General Data Protection Regulation. - Virtualization and Cloud ... · Enforcing GDPR - CA API...

General Data Protection Regulation.

A CA Technologies Point of view

Dimitrios TiligadasApril 2017

2 © 2014 CA. ALL RIGHTS RESERVED.

What has Changed


Most important changesExpanded Scope

Applies to all data controllers and processors established in the EU and organizations that target EU citizens

Accountability

Implement policies and proceduresImplement measures to ensure compliance Maintain records of processing activities

Data ProtectionOfficers

DPOs must be appointed if an organization processes large amounts of sensitive personal data

Breach Notification

Controllers must notify the supervisory authority no later than 72 hours after having become aware of the breach.

Privacy by Design

Implement data protection principles in an effective manner and integrate necessary safeguards of processing.

New Rights

Right to be forgottenAccess their data Data Portability Object to the use of their Data


Most important changes

Anonymization and pseudonymization

As part of the principles of “data protection by design and by default” when processing personal data

Certifications, codes of conduct

Organizations will be able to adhere to certification mechanisms for the purpose of demonstrating compliance

Fines

up to 4% of the annual worldwide turn over or 20.000.000 Euros


Many Perspectives in addressing GDPR

Business Legal

Processes Technology


ONLY 67% OF ACCESS PRIVILEGES ARE CHECKED AGAINST SECURITY POLICIES BEFORE THEY ARE APPROVED

The harsh reality…

IDENTITY DATAAPP API

YET ONLY 27% ARE REALIGNING SECURITY POLICIES AROUND PRIVILEGES SINCE THE LAST INCIDENT

52% OF ORGANIZATIONS HAVE ACKNOWLEDGED THE NEED TO READDRESS EXCESSIVE USER PRIVILEGES

55% OF INCIDENTS WERE ABOUT ABUSE OF PRIVILEGES

60% OF ORGANISATIONS DON’T KNOW HOW MANY ORPHANED ACCOUNTS EXIST IN THEIR BUSINESS

“2015 Verizon Data Breach Investigation Report” http://www.verizonenterprise.com/DBIR/2015/“Business-Aligned Enterprise Security – Driving Success in the Face of Shifting sands in Identity & Access Management” by Gavin Grounds, Global Director - Information Risk Management, HP http://www.slideshare.net/CAinc/businessaligned-enterprise-security-driving-success-in-the-face-of-shifting-sands-in-identity-access-management

http://www.verizonenterprise.com/DBIR/2015/

http://www.slideshare.net/CAinc/businessaligned-enterprise-security-driving-success-in-the-face-of-shifting-sands-in-identity-access-management

CA Identity Suite


ANALYZE

ON/OFF BOARD

MANAGE

CERTIFY

MONITOR

Enforcing GDPR – Identity and Access Governance

Provides the right access to the right

user based on context and risk.

Improves user experience while

helping to guard against attack, data

leakage and abuse of rights.

PROCESS AND WORKFLOW

AUTOMATION

DELEGATION AND SELF SERVICE

“DASHBOARDS” AND REPORTING

VALIDATE COMPLIANCE

IDENTITY AND ACCESS GOVERNANCE

ANALYTICS ANDDATA CLEANSING

IDENTITY DATA

• Manage and control access to data• Automate user management• Improve user experience

• ”Who has access to what” insights• Higher user productivity• Enforce GDPR compliance

BUSINESS VALUEKEY FUNCTIONALITY


ANALYZE

ON/OFF BOARD

MANAGE

CERTIFY

MONITOR

Enforcing GDPR – Identity and Access GovernancePerforming an IAG (Gap) Analysis

PROCESS AND WORKFLOW

AUTOMATION

DELEGATION AND SELF SERVICE

“DASHBOARDS” AND REPORTING

VALIDATE COMPLIANCE

ANALYTICS ANDDATA CLEANSING

IDENTITY DATA

1. CLEANUP AND AUDIT ENTITLEMENTS BEFORE SENDING TO BUSINESS USERS TERMINATED USERS ORPHAN ACCOUNTS EXCESSIVE ENTITLEMENTS COLLECTORS (ENTITLEMENT CREEP) REDUNDANT GROUPS/ROLES OVERLAPPING ROLES/GROUPS

