Post on 15-Apr-2017
Mitigating IT Risks in ePayments
Ruchin KumarBusiness Head – Govt. & Defense , Gemalto Security
Security
TODAY…. WELL NOT SO MUCH…
THE WORLD AROUND IS CHANGING
Lets put things in perspective
Trust. Every day.5
OUR DATA IS NOT THE SAME
3 mai 2023Trust. Every day.6
Internet of Things
Telemetry, Location-Based, etc.
Non-Enterprise
Structured inRelational Databases
Managed, Unmanaged
& Unstructured
OUR NETWORK IS NOT THE SAME
3 mai 2023Trust. Every day.7
OUR ENVIRONMENT IS NOT THE SAME
3 mai 2023Trust. Every day.8
OUR WORKFORCE IS NOT THE SAME
3 mai 2023Trust. Every day.9
IS THERE A REAL DANGER?
The Reality: Data Breaches 2016
1,023,108,267RECORDS EXPOSED
… as the result of 1,541 data breaches globally
breaches.per week.
breaches.. per day..
breachesper month128 32 5
>95% of all breaches involved data that was NOT ENCRYPTED
http://breachlevelindex.com/11 Introduction to Identity Data Protection 3 mai 2023
While we were asleep
Footer, 20xx-xx-xx12
WHY THE NUMBER IS SO HIGH?
In more places…
(Volumes or Shares)
(Data-in-Motion)
(Drives and Tapes)
Storage
Networks
Media
(Files, Databases, and Virtual Machines)
ServersOn-premises/Cloud/Virtual
Facing more threats…More data…
Credit Card Numbers
Social Security Numbers
Customer Personal Identifiable Information (PII)
Sensitive Corporate Information
Data Encryption & Transaction Keys
Transaction History
Account Numbers
Employee Records
Identity Theft
Fraud
BYOD
Social Engineering
Our Digital World is Changing…
14 Introduction to Identity Data Protection 3 mai 2023
Security Requirement
3 mai 2023Trust. Every day.15
Security Compliance
Trust. Every day.16
Encryption
Contextual security
Cloud-ready
Biometry
Convenience
Privilege management
Key Management
RBA
How can you protect yourself from tomorrow’s attack with yesterday’s
technology.
17 Introduction to Identity Data Protection 3 mai 2023
Accept the Breach
1
Protect What Matters, Where It Matters
2
Secure the Breach
3
Perimeter security alone is no longer enough.
Data is the new perimeter.
Attach security to the data and applications. Insider threat is greater than ever.
Breaches will happen – we must prepare!
A New Mindset is Needed…
18 Introduction to Identity Data Protection 3 mai 2023
Remember……Anyone can encrypt…
Trust. Every day.19
ENCRYPT THE DATA AND MANAGE THE KEYS
Key Management PlatformEnterprise Key Management, Encryption and Tokenization
Trust. Every day.21
ApplicationConnector
Tokenization Service
Database Connector File & Directory
Connector
Virtual Image & Volume(AWS / VMware)
Data Center
3rd Party Key Management(Tape / Disk / KMIP)
KeySecure® Platform
ProtectToken
ProtectV
ProtectAPPProtectDB ProtectFile
Ecosystem
Transform Utility
Batch File(Positional / Delimited)
PROTECT THE ACCESS
Trusted Credentials
23
Gartner magic Quadrant
Introduction - Widest Choice of Tokens, including Token less & 3rd Party
Authenticators for every user type – and an increasing focus on commoditization
Authenticators that: Don’t expire Seed keys can be owned by the subscriber Can be easily re-assigned to new users Easy deployment saves cost and time A token can be included in the service charge
H/W SMSBlackBerry iOS Android Microsoft Java
Multi Platform
USB GridMicrosoftOSx
Examples in Smart Cities
25
Scary Stuff: Threats to Medical Devices
“….drug infusion pumps–for delivering morphine drips, chemotherapy and antibiotics–that can be remotely manipulated to change the dosage doled out to patients; Bluetooth-enabled defibrillators that can be manipulated to deliver random shocks to a patient’s heart or prevent a medically needed shock from occurring; X-rays that can be accessed by outsiders lurking on a hospital’s network; temperature settings on refrigerators storing blood and drugs that can be reset, causing spoilage…”
Scary Stuff: Remotely Opening Prison Cells
“Researchers have demonstrated a vulnerability in the computer systems used to control facilities at federal prisons that could allow an outsider to remotely take them over, doing everything from opening and overloading cell door mechanisms to shutting down internal communications systems.”
Scary Stuff: Manipulation of Connected Cars“Many sensors currently transmit data in clear text, with little or no cryptographic verification of source. Stopping cars dead can create traffic jams on command, cause dangerous accidents, lose critical transport conduits, or be part of a more coordinated attack.
Criminals can snoop on moving cars simply by driving nearby, attaching to the car’s Bluetooth network and injecting malware commands, such as “activate built-in microphone.” When manufacturers connect more vital devices to the car’s network, even more will be exposed.”
Scary Stuff: The Dangers of the Smart Grid Another day, another cybersecurity flaw revealed in the IT systems that run the world’s critical infrastructure -- and this time, the Department of Homeland Security is getting involved.
The latest bad smart grid security news is for RuggedCom, the hardened grid and industrial router company bought by Siemens for $381 million last year. DHS said in a Tuesday alert (PDF) that it is investigating a flaw that could be used to decrypt RuggedCom’s data traffic between an end user and the router.
Secure capture and flow of credentials inUnified Payment Interface (UPI)
3 mai 2023Trust. Every day.30
Settlement Flow in BBPS
31
QUESTIONS???