Webinar: Stop Playing Games with Data Privacy · 408-464-3820 Allan@abmar,n.com 3 1 • Data...

Webinar: Stop Playing Games with Data Privacy Data Masking Solutions for the Gaming Industry April 12, 2016

2

Speakers

MarcHebert JohnL.WellsChiefOpera,ngOfficer GlobalDevelopmentServicesManagerEstuate LasVegasSandsCorpora,on510-468-7132 [email protected]@estuate.comAllanMar4nCTOABMar,nGroup408-464-3820Allan@abmar,n.com

3

1 •  Data Security Challenges in the Gaming

Industry

2 •  Securing Structured and Unstructured Data

3 •  Gaming Industry Case Study

4 •  Summary and Q&A

5 •  About ABMartin

6 •  About Estuate

Discussion Topics

4


Industry






Discussion Topics

Data Security Challenges in the Gaming Industry

Ø  Inthepastyearrecordnumberofdatabreaches–781intotalthatleT169,068,506peopleexposed,accordingtotheIden,tyTheTResourceCenter

Ø  Stringent regulations on the casino industry are increasing

Ø  A perfectstormishiYngthegamingindustryrightnow.DepartmentofJus,ce(DoJ)focusingitsan,-moneylaunderingonthegamingindustry

Ø  FinancialCrimesEnforcementNetwork(FinCEN)istakingmoreaggressivestancesagainstcasinooperators

Ø  Atexactlythesame,me,theuseof“bigdata”tocapturecustomerhabitsisbecomingmoreprevalent

Ø  Illegalhackingandstealingofsensi,vedataandcustomerdataarebecomingmorefrequent

The cost of a breach?

Ø  Regulatoryfines

Ø  Name Recognition Ø  Reputation Ø  Trust Ø  Lost business

Ø  Cost of a single record containing confidential information? $145 to $154* (*Cost of a Data Breach Study: 2015)

Ø  Averagetotalcost:$3.8million(23%upsince2014)Ø  47%arebymaliciousagacks

Ø  Costofresolu,onandreac,onisincreasing

7


Industry






Discussion Topics

Typical Test Data Creation:

8

Produc4on Test

2TB2TB

2TB

2TB

QA

Dev.

Test

• Simple-requiresligleknowledgeofthedatamodelorinfrastructure

• Realis4c-createsanexactcopyofproduc,on

…

Typical Test Data Creation:

9

Prod Test

2TB

QA

Dev.

Test

2TB2TB

• Costly–significantstorage• Risky–sensi,veinforma,onfromproduc,onusedintest

• Timeconsuming–copyingallofproduc,on• Inefficient–developer/testerdown,me

70%breachesoccuronthetestside70%ofthosearefromtheinside70%ofdatastoredinunstructuredformat

Optim Data Privacy and Test Data Management

10

DataPrivacy TestDataManagementØ  Outoftheboxmaskingtechniquestode-iden,fy

data.Ø  Obfusca,onisirreversibleØ  Ensuremaskeddataiscontextuallyappropriate

tothedataitreplaced–likeforlikeØ  Maintainreferen,alintegrityØ  AccessDefini,ons–templates.Ø  Toolstodiscoversensi,vedata

Ø  Sub-setandmake“right-sized”databasesØ  ReducestoragecostsØ  RepurposesystemsØ  Fasterrefreshesandrefreshautoma,onØ  Developmentandtestlifecyclereduced

JASON MICHAELS

ROBERT SMITH 2TB 200GB 50GB

Data Privacy for the Gaming Industry!

11

Infinium

DB2SQLServerOracleSybaseInformixTeradata

…

iSeries.Linux.Unix.Windows…

ACSCAn,MoneyLaundering

CasinoManagementSystem

Custom…

Ø  AccessDefini,ons,wedidtheworksoyoudon’thaveto

Ø  Datadiscoveryforcustomapplica,ons

Ø  Completebusinessobjectacrossapplica,ons,systems,andenvironments

Ø  Automa,onandrepeatableprocessesØ  Beyonddatabases–Unstructured

data

Maintainreferen,alintegrity

SQLServer

iSeries

Oracle

Web

Filesystem

12

Unstructured Data Masking

Structured

Unmasked Masked

Relational databases

Scanned images Office docs

Web logs PDF’s

Flat files...