2. PROFILE/GROUP/ROLE MODELING FOR MEANINGFUL BUSINESS CONTEXT FUTURE STATE

Inconsistent

Excessive

PRESENT STATE

Redundant


Access CertificationThe New Certification Campaigns Experience

BENEFIT

PERSONALIZED ACCESS CERTIFICATION

Manager expect a simplified experience when performing certifications

Certifications contain a lot of information and take a long time to complete

Different managers require different views of the data

Business friendly experience

Display all the information on one page

Personalized view where users can select what information to view

Export and import campaigns to excel for offline decision making

Managers can quickly and intuitively navigate through the data in a personalized view

Improve managers productivity by easily making decisions when all the information is available in one place

Solution is available anytime, anywhere, offline or mobile

MOTIVATION

SOLUTION


CA Test Data Management


Enforcing GDPR - CA Test Data ManagerThe right data, in the right place , at the right time.

Data discovery, modeling,

visualization and profiling

Data subsetting,

masking and synthetic

data generation

Test Data on Demand™

Review data quality and data errors

Measure coverage and identify gaps

Discover relationships

Identify sensitive data across all systems

Identify future trends

Share data across parallel teams

Clone data as it’s provisioned

Enable self-service, on demand access

Provide multiple outsources with secure data

Eliminate manual data creation and masking

Reduce costs and improve quality with short but rigorous test cycles

Improve test coverage


Modeling

SubSetting

Masking

Synthetic

Discovery

• Automatically match fit for purpose data

• Data Trends and Visualisation• Data Masking & Synthesizing

• Increased productivity• Increased test Data Quality (cut

defect by 95%)• Enforce GDPR compliance


The Right Data, in the Right Place, at the Right Time. Centralizing data requests and removing data dependencies. Ensuring Data Privacy by synthesizing test data.


TDM

TDM

Enforcing GDPR – CA Test Data Management

Production Data

Synthetic Test Data

CA Privileged Access Management


Privileged Access


Privileged Users

What’s the common thread in most if not all breaches?

28,070Number of attacks the

average US company had in 2015

38%Increase in # of

security incidents from 2014 to 2015

94%Percentage of CxOs

believing their company will experience a breach in

two years

Average cost of a data breach

$3.79M

3.9BNumber of records lost

since 2013

Every Day1,358,671

Every Hour56,611

Every Minute943

Every Second16

Dat

a re

cord

s w

ere

lost

or

sto

len

wit

h t

he

fo

llow

ing

freq

ue

ncy

Compromised accounts and credentials of ….

Your organization can’t afford a large-scale cyber-attack

http://breachlevelindex.com/#sthash.RZhGQkVZ.dpbs

https://securityintelligence.com/cost-of-a-data-breach-2015/

http://public.dhe.ibm.com/common/ssi/ecm/se/en/sel03074usen/SEL03074USEN.PDF

http://www.vormetric.com/campaigns/datathreat/2016/

http://www.verizonenterprise.com/resources/report/rp_pci-report-2015_en_xg.pdf

http://www.vormetric.com/campaigns/datathreat/2016/


Privileged AccountsThe Emerging Front Line

Hacker

Malware/APT

On Premise

Employees/Partners Systems Admins Network Admins DB Admins Application Admins

PartnersSystems/NW/DB/Application Admins

EmployeesSystems/NW/DB/Applicati

on Admins

Public Cloud

Apps

Apps

VMwareAdministrator

AWS Administrator

Microsoft Office 365 Administrator

INTERNET

Organizations typically have 3-4x more privileged accounts and credentials than employees!


What can you do to address the threat?

Break the Attack Kill Chain with Privileged Access Management (PAM)

Prevent breaches by protecting administrative credentials, controlling privileged user access, and monitoring and recording privileged user activity across the hybrid enterprise.

