Crucial data privacy and protection insights for 2019 Richard Macaskill and Kendra Little
20 years Oracle and SQL Server experience Product Manager at Redgate Data Governance Richard Macaskill bolshevik! Richard.Macaskill@Red-Gate.com
Founder of SQL Workbooks Evangelist at Redgate Microsoft MVP & Microsoft Certified @Kendra_Little Master Kendra.Little@Red- Gate.com
Agenda
Compliance is shifting left
What do we mean by ‘Shift Left’?
Employers are responsible for employees’ actions
Organizations as a whole are responsible “If a business can’t show that good data protection is a cornerstone of their practices, they’re leaving themselves open to a fine or other enforcement action that could damage bank balance or business reputation.” Elizabeth Denham, UK Information Commissioner
https ps://a ://asset ssets.r s.red-gat gate.com e.com/pr /produc oducts ts/db dba/sq a/sql-clone/s clone/sql ql-ser erver-da datab tabase se-provi visioning sioning-repor eport. t.pdf pdf Microsoft Confidential
A few words on Static Data Masking Realistic Values – how useful are they? ➢ 1. Applications actually work for debug/test ➢ 2. Correlating & syncing values across columns Data rarely exists in isolation ➢ 3. Retaining table integrity post-masking Are there keys that should be masked? ‘Systems’ use multiple data sources ➢ 4. Cross-database & cross-server masking ➢ We can’t block our day’s work 5. Performance when masking large sets of data
Perimeter protection is no longer sufficient
• 53,000 incidents • 2,216 confirmed data breaches • 43,000 successful accesses involving botnets 2018 Data Breach Investigations Report · Verizon · https://enterprise.verizon.com/resources/reports/dbir/
2018 Data Breach Investigations Report · Verizon · https://enterprise.verizon.com/resources/reports/dbir/
2018 Data Breach Investigations Report · Verizon · https://enterprise.verizon.com/resources/reports/dbir/
2018 Data Breach Investigations Report · Verizon · https://enterprise.verizon.com/resources/reports/dbir/
DBAs are famous for having “zero trust” for developers
2018 Data Breach Investigations Report · Verizon · https://enterprise.verizon.com/resources/reports/dbir/
We need proactive, general “zero trust”
“There is a fatal flaw in the assumption… that there is a ‘trusted’ internal network where data is safe” The Future of Data Security: A Zero Trust Approach · John Kindervag, Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc.
Key takeaways Security must become data-centric A security and control framework should define, analyze, and protect the data Data breaches dangerously erode consumer trust The Future of Data Security: A Zero Trust Approach · John Kindervag, Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc.
Limit access Classify data Devalue or “kill” data using Dispose of data when no longer needed abstraction techniques The Future of Data Security: A Zero Trust Approach · John Kindervag, Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc.
“SQL Provision has given us the ability to mask data and push it out to multiple locations almost instantly. That saves hours compared to the way we used to refresh.” KEPRO: Ensuring HIPAA compliance with SQL Provision · Redgate · http://bit.ly/2RtUCoB
You risk overspending when you implement security controls
Executives have traditionally under -estimated risk relative to tech professionals
But that’s changing Source: Redgate-commissioned survey, 378 respondents in mid-large enterprises, senior roles
But that’s changing Source: https://uk.pcmag.com/feature/118088/gartners-cio-agenda-and-ceo-perspective-for-2019
Or misconstrued its nature
2018 Data Breach Investigations Report · Verizon · https://enterprise.verizon.com/resources/reports/dbir/
Alignment protects against over-spend
Discussion: chat on YouTube, Slack, or Twitter #sqlinthecity
Crucial DPP insights for 2019 1. Compliance is shifting left 2. Perimeter protection is no longer sufficient, adopt a “Zero Trust” mindset for your data 3. Alignment of developers, ops, and IT Managers protects against over spending when implementing security controls
Next steps Download the Data Contact Privacy Influencer PDF sales@red-gate.com red-gate.com/sitc
References & Resources 2018 Data Breach Investigations Report · Verizon · https://enterprise.verizon.com/resources/reports/dbir/ KEPRO: Ensuring HIPAA compliance with SQL Provision · Redgate · http://bit.ly/2RtUCoB SQL Provision adds fully integrated data masking · Redgate · https://www.red- gate.com/hub/product-learning/sql-provision/sql-provision-adds-fully-integrated- data-masking The Future of Data Security: A Zero Trust Approach · John Kindervag, Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. Zero Trust: Your Knight In Cyber Armor · Forrester Research, Inc. · https://go.forrester.com/what-it-means/ep93-zero-trust-cyber-armor/
Recommend
More recommend