crucial data privacy and protection insights for 2019
play

Crucial data privacy and protection insights for 2019 Richard - PowerPoint PPT Presentation

Sep 08, 2023 •126 likes •638 views

Crucial data privacy and protection insights for 2019 Richard Macaskill and Kendra Little 20 years Oracle and SQL Server experience Product Manager at Redgate Data Governance Richard Macaskill bolshevik! Richard.Macaskill@Red-Gate.com

  2. Crucial data privacy and protection insights for 2019 Richard Macaskill and Kendra Little

  3. 20 years Oracle and SQL Server experience Product Manager at Redgate Data Governance Richard Macaskill bolshevik! Richard.Macaskill@Red-Gate.com

  4. Founder of SQL Workbooks Evangelist at Redgate Microsoft MVP & Microsoft Certified @Kendra_Little Master Kendra.Little@Red- Gate.com

  5. Agenda

  6. Compliance is shifting left

  7. What do we mean by ‘Shift Left’?

  8. Employers are responsible for employees’ actions

  9. Organizations as a whole are responsible “If a business can’t show that good data protection is a cornerstone of their practices, they’re leaving themselves open to a fine or other enforcement action that could damage bank balance or business reputation.” Elizabeth Denham, UK Information Commissioner

  10. https ps://a ://asset ssets.r s.red-gat gate.com e.com/pr /produc oducts ts/db dba/sq a/sql-clone/s clone/sql ql-ser erver-da datab tabase se-provi visioning sioning-repor eport. t.pdf pdf Microsoft Confidential

  16. A few words on Static Data Masking Realistic Values – how useful are they? ➢ 1. Applications actually work for debug/test ➢ 2. Correlating & syncing values across columns Data rarely exists in isolation ➢ 3. Retaining table integrity post-masking Are there keys that should be masked? ‘Systems’ use multiple data sources ➢ 4. Cross-database & cross-server masking ➢ We can’t block our day’s work 5. Performance when masking large sets of data

  24. Perimeter protection is no longer sufficient

  25. • 53,000 incidents • 2,216 confirmed data breaches • 43,000 successful accesses involving botnets 2018 Data Breach Investigations Report · Verizon · https://enterprise.verizon.com/resources/reports/dbir/

  26. 2018 Data Breach Investigations Report · Verizon · https://enterprise.verizon.com/resources/reports/dbir/

  27. 2018 Data Breach Investigations Report · Verizon · https://enterprise.verizon.com/resources/reports/dbir/

  28. 2018 Data Breach Investigations Report · Verizon · https://enterprise.verizon.com/resources/reports/dbir/

  29. DBAs are famous for having “zero trust” for developers

  30. 2018 Data Breach Investigations Report · Verizon · https://enterprise.verizon.com/resources/reports/dbir/

  31. We need proactive, general “zero trust”

  32. “There is a fatal flaw in the assumption… that there is a ‘trusted’ internal network where data is safe” The Future of Data Security: A Zero Trust Approach · John Kindervag, Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc.

  33. Key takeaways Security must become data-centric A security and control framework should define, analyze, and protect the data Data breaches dangerously erode consumer trust The Future of Data Security: A Zero Trust Approach · John Kindervag, Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc.

  34. Limit access Classify data Devalue or “kill” data using Dispose of data when no longer needed abstraction techniques The Future of Data Security: A Zero Trust Approach · John Kindervag, Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc.

  35. “SQL Provision has given us the ability to mask data and push it out to multiple locations almost instantly. That saves hours compared to the way we used to refresh.” KEPRO: Ensuring HIPAA compliance with SQL Provision · Redgate · http://bit.ly/2RtUCoB

  36. You risk overspending when you implement security controls

  37. Executives have traditionally under -estimated risk relative to tech professionals

  38. But that’s changing Source: Redgate-commissioned survey, 378 respondents in mid-large enterprises, senior roles

  39. But that’s changing Source: https://uk.pcmag.com/feature/118088/gartners-cio-agenda-and-ceo-perspective-for-2019

  40. Or misconstrued its nature

  41. 2018 Data Breach Investigations Report · Verizon · https://enterprise.verizon.com/resources/reports/dbir/

  42. Alignment protects against over-spend

  47. Discussion: chat on YouTube, Slack, or Twitter #sqlinthecity

  48. Crucial DPP insights for 2019 1. Compliance is shifting left 2. Perimeter protection is no longer sufficient, adopt a “Zero Trust” mindset for your data 3. Alignment of developers, ops, and IT Managers protects against over spending when implementing security controls

