modification to systems, or compromise to their critical processes.

Creation of a privacy enabled ‘one stop data analytics shop’ in the cloud, to ensure agile decision analytics and sales growth

CHALLENGE Huge volumes of regulated data from myriad sources, legacy IT platforms & applications to be protected without compromise to business continuity on-premise and in the cloud

STEPS TO SUCCESS Real-time protection of data early in its lifecycle using tokenization ensures privacy and regulatory compliance without compromising analytic value

SOLUTION Protegrity’s Enterprise Security Administrator and Data Security Gateway deliver central control of protection and access by role to sensitive information, in and out of the cloud

BENEFITS Maintained regulatory compliance and business processing continuity with no legacy application or infrastructure modification required

8 WAYS GLOBAL LEADERS PROTECT DATA IN TERADATA DATABASE

19

Protegrity was born of the need to deliver a new kind of data security that is equipped to meet the challenges of modern enterprises: security that protects the data itself everywhere it goes while enabling businesses the freedom to transform and innovate with their data. The right balance between sophisticated data analysis and risk management can be achieved. Neither needs to be sacrificed. Data today is more than power—it is the lifeblood of the organization and needs to flow to the right data owners in realtime. If it can’t be mined and manipulated at or near real-time while still maintaining security and privacy, it’s not delivering maximum value.

PROTEGRITY CREDENTIALS Organizations from every industry worldwide leverage our expertise and solutions to strengthen their security posture and simplify compliance with internal and regulatory data protection requirements. Our customers include: More than 50 of Teradata’s largest customers The world’s largest company and private employer 20% of all Global Fortune 500 Retail organizations The most powerful transnational corporation globally 25% of Global 500 Financial Services Institutions Europe’s largest financial institutions America’s most trusted source for high-quality healthcare and service One of the world’s largest online retailers The premier driver of air travel intelligence and commerce worldwide

20

8 WAYS GLOBAL LEADERS PROTECT DATA IN TERADATA DATABASE

CONTACT PROTEGRITY Corporate Headquarters Protegrity USA, Inc. 333 Ludlow Street, South Tower, 8th Floor, Stamford, CT 06902, USA Phone: +1.203.326.7200 Protegrity Europe Suite 2, First Floor, Braywick House West, Windsor Road Maidenhead, Berkshire SL6 1DN, United Kingdom Phone: +44 1494 857762 Protegrity Asia Pacific Level 6 Republic Plaza 1, 9 Raffles Place, Singapore 048619 Phone: +65 9130 9618 Phone: +61 283 808 829 (AUS)

www.protegrity.com info@protegrity.com Copyright© 2019 Protegrity Corporation. All rights reserved. Protegrity® is a registered trademark of Protegrity Corporation. All other trademarks are the property of their respective owners. Teradata and the Teradata logo are registered trademarks of Teradata Corporation and/or its affiliates in the U.S. and worldwide.

8 WAYS GLOBAL LEADERS PROTECT DATA IN TERADATA DATABASE

21