Security Quick Tour
Embed Size (px)
Transcript of Security Quick Tour
- 1. ActiveBase Ltd. All Rights reserved ActiveBase Security Quick Tour Learn how ActiveBase Security helps you implement preventive security policies to protect application users from accessing confidential information, with no modifications to application code or changes to the database. Learn how to mask, scramble, hide, block and auditto protect data from outsourced DBA teams,developers or external QA. Get quick compliance to PCI, HIPAAand other regulations.
2. ActiveBase Ltd. All Rights reserved
- $200 - Cost to company per compromised record
- $6 Million - Average cost per data breach incident
- 34% of customers lost - Customers ceasing business with a company after a single privacy breach
- 45% of customers lost - Customers ceasing business when personal information is breached twice*
- Source: Ponemon Institute, Privacy Rights Clearinghouse
Costs incurred by data breaches are soaring 3. ActiveBase Ltd. All Rights reserved
- USA: Gramm-Leach-Bliley Act (GLB), HIPAA, CaliforniaSecurity Breach Notice Statute and in others states
- PCI Data Security Standard (section 3.3 masking and 3.4encryption)
- European Union: Personal Data Protection Directive
- Fines and penalties focus on criminal misconduct
- The Challenge: how to protect hundreds of applications and databases from business users, production support teams, DBAs, developers, offshore and outsourced teams while allowing them to do their job?
How to protectPersonal Identifiable Information(PII)and keep up with increasing regulatory demands? 4. CISO Ultimate Security Weapon for protecting privacy and sensitive information Authorized User Dynamic Data Masking applies rules based on user context Database ContainingSensitive Data Unauthorized User A Unauthorized User B
- Gartner defined a new category - Dynamic Data Masking,awarding ActiveBase the prestigious Cool Vendor award
- Dynamic Data Masking protects personal information from end-users who do not require to access it to perform their jobs.
- ActiveBase ensures that each user will see the data according to his or her identification, role and responsibility.
Value in Database 3890-6784-2945-0093 3245-9999-2456-7658 Original Values 3890-6784-2945-0093 3245-9999-2456-7658 Scrambled Values 1234-6789-1000-4422 2233-6789-3456-5555 Masked Values xxxx-xxxx-xxxx-0093 xxxx-xxxx-xxxx-7658 5. ActiveBase engulfs the true meaning of Enterprise Security Intelligence ActiveBase is a Pioneer in Dynamic Data MaskingSource: Gartner 6. Control access, audit, alert, mask/scramble or block when personal information is accessed by: 1.Business Users:Part time employees, offshore workforce and business partners - restricting their access to business applications, training and reporting environments 2.External Users:SQL Injection, CPU vulnerability 3.IT Users:Production support, outsourced teams, developers and DBAs. ActiveBase Privacy Protection solution 7. ActiveBase Privacy Protection solution Control access, audit, alert, mask/scramble or block when personal information is accessed in: 1.Production environments :CRM, ERP, HR Apps, Billing, Datawarehouses, Training, Clones and replications 2.Non-production: development, QA, UAT 3.Public & Hybrid Cloud 8. ActiveBase solution overview
- A protective security layer around applications, packagedreports and tools
- Fully integrated with ActiveDirectory, applicationresponsibilities, database rolls and IAM
- Applies Row, Column and cell level security
- Installed and configured within less than a day
- Detailed audit trail and real-time alerts
- Secures production database configurations
- Supports all applications, reportingand development tools running on all Oracle and SQL Server databases (all versions)
9. How does Dynamic Data Masking work? Business User application screen Database Role-based anonymization and real-time prevention whilemaintaining operational efficiency across environments Select name from table1 (2)Selectsubstring(name,1,2)||***from table1 Dynamic Data Masking Layer applies real-timeSQL Rewrite rules Application screens and tools used byProduction support,DBAs, Outsourced orunauthorized workforce (1) Select name from table1 Values presented: BL**** JO**** KI**** Private Information stored in the database BLAKE JONES KING Values presented: BLAKE JONES KING 10. Define once, apply on many- restrict access per "table column or cell across applications and tools ActiveBase Ltd. All Rights reserved ActiveBase Ltd. All Rights reserved ActiveBase