5
TechnologY trends DRIVING Business InNOVATION Using Data-Centric Security
TechnologY trends DRIVING Business InNOVATION Using Data-Centric Security
How this EBOOK can help your COMPANY
2
TechnologY trends DRIVING Business InNOVATION Using Data-Centric Security
As the leader in data-centric security, we’ve helped organizations worldwide maximize and secure their data with Protegrity. We’d like to share with you some of the latest trends for protecting sensitive data that we’ve honed over 15 years working in partnership with our customers to deliver excellence. Given the highly sensitive nature of the services we provide to our customers, their identities have been anonymized here to protect their security posture but further details are available upon request.
TechnologY trends DRIVING Business InNOVATION Using Data-Centric Security
3
1
Cloud Migration
The inherent scale, economics, and flexibility of the cloud is leading many organizations to consider lifting and shifting their day to day workloads from on-premise data centers to cloud-based IT environments. Cloud architectures increase business agility and provide elastic capacity. They permit the benefits of high performance systems without the sunk cost of capital intensive hardware.
Unfortunately, this trend is muted by security concerns for sensitive, proprietary data held in public cloud environments. Some organizations are hesitant to embrace the cloud when they are reliant on an external cloud vendor, instead of themselves, for security. There is a lack of direct control over security since they are at the mercy of the provider’s implementation. To address this concern, leading organizations are now securing their sensitive data and applications prior to migrating to the cloud. This allows them to apply as much security they require while also enabling data security governance. Many cloud services
4
provide some form of security, but the only guarantee that the data is unreadable by the service as well as internal and external threats is to secure the data itself prior to pushing it to the cloud. Protegrity allows organizations to accelerate their move to public cloud by giving them strong data protection methods and direct control of security of their data in the cloud. Data-centric security provides a transparent means to protecting any data in the cloud without impacting the business. With Protegrity, if a cloud vendor is breached the data remains secure. It gives organizations all the advantages of public cloud without the risk.
TechnologY trends DRIVING Business InNOVATION Using Data-Centric Security
DRIVER
SOLUTION
A leading television network with over 130 million subscribers needed to store sensitive customer data files in a secure manner within Amazon S3 to reduce costs and improve time to market. Using S3 would allow them to provide cost effective analytics capabilities.
CHALLENGE The customer data contained sensitive personally identifiable (PII) data which needed to be protected. This sensitive data could not be put in the Amazon S3 service in a readable form.
STEPS TO SUCCESS Identified specific PII fields to be protected and then automatically applied fine-grained protection as files were pushed into S3.
Protegrity’s Data Security Gateway for Amazon S3 transparently detects files placed into Amazon S3 and automatically replaces any sensitive data within the files with useless tokenized values according to policies. The Protegrity Enterprise Security Administrator allows the organization to define a single set of policies defining the data to be protected and ensure access to unprotected data is only given to authorized users.
BENEFITS Protegrity allowed the television network to utilize the Amazon S3 cloud service and enable customer projects by protecting sensitive data within customer data and invoices.
[We] avoided the need to buy expensive hardware and were able to decrease time to market threefold. TechnologY trends DRIVING Business InNOVATION Using Data-Centric Security
5
2
Enterprise Security Services
Enterprise services are allowing organizations to rapidly create new applications and address business requirements quicker than ever. By leveraging existing code, rather than writing custom code, new functionality can be achieved with minimal effort.
6
TechnologY trends DRIVING Business InNOVATION Using Data-Centric Security
As enterprises engage in quicker development, there is increased concern that the quantity and pace of new applications and services being launched provides greater surface area for attacks and breaches. This is further complicated by the wide number of applications utilizing diverse platforms and devices, both on premises and in the cloud. Enterprise security services provide a means to apply standardized, approved, and updated security policies to internal projects and even external clients. By employing security as a service, security becomes a standard component in all projects big or small – greatly reducing risk overall.
DRIVER
Protegrity allows organizations to utilize data protection as a service to protect sensitive data internally and externally. Any application that utilizes the security service is centrally managed and administered to ensure the data is protected. The security policies are administered only by authorized security administrators ensuring even developers or administrators cannot see sensitive data. At the same time, only authorized users will see the data in the clear across applications using the service.
STEPS TO SUCCESS
A large $65 billion multinational bank needed to improve their data security by standardizing their security architecture with a simple selfservice type offering to apply protection (tokenization, encryption, format preserving encryption and redaction) to data elements. This service needed to be consumable by developers while complementary with governance initiatives.
CHALLENGE This security service was to be a simple singular shared solution built for the entire organization with all its inherent complexity. It needed to be highly scalable, geographically distributed, and logically separated (based on country policy, laws, and, regulations). It needed to protect, manage, and audit all data elements classified as sensitive while providing a centrally managed (single pane of glass) architecture for easy administration.