• Strong authentication

• Login restriction

• Command & socket filtering• Zero trust – deny all, permit by

exception• Proactive policy enforcement

• Session recording & monitoring

• Activity logging & auditing

• SIEM integration

Prevent Unauthorized Access

Limit Privileged Escalation

Monitor, record & audit activity


Enforcing GDPR – CA Privileged Access Management

Manages shared and/or personal

privileged account access across

physical and virtual systems. Monitors/

records privileged user activities for

governance and compliance purposes.

PRIVILEGED ACCESS MANAGEMENT

IDENTITY DATA

• Manage and control privileged access• Secure (SSO) access• Protect systems and hypervisors

• Protect privileged accounts• Transparency into privileged

activities• Enforce GDPR compliance


ATTR

IBU

TE IDEN

TITY FOR

SHA

RED

A

CC

OU

NTS

META

-DA

TA &

SESSION

REC

OR

DIN

G

ENFO

RC

E PO

LICY A

ND

MO

NITO

R

SING

LE SIGN

-ON

/FEDER

ATIO

N

AU

THO

RIZE U

SER

AU

THEN

TICA

TE USER

MA

NA

GE C

RED

ENTIA

LS

LOGS, CONTROLS AND POLICY MANAGEMENT

SESSIONMANUAL LOGIN

SINGLE SIGN-ONFEDERATED SIGN-ON


End to End Privileged Access approach…

DEFENSE IN DEPTH

Credential management

Policy-based, least privilege access control

Command filtering

Session recording, auditing, attribution

Application password management

Comprehensive, hybrid enterprise protection

Self-contained, hardened appliance

NETWORK-BASED SECURITYCA Privileged Access Manager (PAM)

In-depth protection for critical servers

Highly-granular access controls

Segregated duties of super-users

Controlled access to system resources such

as files, folders, processes and registries

Secured Task Delegation (sudo)

Enforce Trusted Computing Base

HOST-BASED SECURITYCA PAM Server Control

A

cces

s re

qu

ests

C

erti

fica

tio

n

R

isk

anal

ytic

s

CA

Ide

nti

ty G

ove

rnan

ce

CA Advanced Authentication

CA API Management


APIs: The building blocks of digital transformation

IOT Devices

Cloud

Mobile

Partners/External Divisions

External Developers

Data

Data

Your Digital

BusinessAPIs


API 101 Primer – After

"alerts": [{“type": ”FLW”

"description": ”Flood Watch"

Integration

Speed Monetization

Experience

Internet of Things


Outside the Enterprise

Internet of Things

Mobile

SaaS/Cloud SolutionsAWS, Google, SFDC …

Partner Ecosystems

External Developers

Within the Enterprise

Secure Data

Application Portfolio

ID/Authentication

Reporting & Analytics

Internal Teams

Enforcing GDPR - CA API ManagementThe Building Blocks of Digital Transformation

Secure the Open Enterprise

Protect against threats and OWASP vulnerabilities Control access with SSO and identity management Provide end-to-end security for apps, mobile, and IoT

Integrate and Create APIs

Easily connect SOA, ESB, and legacy applications Aggregate data including NoSQL up to 10x faster Build scalable connections to cloud solutions Automatically create data APIs with live business logic

Unlock the Value of Data

Monetize APIs to generate revenue Build digital ecosystems to enhance business value Create efficiencies through analytics and optimization

Accelerate Mobile/IoT Development

Simplify and control developer access to data Build a wider partner or public developer ecosystem Leverage tools that reduce mobile app delivery time


CA Technologies – Solutions which can help.

CA Identity Suite


CA API Management

CA Privileged Access Manager / Server Control

CA SSO

CA Advanced Authentication

CA Data Content Discovery

CA Cleanup

CA Compliance Event Manager

Distributed Mainframe

Thank you

Dimitrios Tiligadas (CISSP)Technical Sales Manager - Security ArchitectCA South Eastern EuropeEmail: [email protected]

General Data Protection Regulation. - Virtualization and Cloud ... · Enforcing GDPR - CA API...

Documents

Transcript of General Data Protection Regulation. - Virtualization and Cloud ... · Enforcing GDPR - CA API...