Crucial data privacy and protection insights for 2019 Richard - - PowerPoint PPT Presentation

▶

Sep 08, 2023 126 likes •645 views

Crucial data privacy and protection insights for 2019 Richard Macaskill and Kendra Little 20 years Oracle and SQL Server experience Product Manager at Redgate Data Governance Richard Macaskill bolshevik! Richard.Macaskill@Red-Gate.com

SLIDE 1

SLIDE 2

Crucial data privacy and protection insights for 2019

Richard Macaskill and Kendra Little

SLIDE 3

Richard Macaskill

Richard.Macaskill@Red-Gate.com

20 years Oracle and SQL Server experience Product Manager at Redgate Data Governance bolshevik!

SLIDE 4

@Kendra_Little

Kendra.Little@Red- Gate.com

Founder of SQL Workbooks Evangelist at Redgate Microsoft MVP & Microsoft Certified Master

SLIDE 5

Agenda

SLIDE 6

Compliance is shifting left

SLIDE 7

What do we mean by ‘Shift Left’?

SLIDE 8

Employers are responsible for employees’ actions

SLIDE 9

Organizations as a whole are responsible

“If a business can’t show that good data protection is a cornerstone of their practices, they’re leaving themselves open to a fine or other enforcement action that could damage bank balance or business reputation.”

Elizabeth Denham, UK Information Commissioner

SLIDE 10

Microsoft Confidential

https ps://a ://asset ssets.r s.red-gat gate.com e.com/pr /produc

ducts

ts/db dba/sq a/sql-clone/s clone/sql ql-ser erver-da datab tabase se-provi visioning sioning-repor eport. t.pdf pdf

SLIDE 11

SLIDE 12

SLIDE 13

SLIDE 14

SLIDE 15

SLIDE 16

A few words on Static Data Masking

1. Realistic Values – how useful are they? 2. Correlating & syncing values across columns 3. Retaining table integrity post-masking 4. Cross-database & cross-server masking 5. Performance when masking large sets of data ➢ Applications actually work for debug/test ➢ Data rarely exists in isolation ➢ Are there keys that should be masked? ➢ ‘Systems’ use multiple data sources ➢ We can’t block our day’s work

SLIDE 17

SLIDE 18

SLIDE 19

SLIDE 20

SLIDE 21

SLIDE 22

SLIDE 23

SLIDE 24

Perimeter protection is no longer sufficient

SLIDE 25

2018 Data Breach Investigations Report · Verizon · https://enterprise.verizon.com/resources/reports/dbir/

53,000 incidents
2,216 confirmed data breaches
43,000 successful accesses involving botnets

SLIDE 26

2018 Data Breach Investigations Report · Verizon · https://enterprise.verizon.com/resources/reports/dbir/

SLIDE 27

2018 Data Breach Investigations Report · Verizon · https://enterprise.verizon.com/resources/reports/dbir/

SLIDE 28

2018 Data Breach Investigations Report · Verizon · https://enterprise.verizon.com/resources/reports/dbir/

SLIDE 29

DBAs are famous for having “zero trust” for developers

SLIDE 30

2018 Data Breach Investigations Report · Verizon · https://enterprise.verizon.com/resources/reports/dbir/

SLIDE 31

We need proactive, general “zero trust”

SLIDE 32

The Future of Data Security: A Zero Trust Approach · John Kindervag, Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc.

“There is a fatal flaw in the assumption… that there is a ‘trusted’ internal network where data is safe”

SLIDE 33

Key takeaways

Security must become data-centric A security and control framework should define, analyze, and protect the data Data breaches dangerously erode consumer trust

The Future of Data Security: A Zero Trust Approach · John Kindervag, Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc.

SLIDE 34

Limit access Classify data

Dispose of data when no longer needed Devalue or “kill” data using abstraction techniques

The Future of Data Security: A Zero Trust Approach · John Kindervag, Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc.

SLIDE 35

KEPRO: Ensuring HIPAA compliance with SQL Provision · Redgate · http://bit.ly/2RtUCoB

“SQL Provision has given us the ability to mask data and push it out to multiple locations almost instantly. That saves hours compared to the way we used to refresh.”

SLIDE 36

You risk overspending when you implement security controls

SLIDE 37

Executives have

traditionally under-estimated risk relative to tech professionals

SLIDE 38

But that’s changing

Source: Redgate-commissioned survey, 378 respondents in mid-large enterprises, senior roles

SLIDE 39

But that’s changing

Source: https://uk.pcmag.com/feature/118088/gartners-cio-agenda-and-ceo-perspective-for-2019

SLIDE 40

Or misconstrued its nature

SLIDE 41

2018 Data Breach Investigations Report · Verizon · https://enterprise.verizon.com/resources/reports/dbir/

SLIDE 42

Alignment protects against over-spend

SLIDE 43

SLIDE 44

SLIDE 45

SLIDE 46

SLIDE 47

Discussion: chat on YouTube, Slack, or Twitter #sqlinthecity

SLIDE 48

Crucial DPP insights for 2019

1. Compliance is shifting left
2. Perimeter protection is no longer sufficient, adopt a

“Zero Trust” mindset for your data

3. Alignment of developers, ops, and IT Managers

protects against over spending when implementing security controls

SLIDE 49

Next steps

Download the Data Privacy Influencer PDF red-gate.com/sitc Contact sales@red-gate.com

SLIDE 50

References & Resources

2018 Data Breach Investigations Report · Verizon · https://enterprise.verizon.com/resources/reports/dbir/ KEPRO: Ensuring HIPAA compliance with SQL Provision · Redgate · http://bit.ly/2RtUCoB SQL Provision adds fully integrated data masking · Redgate · https://www.redgate.com/hub/product-learning/sql-provision/sql-provision-adds-fully-integrated- data-masking The Future of Data Security: A Zero Trust Approach · John Kindervag, Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc. Zero Trust: Your Knight In Cyber Armor · Forrester Research, Inc. · https://go.forrester.com/what-it-means/ep93-zero-trust-cyber-armor/