Protegrity worked with this bank to create a solution that allowed the bank to create a self-service security service that worked within a governance framework for defining rules, integration of a services catalog, and accommodation of a portal to register applications using security services.
SOLUTION Protegrity’s Enterprise Security Administrator and Protectors provide central control of data protection, monitoring and alerting for the organization while providing high performance and flexible security for the entire organization.
BENEFITS This security as a service internal architecture provides secure, consistent, and easily managed security across a diverse population of projects and developers across the organization. Any project can utilize security effectively without the need to be an expert in data security.
TechnologY trends DRIVING Business InNOVATION Using Data-Centric Security
7
3
Microservices and Containerization
Microservices and containers are providing a lightweight means of abstracting virtual environments. They permit development and production applications to be more easily maintained by ensuring consistent runtime environments as part of the software development lifecycle. They are quickly becoming a preferred way to deploy code in a self-contained environment.
While containers can be prolific in an environment, it is necessary that all containers employ security correctly and interact with one another in a secure manner. Containers and microservices are still vulnerable to security threats and can be exploited to breach sensitive data. Security is an ideal service for microservices and containers since it can be deployed and scaled across environments. Data security can become an element of an application or be part of a larger integrated environment. When security is deployed in a container it becomes a flexible service that can be moved from environment to environment without concern for the underlying OS or hardware.
8
Protegrity fully supports containerization and microservices to lower the cost of deployment while seamlessly integrating with existing environments. By providing data-centric security in containers, Protegrity provides security in a standardized deployment methodology that is fully supported by a robust ecosystem and ensures ease of maintenance.
DRIVER A leading human resources management software and services company with $11B in revenue created a brand new competitive product offering that required data security to be implemented for the many types of employee data being stored.
TechnologY trends DRIVING Business InNOVATION Using Data-Centric Security
CHALLENGE This new product offering was created with an entirely new backend driven by microservices and containers. In order to scale across all the components, the data security needed to be compatible with this environment so that it could be invoked as needed and wrapped around any services requiring data security.
STEPS TO SUCCESS Protegrity worked closely with the company to leverage its data security in containers that could easily be consumed and integrated with their new architecture. As part of its scalable architecture, Protegrity components in containers could be invoked via four different methods allowing the company a variety of options to leverage the security in a non-intrusive and scalable way.
SOLUTION The Protegrity data security services were deployed within Docker containers that could be consumed in various ways including programatically or via lightweight REST API’s. This allowed for quick integration with the company’s custom environment providing flexibility with load balancing and interoperability.
BENEFITS The company was able to utilize Protegrity while simultaneously leveraging their microservices and containerization architecture to offer the best solution for their product and development workflows. The use of Protegrity allowed them to secure all sensitive data elements for employee data without the need to re-architect individual applications.
TechnologY trends DRIVING Business InNOVATION Using Data-Centric Security
9
4
BIG data
Big Data is changing the way data is used due to its low cost, high scalability, and fast performance. It has the potential to discover new facts and insights when connected to tools like predictive analytics. The use of big data is transforming industries and enabling new opportunities.
We couldn’t have accomplished our Hadoop project without the data security provided by Protegrity. It has become a huge success, and we have satisfied all the security, regulatory, and contractual requirements we have here.
10
TechnologY trends DRIVING Business InNOVATION Using Data-Centric Security
At the same time, big data introduces business risk because of the intrinsic value of all the data that is collected and stored. Analysts in 2016 found data security for big data was the top challenge in 36 percent of organizations. The analysts predict that 80 percent of large organizations will suffer major security issues involving big data leading to non-compliance, security breaches, and financial liabilities. Securing big data is a difficult task as it involves a large ecosystem of interoperable components and various methods of ingestion, manipulation, and consumption of data. In order to secure
DRIVER
the data, it is necessary that any security that is applied persists across this environment and integrates with new big data technologies as they emerge. Protegrity secures big data by ensuring sensitive data is always secured before landing in the data store. At the same time, Protegrity interoperates across the big data ecosystem so that all current and future tools can be used without modification against the secured data. At consumption time, Protegrity can reveal the data in the clear only to those who need it regardless of method of consumption.
SOLUTION
A leading credit agency wanted to create a big data sandbox solution that would allow their analysts to gain insight from client data. However, due to the nature of their business, much of the data contained sensitive Personally Identifiable Information (PII) that needed to be protected before the analysts could look at the data.
CHALLENGE The agency needed to dramatically reduce time to market on analytical projects while protecting privacy and remaining compliant with stringent mandates and policies. There were numerous state, federal, contractual, and internal corporate security policies that needed to be met.
STEPS TO SUCCESS Data that needed to be protected was identified so that centralized policies could be leveraged to ensure the data would be secured. It was essential that any protection applied would ensure privacy while still allowing for unhindered analytics.
