applying comprehensive data protection in the light … · ibm security guardium dam, fam : -...
TRANSCRIPT
1 © 2015 IBM Corporation
APPLYING COMPREHENSIVE DATA
PROTECTION IN THE LIGHT OF GDPR: HOW TO
MONITOR & LOG SENSITIVE DATA.
Laura Begieneman - Data Governance & Security Sales Benelux
2 © 2015 IBM Corporation
Hello! Laura Begieneman You can find me at @laurabegieneman
3 © 2015 IBM Corporation
What will I cover today ?
GDPR, Data & Impact
What can you do as an organization ?
How can help ?
Guardium: Monitoring, logging & Audit of data
4 © 2015 IBM Corporation
In Europe over 250 million people use the Internet daily and over the last 17 years the data protection laws have
not been adopted.
5 © 2015 IBM Corporation
The European Commission realized that this is a
major problem as users developed different ways
of interacting and sharing data online
6 © 2015 IBM Corporation
Why the need for GDPR in Europe ?
7 © 2015 IBM Corporation
1. To modernize the law in line with existing and emerging
technologies.
2. To create a unified data protection law for all 28 European
Countries.
3. To enhance the level of data protection for EU data subjects.
8 © 2015 IBM Corporation
Its all about data …
9 © 2015 IBM Corporation
Your data
10 © 2015 IBM Corporation
Your data & mine
11 © 2015 IBM Corporation
Personally Identifiable Information (PII) refers to data held about EU citizens that, if disclosed,
could result in damages to those
whose information has been compromised.
12 © 2015 IBM Corporation
And then it happens..
13 © 2015 IBM Corporation
You are hit
14 © 2015 IBM Corporation
15 © 2015 IBM Corporation
And suddenly your organization …
16 © 2015 IBM Corporation
17 © 2015 IBM Corporation
You have 72 hours to notify a
security breach
18 © 2015 IBM Corporation
Then the super heroes start to look for
evidences
19 © 2015 IBM Corporation
and ready to answer questions about the lost data
20 © 2015 IBM Corporation
• Who has access to my repositories, folders, and documents?
• Which documents contain sensitive data and where is it overexposed?
• Who has been accessing the sensitive data?
• Who should have ownership of specific documents in my organization?
• Who has unnecessarily permissive access to data?
• Who deleted specific files?
• How quickly can I provide access to auditable data?
21 © 2015 IBM Corporation
But why not
22 © 2015 IBM Corporation
23 © 2015 IBM Corporation
Identify “Crown jewels
24 © 2015 IBM Corporation
And protect them
25 © 2015 IBM Corporation
How can help?
26 © 2015 IBM Corporation
To Safeguard your “crown jewels” and
protect your brand
27 © 2015 IBM Corporation
28 © 2015 IBM Corporation
PROTECT Complete protection for sensitive
data, including compliance automation
ADAPT Seamlessly handle
changes within your IT environment
ANALYZE Automatically
discover critical data and uncover risk
29 © 2015 IBM Corporation
Example architecture
30 © 2015 IBM Corporation
Harden Repositories
Encrypt and mask sensitive data
Archive / purge dormant data
Revoke dormant entitlements
Identify Risk
Discover and classify sensitive data
Assess database vulnerabilities
Monitor Access
Monitor and alert on attacks in real-time
Identify suspicious activity
Produce detailed compliance reports
Protect Data
Prevent unauthorized access to sensitive data
Enforce change control
IBM Guardium Data Protection and IBM Critical Data Protection Program
31 © 2015 IBM Corporation
ANALYZE. PROTECT. ADAPT.
Discovery, classification, vulnerability assessment, entitlement management
Encryption, masking, and redaction
Data and file activity monitoring
Dynamic blocking and masking, alerts, and quarantine
Compliance automation and auditing
ANALYTICS
32 © 2015 IBM Corporation
33 © 2015 IBM Corporation
34 © 2015 IBM Corporation
IBM Security Guardium DAM, FAM :
- Consent (Article 7)
- Data Subject Rights (Article 10a, Article 11, Article 12, Article 15, Article 16, Article 17)
- Breach Notification (Article 31, Article 32)
- Right to Access (Article 14, Article 15)
- Right to be Forgotten (Article 17)
- Privacy by Design (Article 23)
- Data Protection Officers (Article 37)
- Increased Territorial Scope (extra-territorial applicability)
IBM Security Guardium VA :
- Data Protection Impact Assessment
- Respect to Risk
- Privacy by design
IBM Guardium Data Encryption :
- Processing not allowing identification (Article 10)
- Whether personal data are retained in encrypted form (Article 13a1(f))
- Standardized information policies (Article 13a)
35 © 2015 IBM Corporation
Monitor the policies created to see privileged user access to GDPR
Personal data
36 © 2015 IBM Corporation
Monitor, audit and record all user activity to Personal data …
GDPR Personal Data Activity Report
37 © 2015 IBM Corporation
… and record and audit policy violations and quarantine connections
if there is unauthorized access to Personal data
38 © 2015 IBM Corporation
Collaborate
39 © 2015 IBM Corporation
THANK YOU.