rules enable anonymizing personal information within business application screens,shorteningimplementation time to DAYS! 11. ActiveBase Ltd. All Rights reserved ActiveBase Ltd. All Rights reserved ActiveBase Security anonymizes Names, account numbers and other personal information dynamically when accessed byunauthorized users, outsourced andIT personnelwith no changes todatabases or application source-code 12. ActiveBase Ltd. All Rights reserved ActiveBase Ltd. All Rights reserved Masking PII in every language Customer name is masked from the production supportteam 13. ActiveBase Ltd. All Rights reserved Masking PII accessed by development and DBA tools in production and training environments Names, credit card numbersand salary data are masked using ActiveBase Security 14. Production control gained using ActiveBase unique Informed Block functionality
- Common usages:
- Block or notify users before truncating tables in Prod or DMLDDL execution
- Block requests before they penalize production performance (e.g., full scansor high parallel), also enabling to redirect automatically to a replication
Clear message presented in all tools and applications (multi-language support) 15.
- When an unauthorized users access to various environments needs to be audited and secured (consultants, contractors) DAM and Access Control
- When Different group of users need to see confidential information in different forms (based on their access level and ActiveDirectory grouping)
- When Production Data needs to be accessed from offshore or when ProductionSupport needs to be done internally or offshore
- When un-authorized updates (inserts/ updates/ deletes) or ad-hoc queries from end users need to be prevented
- When Audit Trail for all the transactions performed on the database(Who, When, What, From where or which application) is needed
- When required to anonymize personal information in non-production environments.
ActivBase Ltd. All Rights reserved ActiveBase Personal Information Protection examples, implemented WITHIN DAYS! 16. Two optional ActiveBase deployment strategies DATABASE ActiveBase Process Option 2:Dedicated ActiveBase Servers act as hubs for multiple apps Option 1:Install onDatabase Server DATABASE Adds an additional security level by acting as aDatabase firewall on the DMZ, enabling network segmentation between users and the databases DATABASE DATABASE DATABASE ActiveBase Business applications, reporting, development and DBA tools DATABASE DATABASE DATABASE ActiveBase ManagementConsole Central ActiveBase Audit and Reporting database 17. Comparing ActiveBase Security Masking with physical Masking tools
- More Secure In other masking solutions, sensitive informationleaves production into staging unmasked (takes time until masking is performed while the data is unprotected).ONLY ActiveBase automatically protects ALL environmentswith a click of a mouse.
- Secure everywhere Immediately applied on ALL environments, with automatic rule propagation across instances development, staging, replications, clones and backups
- Faster masking Physical masking takes weeks to complete and then needs to be rolled out to all environments which also takes weeksto complete. ActiveBase anonymization is completedwithin days!
- Simpler - No need to change your existing Export and ETL processes
18. Comparing ActiveBase Securitywith Encryption solutions
- In production environments:
- Encryption causes all business users to suffer from performance penalties and complexity -> just to secure several DBAs!?!
- Encryption DOES NOT solve cases when production support team members access the application in production to solve problems!!!
- ActiveBase protects data from DBAs with no interferance to the application or business users
- In non-production environments:
- Not applicable, as application screens need to be anonymized, and encryption DOES NOT anonymize PII in application screens
- ActiveBase delivers a new level of personal information protection across production and non-production environments
- Transparency - no need for changes to production databases orapplications
- Integrated with ActiveDirectory, responsibilities and rolls with rule propagation between different applications and across environments
- Simple GUI and predefined rule sets enable security teams to be trained within a single day (No DBA skills required)
- Quick installation, unique implementation methodology and Knowledge Packs for common business applications
- Enables the securing of complex business application within days