general data protection regulation. · against security policies before they are approved the harsh...
Post on 16-Oct-2020
3 Views
Preview:
TRANSCRIPT
General Data Protection Regulation.
A CA Technologies Point of view
Dimitrios TiligadasApril 2017
2 © 2014 CA. ALL RIGHTS RESERVED.
What has Changed
3 © 2014 CA. ALL RIGHTS RESERVED.
Most important changesExpanded Scope
Applies to all data controllers and processors established in the EU and organizations that target EU citizens
Accountability
Implement policies and proceduresImplement measures to ensure compliance Maintain records of processing activities
Data ProtectionOfficers
DPOs must be appointed if an organization processes large amounts of sensitive personal data
Breach Notification
Controllers must notify the supervisory authority no later than 72 hours after having become aware of the breach.
Privacy by Design
Implement data protection principles in an effective manner and integrate necessary safeguards of processing.
New Rights
Right to be forgottenAccess their data Data Portability Object to the use of their Data
4 © 2014 CA. ALL RIGHTS RESERVED.
Most important changes
Anonymization and pseudonymization
As part of the principles of “data protection by design and by default” when processing personal data
Certifications, codes of conduct
Organizations will be able to adhere to certification mechanisms for the purpose of demonstrating compliance
Fines
up to 4% of the annual worldwide turn over or 20.000.000 Euros
5 © 2014 CA. ALL RIGHTS RESERVED.
Many Perspectives in addressing GDPR
Business Legal
Processes Technology
6 © 2014 CA. ALL RIGHTS RESERVED.
7 © 2014 CA. ALL RIGHTS RESERVED.
8 © 2014 CA. ALL RIGHTS RESERVED.
ONLY 67% OF ACCESS PRIVILEGES ARE CHECKED AGAINST SECURITY POLICIES BEFORE THEY ARE APPROVED
The harsh reality…
IDENTITY DATAAPP API
YET ONLY 27% ARE REALIGNING SECURITY POLICIES AROUND PRIVILEGES SINCE THE LAST INCIDENT
52% OF ORGANIZATIONS HAVE ACKNOWLEDGED THE NEED TO READDRESS EXCESSIVE USER PRIVILEGES
55% OF INCIDENTS WERE ABOUT ABUSE OF PRIVILEGES
60% OF ORGANISATIONS DON’T KNOW HOW MANY ORPHANED ACCOUNTS EXIST IN THEIR BUSINESS
“2015 Verizon Data Breach Investigation Report” http://www.verizonenterprise.com/DBIR/2015/“Business-Aligned Enterprise Security – Driving Success in the Face of Shifting sands in Identity & Access Management” by Gavin Grounds, Global Director - Information Risk Management, HP http://www.slideshare.net/CAinc/businessaligned-enterprise-security-driving-success-in-the-face-of-shifting-sands-in-identity-access-management
CA Identity Suite
10 © 2014 CA. ALL RIGHTS RESERVED.
ANALYZE
ON/OFF BOARD
MANAGE
CERTIFY
MONITOR
Enforcing GDPR – Identity and Access Governance
Provides the right access to the right
user based on context and risk.
Improves user experience while
helping to guard against attack, data
leakage and abuse of rights.
PROCESS AND WORKFLOW
AUTOMATION
DELEGATION AND SELF SERVICE
“DASHBOARDS” AND REPORTING
VALIDATE COMPLIANCE
IDENTITY AND ACCESS GOVERNANCE
ANALYTICS ANDDATA CLEANSING
IDENTITY DATA
• Manage and control access to data• Automate user management• Improve user experience
• ”Who has access to what” insights• Higher user productivity• Enforce GDPR compliance
BUSINESS VALUEKEY FUNCTIONALITY
11 © 2014 CA. ALL RIGHTS RESERVED.
ANALYZE
ON/OFF BOARD
MANAGE
CERTIFY
MONITOR
Enforcing GDPR – Identity and Access GovernancePerforming an IAG (Gap) Analysis
PROCESS AND WORKFLOW
AUTOMATION
DELEGATION AND SELF SERVICE
“DASHBOARDS” AND REPORTING
VALIDATE COMPLIANCE
ANALYTICS ANDDATA CLEANSING
IDENTITY DATA
1. CLEANUP AND AUDIT ENTITLEMENTS BEFORE SENDING TO BUSINESS USERS TERMINATED USERS ORPHAN ACCOUNTS EXCESSIVE ENTITLEMENTS COLLECTORS (ENTITLEMENT CREEP) REDUNDANT GROUPS/ROLES OVERLAPPING ROLES/GROUPS
2. PROFILE/GROUP/ROLE MODELING FOR MEANINGFUL BUSINESS CONTEXT FUTURE STATE
Inconsistent
Excessive
PRESENT STATE
Redundant
12 © 2014 CA. ALL RIGHTS RESERVED.
