it security. what you don’t knowwillhurt you....oracle cloud –london –feb 1-2 grc round table,...

Safeguard Digital EnterpriseIn Cloud & On Premise ™

Risk and Compliance Financial Reporting Internal Audit Process Controls Application Access Advanced Analytics

A Leader in Risk Based Enterprise Controls Management Solutions

Copyright ©. SafePaaS, Inc.Discover hidden risks, use this insight to improve bottom line.

ITSecurity.Whatyoudon’tknow will hurtyou.

www.SafePaaS.comCopyright © SafePaaS

IT Security. What you don’t know will hurt you.

IntroductionsBusiness Platform RisksDiscovering Hidden RiskActionable Analytics Closed Loop RemediationCase StudyQ&A

Agenda


SafePaaS InsightGlobal Thought Leadership

Oracle Cloud – London – Feb 1-2 GRC Round Table, London, UKEducational Webinar – Mar 23rd – Continuous Controls Monitoring Collaborate 17 – April 2-6 Las Vegas GRC Open HouseOracle Modern Finance Experience – April 11-13 Boston – FEMSA Oracle Risk Cloud Case Study Educational Webinar – June 21st – Access Controls Monitoring for Multiple Business Systems Oracle Open World – October 1-5 – Mascone West, San Francisco, CAGitex – October 8-12 – GRC Round Table, Dubai UAEOracle UK Users Group – December – GRC Round Table, Birmingham, UKOracle Connect Africa – October – GRC Round Table, South Africa

Proven Expertise


FulcrumWay Client Studies Successful Track Record

Government Oil and Gas

Healthcare

Communications

Financial Services

Transportation Natural ResourcesManufacturing

Retail

High TechMedia/Entertainment Life Sciences

Overview

what

DISCOVERACCURATELY

Data

code

users

StructuredData

MONITORCONTINUOUSLY

connections

statements

Db structure

code

BIGData

MASKSEAMLESSLY

static

DYNAMIC - DB

DYNAMIC - APPS

Unstructured DATA

RETIRESECURELY

tokenize

subset

Clouddata

DB FIREWALL

authenticate

protecteffectively

On-premisedata

WHERE

HOW

MENTIS


19

TotalNumberofvendorsinlist

10

VendorswithStatic,Dynamic&Redaction

4

VendorswithallaspectsofMaskingandmostmethods

Source: How Data Masking Is Evolving to Protect Data from Insiders and Outsiders Gartner , 28, November 2016 ; Doc ID: G00309376

VendorDiscovery Masking DDM Method

Dictionary Data Relationship SDM DDM Redaction Repository Proxy Application Client API

BlueTalon a a a a a a aCATechnologies a a a a a a a aCamouflage a a a a a a a aCompuware a aDataguise a a a a a a aDelphix a a a a aHexaTier a a a a aHPESecurity a a a a a a a a a aIBM a a a a a a a a a aInformatica a a a a a a a a a aIRI a a a a a a a a aMentis a a a a a a a a a aMicrosoft a a aNet2000 aOracle a a a a a a aPrivacyAnalytics a a a aSecuPi a a a a aSolix a a a aTCS a a a a a a a a

Gartner 2008 – Cool Vendor Gartner 2012, Magic Quadrant -Visionary

2013 - 2016, MENTIS was named as Challenger in Gartner Magic Quadrant

GARTNER MARKET GUIDEMENTIS IS ONE OF TOP FOUR VENDORS : FEB 2017Recognition


What’snext?

Competition

MarketLeading

Data Masking Test Data Management

Source: Test Data Management Market Update February 2017

Source: Data Masking Market Update April 2017

Bloor Market Update: Feb 2017

Recommendation

Recognition


Modern audit methods based on collaboration, content and analytics


Agenda


Growing IT Security Risks Business Platform Risks

"In 2017, the threat level to enterprise IT continues to be at very high levels, with daily accounts in the media of large breaches and attacks. As attackers improve their capabilities, enterprises must also improve their ability to protect access and protect from attacks," said Neil MacDonald, vice president, distinguished analyst and Gartner Fellow Emeritus. "Security and risk leaders must evaluate and engage with the latest technologies to protect against advanced attacks, better enable digital business transformation and embrace new computing styles such as cloud, mobile and DevOps."

Exploitation of known vulnerabilities poses a great threat to an organization’s security!


SafePaaS IT Security FrameworkBusiness Platform Risks


Source: *IDC,** Gemalto, BreachLevelIndex

Sensitive Data Exposure

Compliance &

Regulations

Centralized data initiatives

Cross border data sharing

Emergence of Cloud Computing

Data Breaches

Data Explosion

1

2

3

4

6

5

§ Companies are incorporating centralized data initiatives to enable analytics and reporting

§ This leads to increased exposure, necessitating securing of the data

§ New laws like GDPR in Europe, with greater scope and higher penalties are driving the adoption of data masking and increased spend on data security and privacy

§ Stricter enforcement of existing regulation is a key driver

§ Anonymization of sensitive data is a critical requirement for cross border data sharing and migration to the cloud

§ Data needs to freely crosses the prior conceived thresholds that limit business potential

§ Increased data breaches are driving the need for data security techniques like data masking

§ The number of data breach incidents increased by 7% from 2015 to 2016**

§ Increasing amount of data that companies collect to run their business

§ Digital universe is doubling in size every two years, and by 2020 it will reach 44 zettabytes*

§ Sensitive data needs to be protected from unnecessary internal exposure and from external service providers

§ Adoption of cloud computing that pressures companies to rethink where they deploy computing and data resources.

Business Platform Risks



Agenda IT Security. What you don’t know will hurt you.


Whereis your sensitive data?