  49. Next steps Download the Data Contact Privacy Influencer PDF sales@red-gate.com red-gate.com/sitc

  50. References & Resources 2018 Data Breach Investigations Report · Verizon · https://enterprise.verizon.com/resources/reports/dbir/ KEPRO: Ensuring HIPAA compliance with SQL Provision · Redgate · http://bit.ly/2RtUCoB SQL Provision adds fully integrated data masking · Redgate · https://www.red- gate.com/hub/product-learning/sql-provision/sql-provision-adds-fully-integrated- data-masking The Future of Data Security: A Zero Trust Approach · John Kindervag, Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. Zero Trust: Your Knight In Cyber Armor · Forrester Research, Inc. · https://go.forrester.com/what-it-means/ep93-zero-trust-cyber-armor/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

28/05/15 Outline Data privacy and the evolving regulation Privacy threats from LBS to geoSN EveryWare Lab Main (location) privacy protection techniques Data Management for Mobile Protecting geo-tagged resource publication

411 views • 7 slides
Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019

Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019

CONSUMER AWARENESS WORKSHOP on Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019 Kolkata OBJECTIVE Engage with the consumer and civil society organisations (CSOs) in tier II locations to

623 views • 50 slides
Data Privacy/Cybersecurity 2019-2020 How do we ensure protection of f student and staff data?

Data Privacy/Cybersecurity 2019-2020 How do we ensure protection of f student and staff data?

Data Privacy/Cybersecurity 2019-2020 How do we ensure protection of f student and staff data? What is Cybersecurity? The protection of Internet-connected systems and data from accidental damage, intentional attacks, or unauthorized access.

463 views • 19 slides
#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy across hybrid IT Farshad Ghazi - Moderator Mat Spitz Lacy Gruen #MicroFocusCyberSummit Reiner Kappenberger Cloud-based Data Privacy and Protection:

453 views • 10 slides
Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international

Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international

Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international efforts to develop frameworks to enhance privacy while realising big datas benefits Seminar arranged by the Office for Personal Data Protection, Macao,

305 views • 8 slides
Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human

Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human

Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human Right (1/2) From the United Nations Universal Declaration of Human Rights: Article 12 No one shall be subjected to arbitrary interference with his

338 views • 7 slides
INTERNET LAW SESSION 5 DR ANGELA DALY 15 NOVEMBER 2019 WELCOME BACK TO INTERNET LAW! PRIVACY

INTERNET LAW SESSION 5 DR ANGELA DALY 15 NOVEMBER 2019 WELCOME BACK TO INTERNET LAW! PRIVACY

INTERNET LAW SESSION 5 DR ANGELA DALY 15 NOVEMBER 2019 WELCOME BACK TO INTERNET LAW! PRIVACY AND PART I DATA PROTECTION OVERVIEW Privacy Data protection Surveillance Exercises Privacy the right to be let alone Warren and

611 views • 44 slides
Web and privacy Privacy and protection of personal data specific purpose (to collect and

Web and privacy Privacy and protection of personal data specific purpose (to collect and

Web and privacy Industrial perspectives on Cryptography A. Esterle - ENISA Antwerp 29 May 2008 www.enisa.europa.eu Web and privacy Privacy and protection of personal data specific purpose (to collect and process it) subject

732 views • 7 slides
Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Privacy Legislation - History 1950 Art. 8 ECHR: Everyone has the right to respect for his private and family

413 views • 4 slides
WORKSHOP ON PRIVACY , DATA PROTECTION AND DIGITAL IDENTITY COIMBRA, PORTUGAL, 11 JULY 2019

WORKSHOP ON PRIVACY , DATA PROTECTION AND DIGITAL IDENTITY COIMBRA, PORTUGAL, 11 JULY 2019

WORKSHOP ON PRIVACY , DATA PROTECTION AND DIGITAL IDENTITY COIMBRA, PORTUGAL, 11 JULY 2019 Department of Informatics Engineering Room A5.4 Funded by Horizon 2020 Framework Programme of the European Union AGENDA (1/2) 14:15 - 14:20 -

79 views • 5 slides
Cloud Computing - the basics Rachel Dixon Privacy and Data Protection Deputy Commissioner Office

Cloud Computing - the basics Rachel Dixon Privacy and Data Protection Deputy Commissioner Office

Cloud Computing - the basics Rachel Dixon Privacy and Data Protection Deputy Commissioner Office of the Victorian Information Commission Victorian Privacy Network Meeting State Library of Victoria 9 October 2019 Freedom of Information | Privacy

398 views • 26 slides
Privacy, Data Protection Law and Privacy, Data Protection Law and Flow Data Anonymisation

Privacy, Data Protection Law and Privacy, Data Protection Law and Flow Data Anonymisation

Privacy, Data Protection Law and Privacy, Data Protection Law and Flow Data Anonymisation Anonymisation: : Flow Data requirements, issues, and challenges requirements, issues, and challenges Elisa Boschi , Elisa Boschi , Hitachi Europe