Access CertificationThe New Certification Campaigns Experience
BENEFIT
PERSONALIZED ACCESS CERTIFICATION
Manager expect a simplified experience when performing certifications
Certifications contain a lot of information and take a long time to complete
Different managers require different views of the data
Business friendly experience
Display all the information on one page
Personalized view where users can select what information to view
Export and import campaigns to excel for offline decision making
Managers can quickly and intuitively navigate through the data in a personalized view
Improve managers productivity by easily making decisions when all the information is available in one place
Solution is available anytime, anywhere, offline or mobile
MOTIVATION
SOLUTION
13 © 2014 CA. ALL RIGHTS RESERVED.
CA Test Data Management
14 © 2014 CA. ALL RIGHTS RESERVED.
Enforcing GDPR - CA Test Data ManagerThe right data, in the right place , at the right time.
Data discovery, modeling,
visualization and profiling
Data subsetting,
masking and synthetic
data generation
Test Data on Demand™
Review data quality and data errors
Measure coverage and identify gaps
Discover relationships
Identify sensitive data across all systems
Identify future trends
Share data across parallel teams
Clone data as it’s provisioned
Enable self-service, on demand access
Provide multiple outsources with secure data
Eliminate manual data creation and masking
Reduce costs and improve quality with short but rigorous test cycles
Improve test coverage
15 © 2014 CA. ALL RIGHTS RESERVED.
Modeling
SubSetting
Masking
Synthetic
Discovery
• Automatically match fit for purpose data
• Data Trends and Visualisation• Data Masking & Synthesizing
• Increased productivity• Increased test Data Quality (cut
defect by 95%)• Enforce GDPR compliance
BUSINESS VALUEKEY FUNCTIONALITY
The Right Data, in the Right Place, at the Right Time. Centralizing data requests and removing data dependencies. Ensuring Data Privacy by synthesizing test data.
CA Test Data Management
TDM
TDM
Enforcing GDPR – CA Test Data Management
Production Data
Synthetic Test Data
CA Privileged Access Management
17 © 2014 CA. ALL RIGHTS RESERVED.
Privileged Access
18 © 2014 CA. ALL RIGHTS RESERVED.
Privileged Users
What’s the common thread in most if not all breaches?
28,070Number of attacks the
average US company had in 2015
38%Increase in # of
security incidents from 2014 to 2015
94%Percentage of CxOs
believing their company will experience a breach in
two years
Average cost of a data breach
$3.79M
3.9BNumber of records lost
since 2013
Every Day1,358,671
Every Hour56,611
Every Minute943
Every Second16
Dat
a re
cord
s w
ere
lost
or
sto
len
wit
h t
he
fo
llow
ing
freq
ue
ncy
Compromised accounts and credentials of ….
Your organization can’t afford a large-scale cyber-attack
http://breachlevelindex.com/#sthash.RZhGQkVZ.dpbs
https://securityintelligence.com/cost-of-a-data-breach-2015/
http://public.dhe.ibm.com/common/ssi/ecm/se/en/sel03074usen/SEL03074USEN.PDF
http://www.vormetric.com/campaigns/datathreat/2016/
http://www.verizonenterprise.com/resources/report/rp_pci-report-2015_en_xg.pdf
19 © 2014 CA. ALL RIGHTS RESERVED.
Privileged AccountsThe Emerging Front Line
Hacker
Malware/APT
On Premise
Employees/Partners Systems Admins Network Admins DB Admins Application Admins
PartnersSystems/NW/DB/Application Admins
EmployeesSystems/NW/DB/Applicati
on Admins
Public Cloud
Apps
Apps
VMwareAdministrator
AWS Administrator
Microsoft Office 365 Administrator
INTERNET
Organizations typically have 3-4x more privileged accounts and credentials than employees!
20 © 2014 CA. ALL RIGHTS RESERVED.
What can you do to address the threat?
Break the Attack Kill Chain with Privileged Access Management (PAM)
Prevent breaches by protecting administrative credentials, controlling privileged user access, and monitoring and recording privileged user activity across the hybrid enterprise.