2

Whohas access?

4

Howis sensitive data

exposed?

3

Whatdata is sensitive?

1

HOW DO YOU ACHIEVE IT?

Data classifications Datalocations

code userAccess mechanisms

Enterprise Sensitive Data InteligenceSensitive Data Footprint


Pathways and Scorecard

dictionaryFind columns and tables for classification by comparing know Table & Columns Names against the data dictionary. + RelationshipsEx, look for columns called “NATIONAL_IDENTIFIER”

patternUsing pattern recognition, search for known patterns of sensitive dataEx, NNNN-NNNN-NNNN-NNNN (Where N is a number) when looking for Credit Cards

EXACT dataTo help eliminate false positives, compare discovered column data against • known column data; • Entered data

codeTo further eliminate false positives, and to document columns that might not contain any data (say, Key-Value temp tables), review DB and Application codeEx, PL/SQL procedures

validationsValidate Data against rules to ensure that the data passes all known validationsLuhn Method for Credit CardsDate of Birth based National Identifier for South Africa

OBJECTIVE : FIND ALL SENSITIVE DATAEasy to find HARD to find Very HARD to find

National Identifier

60

80

60

Credit card

names

33% 50% 17%

MENTIS Discovery


Data and Privacy Impact

Data Classifications: results

→ Prioritize applications based on sensitive data held for data protection

→ Single screen to view ALL sensitive data locations in the Enterprise Data Landscape

→ Granular details such as who as access and how it is exposed

Actionable Analytics


Data Classification Results

Sensitive data associated with code

Users who access sensitive data.

The location of sensitive data found -Owners, Table names, Column name, Reason type, Pattern, Occurrence and Row count along with other details.

Reports


Automate The Protection

ENTERPRISE SENSITIVE DATA INTELLIGENCE

DATA CODE USERS

MASKING RULES/ TEMPLATES

WHO WHAT WHERE WHEN

PRODUCTION

DB Access

Pages Queries Reports

pre-PROD/UAT/HRD

DB Access

Pages Queries Reports

NON-production

TRAIN TEST INTG DEV

Discovery

Dynamic Data Masking Blended Masking Static Data Masking

Our Approach


non-PRODUCTIONPRODUCTION

Mentis discovery

DATA CODE USERS

APP1

DECISION & ALERT ENGINE

WHO WHAT HOW WHERE

APP2 APP1 APP2 APP3TYPICAL PROCESS→ Code is reviewed on set interval→ Any code that uses Sensitive Data is

alerted on New or Update→ User Activity is monitored for

Connections & SQLs→ Memory based

BENEFITS→ Protections are embedded into the

database → Monitoring inside the instance → Much better performance→ Higher Security→ No code-based weakness sent into

Production→ Preventative Control + Detective

Control

User Activity Code Changes

Activity and Code ChangesProactive Monitoring


Continuously Monitors ALL Security Incidents Closed Loop Remediation


Prevent, Mitigate and Remediate all IT Security Risks

Requestor Registration

Request Roles

Add/Update

User

MonitorUser

Access

Employee/Manager

List

Network User

List (AD/IAM)

1.TestAccess Policy

Add/Update

Role

Requesters / ApproversIS Security/

Audit/Compliance

IS Security

ActiveEmployee

UsersiAccess Rules Manager Workflow (5 level)

Application Administrator

Rules ManagerDataProbe ETL

2. Process ApprovalRequest

Dashboard

UserAccess Rules

DataProbe ETL

Closed Loop Remediation


The Big PictureSafePaaS

MonitorPaaS

ProcessPaaS/DocumentPaaS Operations Management

RiskPaaSRiskLibrary KRIManagerPolicyManager

ProcessDefinition

Workflow BusinessRules

AuditManager AuditPlanner

ComplianceManager

MasterDataMonitor

Dat

aPro

be In

tegr

atio

n Se

rvic

es

RiskAssessments

AuditPaaS

TransactionMonitor ConfigurationMonitor RulesRepository

AccessMonitor SODPolicyMonitor RolesManager

AccessPaaSiAccessPolicybasedprovisioning

IssueManager

SurveyManager

EnterpriseRiskManagement

ContinuousControlsMonitoring

FinancialGovernance AuditandComplianceAutomation

ITGovernance

DatabaseMonitor


• iDiscover (Sensitive Data Discovery)• iScramble (Static Data Masking)

Mentis solution

outcomes

• Find ALL sensitive data• Superior discovery than implemented

solutions • Complex and hard to understand databases

challenges

• Company has presence in wide range of sectors such as oil & gas, Aviation, Digital, Healthcare, Power, etc.

• Audit team highlighted non-compliance as sensitive data was being copied into non production systems

• Implemented home-grown scripts and third party products with partial success

Background Client Quote

• MENTIS found ALL sensitive data which was more than 10% of what SME’s had expected across all applications

• The MENTIS solution performed data discovery and masking in an SAP application where previously sensitive data discovery and masking were not done.

• Successful discovery and masking of 13 data classifications in SAP, PeopleSoft and custom applications• In the process of creating MENTIS capabilities in their IT hub for enterprise wide roll out• MENTIS well positioned for future data and application security requirements

Client ExamplesFortune 50 Global ConglomerateCase Study

“Mentis represents a major step forward in safeguarding sensitive information in Healthcare Global SAP non-productive systems. It allows flexible templates to be applied to mask sensitive data which can easily incorporated into system refresh procedures”


Q&A IT Security. What you don’t know will hurt you.


Sign-up for FREE 14 Days EvaluationQ & A

Register online to try out SafePaaS

it security. what you don’t knowwillhurt you....oracle cloud –london –feb 1-2 grc round table,...

Documents