The sensitive data was tokenized during ingestion using the Protegrity Big Data and Application Protectors, with Protegrity Vaultless Tokenization technology. Tokenizing the data removed the sensitivity, but preserved the data types and structure, which allowed the agency’s analytics teams to create tables and views unhindered, based on the needs of the users. The small subset of authorized users which needed clear PII could still access it on-demand through detokenized views using Protegrity APIs.
BENEFITS Compliant implementation of the Hadoop analytical sandbox has demonstrated substantially reduced time to market on analytical projects. A recent internal success story demonstrated a project that used to take a month that was accomplished in only two days.
TechnologY trends DRIVING Business InNOVATION Using Data-Centric Security
11
5
Regulation
In regulated industries, the access to data needs to be governed and access controlled. With regulations like GDPR privacy needs to be protected and with PCI, the credit card number needs to be protected. Increasingly, not complying can involve material fines. In October 2016, 97% of enterprises reported a lack a GDPR strategy. Regulatory fines are compounded by loss of trust by clients and reputation loss.
Regulation in most forms, including privacy, require that sensitive data be protected from external and internal users. The value of doing this appropriately is that you can avoid fines and brand value reduction. Data protection controls access to data and ensure only appropriate internal and external parties can see sensitive data.
The results speak for themselves. It’s been great. We have a really great relationship with Protegrity.
Protegrity protects the data itself. It avoids the issue of access control where privileged credentials can be compromised. It also ensures that data is protected as it flows through an organization. This way data is protected from internal and external misuse.
12
TechnologY trends DRIVING Business InNOVATION Using Data-Centric Security
DRIVER The world’s leading airline ticket transaction settlement service required payment card data protection for PCI compliance and sensitive data within the organization.
CHALLENGE The organization protects over 60% of worldwide airline ticket transaction data from 2.2 billion passengers and multiple sources consolidated in a heterogeneous environment. Business and performance requirements dictated that the solution needed to have an impact of <5% on CPU and <10% on disk to be satisfactory.
STEPS TO SUCCESS They started by protecting PCI data itself to achieve compliance and then expanded to
PII throughout the enterprise. The organization started by protecting Teradata followed by Oracle and then SQL Server.
SOLUTION Protegrityâ&#x20AC;&#x2122;s Enterprise Security Administrator and Database Protectors enable this organization to centrally control, audit and report data access by authorized users while meeting all performance requirements. In total, the organization was able to protect 17 terabytes worth-of-data spanning 50 columns across systems without impacting day to day operations.
BENEFITS The organization passes security audits of sensitive credit card data every year with Protegrity security technologies. By securing this sensitive data, they are able to continue providing data as a single record of truth to the industry without risk of breach or loss of sensitive data.
TechnologY trends DRIVING Business InNOVATION Using Data-Centric Security
13
Protegrity was born of the need to deliver a new kind of data security that is equipped to meet the challenges of modern enterprises: security that protects the data itself everywhere it goes while enabling businesses the freedom to transform and innovate with their data. The right balance between sophisticated data analysis and risk management can be achieved. Neither needs to be sacrificed. Data today is more than power—it is the lifeblood of the organization and needs to flow to the right data owners in realtime. If it can’t be mined and manipulated at or near real-time while still maintaining security and privacy, it’s not delivering maximum value.
14
TechnologY trends DRIVING Business InNOVATION Using Data-Centric Security
Protegrity Credentials Organizations from every industry worldwide leverage our expertise and solutions to strengthen their security posture and simplify compliance with internal and regulatory data protection requirements. Our customers include: The world’s largest company and private employer 20% of all Global Fortune 500 Retail organizations The most powerful transnational corporation globally 25% of Global 500 Financial Services Institutions Europe’s largest financial institutions America’s most trusted source for high-quality healthcare and service One of the world’s largest online retailers The premier driver of air travel intelligence and commerce worldwide Over 200 brands worldwide including public and private sector
CONTACT Protegrity Corporate Headquarters: Protegrity USA, Inc. 5 High Ridge Park, 2nd Floor Stamford, CT 06905 Phone: +1.203.326.7200 Protegrity (Europe) Suite 2, First Floor | Braywick House West | Windsor Road Maidenhead, Berkshire SL6 1DN | United Kingdom Phone: +44 1494 857762
www.protegrity.com
Copyright© 2017 Protegrity Corporation. All rights reserved. Protegrity® is a registered trademark of Protegrity Corporation. All other trademarks are the property of their respective owners. Teradata and the Teradata logo are registered trademarks of Teradata Corporation and/or its affiliates in the U.S. and worldwide.
TechnologY trends DRIVING Business InNOVATION Using Data-Centric Security
15