• Strong authentication
• Login restriction
• Command & socket filtering• Zero trust – deny all, permit by
exception• Proactive policy enforcement
• Session recording & monitoring
• Activity logging & auditing
• SIEM integration
Prevent Unauthorized Access
Limit Privileged Escalation
Monitor, record & audit activity
21 © 2014 CA. ALL RIGHTS RESERVED.
Enforcing GDPR – CA Privileged Access Management
Manages shared and/or personal
privileged account access across
physical and virtual systems. Monitors/
records privileged user activities for
governance and compliance purposes.
PRIVILEGED ACCESS MANAGEMENT
IDENTITY DATA
• Manage and control privileged access• Secure (SSO) access• Protect systems and hypervisors
• Protect privileged accounts• Transparency into privileged
activities• Enforce GDPR compliance
BUSINESS VALUEKEY FUNCTIONALITY
ATTR
IBU
TE IDEN
TITY FOR
SHA
RED
A
CC
OU
NTS
META
-DA
TA &
SESSION
REC
OR
DIN
G
ENFO
RC
E PO
LICY A
ND
MO
NITO
R
SING
LE SIGN
-ON
/FEDER
ATIO
N
AU
THO
RIZE U
SER
AU
THEN
TICA
TE USER
MA
NA
GE C
RED
ENTIA
LS
LOGS, CONTROLS AND POLICY MANAGEMENT
SESSIONMANUAL LOGIN
SINGLE SIGN-ONFEDERATED SIGN-ON
22 © 2014 CA. ALL RIGHTS RESERVED.
End to End Privileged Access approach…
DEFENSE IN DEPTH
Credential management
Policy-based, least privilege access control
Command filtering
Session recording, auditing, attribution
Application password management
Comprehensive, hybrid enterprise protection
Self-contained, hardened appliance
NETWORK-BASED SECURITYCA Privileged Access Manager (PAM)
In-depth protection for critical servers
Highly-granular access controls
Segregated duties of super-users
Controlled access to system resources such
as files, folders, processes and registries
Secured Task Delegation (sudo)
Enforce Trusted Computing Base
HOST-BASED SECURITYCA PAM Server Control
A
cces
s re
qu
ests
C
erti
fica
tio
n
R
isk
anal
ytic
s
CA
Ide
nti
ty G
ove
rnan
ce
CA Advanced Authentication
23 © 2014 CA. ALL RIGHTS RESERVED.
CA API Management
25 © 2014 CA. ALL RIGHTS RESERVED.
APIs: The building blocks of digital transformation
IOT Devices
Cloud
Mobile
Partners/External Divisions
External Developers
Data
Data
Your Digital
BusinessAPIs
26 © 2014 CA. ALL RIGHTS RESERVED.
API 101 Primer – After
"alerts": [{“type": ”FLW”
"description": ”Flood Watch"
Integration
Speed Monetization
Experience
Internet of Things
27 © 2014 CA. ALL RIGHTS RESERVED.
Outside the Enterprise
Internet of Things
Mobile
SaaS/Cloud SolutionsAWS, Google, SFDC …
Partner Ecosystems
External Developers
Within the Enterprise
Secure Data
Application Portfolio
ID/Authentication
Reporting & Analytics
Internal Teams
Enforcing GDPR - CA API ManagementThe Building Blocks of Digital Transformation
Secure the Open Enterprise
Protect against threats and OWASP vulnerabilities Control access with SSO and identity management Provide end-to-end security for apps, mobile, and IoT
Integrate and Create APIs
Easily connect SOA, ESB, and legacy applications Aggregate data including NoSQL up to 10x faster Build scalable connections to cloud solutions Automatically create data APIs with live business logic
Unlock the Value of Data
Monetize APIs to generate revenue Build digital ecosystems to enhance business value Create efficiencies through analytics and optimization
Accelerate Mobile/IoT Development
Simplify and control developer access to data Build a wider partner or public developer ecosystem Leverage tools that reduce mobile app delivery time
28 © 2014 CA. ALL RIGHTS RESERVED.
CA Technologies – Solutions which can help.
CA Identity Suite
CA Test Data Management
CA API Management
CA Privileged Access Manager / Server Control
CA SSO
CA Advanced Authentication
CA Data Content Discovery
CA Cleanup
CA Compliance Event Manager
Distributed Mainframe
29 © 2014 CA. ALL RIGHTS RESERVED.
Thank you
Dimitrios Tiligadas (CISSP)Technical Sales Manager - Security ArchitectCA South Eastern EuropeEmail: d.tiligadas@ca-see.com
top related