507 views • 15 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Privacy and data protection by design cross-over of multiple disciplines Marit Hansen

Privacy and data protection by design cross-over of multiple disciplines Marit Hansen

Privacy and data protection by design cross-over of multiple disciplines Marit Hansen Privacy and Information Commissioner Schleswig-Holstein, Germany marit.hansen@datenschutzzentrum.de Annual Privacy Forum 2015 Luxembourg, 7 October,

551 views • 29 slides
Getting Data Privacy Right for Digital Financial Services June 26, 2019 Why care about data

Getting Data Privacy Right for Digital Financial Services June 26, 2019 Why care about data

Getting Data Privacy Right for Digital Financial Services June 26, 2019 Why care about data protection? Maintain your customers trust Avoid legal and regulatory problems Keep your company running Customers care about this, Fines, lawyers,

184 views • 17 slides
Frederik Borgesius 21 Nov 2014, W3C Workshop Defending Privacy Empowerment Protection

Frederik Borgesius 21 Nov 2014, W3C Workshop Defending Privacy Empowerment Protection

Frederik Borgesius 21 Nov 2014, W3C Workshop Defending Privacy Empowerment Protection Defending Privacy Empowerment Protection Transparency Firms must always Informed consent secure personal data Consumer law Empowerment Protection

543 views • 10 slides
CSE 154 LECTURE 22:RELATIONAL DATABASES AND SQL Relational databases relational database : A

CSE 154 LECTURE 22:RELATIONAL DATABASES AND SQL Relational databases relational database : A

CSE 154 LECTURE 22:RELATIONAL DATABASES AND SQL Relational databases relational database : A method of structuring data as tables associated to each other by shared attributes. a table row corresponds to a unit of data called a record ; a

602 views • 26 slides
Accelerate GDPR compliance with the Microsoft Cloud Henrik Mnsted Cloud Solutions Architect

Accelerate GDPR compliance with the Microsoft Cloud Henrik Mnsted Cloud Solutions Architect

Accelerate GDPR compliance with the Microsoft Cloud Henrik Mnsted Cloud Solutions Architect Microsoft Denmark This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law. 1. Data Privacy and

900 views • 21 slides
POIR 613: Computational Social Science Pablo Barber a School of International Relations

POIR 613: Computational Social Science Pablo Barber a School of International Relations

POIR 613: Computational Social Science Pablo Barber a School of International Relations University of Southern California pablobarbera.com Course website: pablobarbera.com/POIR613/ Introduction to SQL Databases Database systems:

759 views • 6 slides
Module 15: Managing Transactions and Locks Overview Introduction to Transactions and Locks

Module 15: Managing Transactions and Locks Overview Introduction to Transactions and Locks

Module 15: Managing Transactions and Locks Overview Introduction to Transactions and Locks Managing Transactions SQL Server Locking Managing Locks Introduction to Transactions and Locks Transactions Ensure That Multiple Data

595 views • 23 slides
Webapp security: SQL injection Network Security Lecture 9 Today We have finished analyzing

Webapp security: SQL injection Network Security Lecture 9 Today We have finished analyzing

Webapp security: SQL injection Network Security Lecture 9 Today We have finished analyzing the security of network protocols We will now focus on web applications and their vulnerabilities (and attacks) SQL injection Eike Ritter

815 views • 25 slides
Data Quality Services SQL Server 2012 Ash Tewari @ashtewari ashtewari.com Data Quality

Data Quality Services SQL Server 2012 Ash Tewari @ashtewari ashtewari.com Data Quality

Data Quality Services SQL Server 2012 Ash Tewari @ashtewari ashtewari.com Data Quality Services // Ash Tewari // @ashtewari What is Data Quality? The degree to which the data is fit for its intended use. Data Quality Services // Ash Tewari

1.14k views • 24 slides
Three types of information systems: Information-Retrieval Systems (IR) Search large bodies

Three types of information systems: Information-Retrieval Systems (IR) Search large bodies

Three types of information systems: Information-Retrieval Systems (IR) Search large bodies of information which are not specifically formatted as formal data bases. Web search engine Keyword search of a text base Typically

305 views • 13 slides
SQL INJECTION by Fabrizio dAmore faculty of Ingegneria dellInformazione Universit di

SQL INJECTION by Fabrizio dAmore faculty of Ingegneria dellInformazione Universit di

SQL INJECTION by Fabrizio dAmore faculty of Ingegneria dellInformazione Universit di Roma La Sapienza WHAT IT IS , WHAT IT IS NOT December 2009 capability of giving SQL commands to a database engine exploiting a pre-existing

499 views • 20 slides

More recommend