Unstructured Complete the compliance circle

13

Unmasked Masked

Unstructured Complete the compliance circle

q  Maskover48differentfiletypesincludingImages,PDF,CSV,Email,Images,Officedocs…q  Maintainreferen,alintegrityensuringdataismaskedconsistentlybothwithinthedatabase

andwithinthefilesq  Runstandaloneorinconjunc,onwithOp,m

Unstructured Data Masking

14


Industry






Discussion Topics

Gaming Industry Case Study Optim Pilot Results Summary

(Infinium HR/PY) Storage

File Size Before 2.39gb

File Size After 0.32gb

Storage Reduction 2.07gb

87% reduction

Execution Data Refresh Time

Before 4.5 hours

Data Refresh Time After 15 minutes

Time Savings 4.0 hours

89% reduction

•  Modules were sub-setted and data obfuscated leveraging the Optim toolset.

•  QA and UAT successfully conducted testing for

data integrity

•  Application is now compliant and possibility for breach has been mitigated

•  Because of smaller footprint, performance on backups/restores, testing, and development has increased

•  Extra storage can be repurposed for other projects without requiring to purchase more disk

•  SOX-404 $7,800,000 penalty has been avoided

Projected Results (iSeries)

Storage Storage Before 4.8tb

Storage After 2.4tb

Storage Reduction 2.4tb

50% reduction*

Execution Data Refresh Time

Before 4.5 hours

Data Refresh Time After 1 hour

Time Savings 3.5 hours

78% reduction*

•  All data will be secured and risk mitigated •  Estimate immediate reduction by 40% •  Continued reduction to 60% by EOY •  Back up storage costs reduced by 60% (+/-)

(based on cost of back up tapes)

* estimated

•  Data Refresh times reduced by an estimated 78% •  Back-up times reduced by an estimated 50%

Increase productivity

•  Get in Compliance’

•  Current projects (Anti Money Laundering and Impact) MUST be obfuscated before roll out

•  Obfuscate data maintaining referential integrity between applications

Why Optim? Why now?

•  PII, PCI and Gaming data is currently exposed across enterprise – Systems at Risk!

•  With Optim, obfuscation cannot be reverse engineered.

•  Optim ensures test data has ‘production like’ data reducing risk of failure when final rollout to production.

•  Ensures relationships and data is masked consistently across all applications and environments.

•  Optim is a single mature certified product can be used on all platforms and applications for both obfuscation and sub setting

•  Pilot successfully completed. Optim experts onsite, vetted, and ramped up on current environment.

•  Repurpose storage savings now for upcoming projects instead of purchasing more disk space

Breach Loss Cost There Is Potential Of Private Data In Global Test Environments That Increases Business Risk

90.0%Proposedimpact

datasani4za4oncanhaveonpreven4ngadisclosureevent

=

x500,000

Averagenumberofaffected

recordsinanygivendataloss

scenario

$197Thecostper

recordat99,000records

2.0%

Proposedprobabilityofdisclosureeventoccurring

$98.50MPoten4alTotal

DataLossCostsperEvent

Poten4alDataLossRiskMi4ga4onvia

Sani4za4on

Poten4alExpectedDataLossCostsperEventat

2.0%Probability

$1.97M$1.77Mannually

=

x=

Thepoten)allossesresul)ngfromabreachcanbesignificant

19


Industry






Discussion Topics

Summary and Q&A

•  Gaming Industry companies are especially vulnerable to data breaches

•  Data breaches are particularly painful and expensive to fix, and cause lasting damage to customer loyalty

•  There are proven, packaged solutions to protecting sensitive data in non-production copies of gaming industry databases

•  ABMartin and Estuate have partnered with IBM Optim to offer packaged data masking for structured and unstructured data for the leading gaming industry applications from:

•  Bally •  Infor •  Agilysis

•  Q&A

AboutABMar4nq  Establishedin2009

q  Informa,onManagementSpecialists

q  SpecializinginComplexDataPrivacy,TestDataManagement,andDecommissioning

q  Unstructureddatamaskingleaderq  Heterogeneoussystemsexper,sespanningacrossMainframe,iSeries,Distributed,toHandheldand

Embeddedsystemsq  AllrangesofDBMS:Rela,onal,ObjectOriented,Hierarchical

q  Aboveandbeyondservices:toolsets,products,soTwareu,li,es

SuccessStories:DataPrivacy

q HSBCq BankOfAmericaq StandardInsuranceq HealthPartnersq OREGONstate(ODOT)q FederalDHS–VeteransAffairsq SANDSCorpora,onq CatholicHospitalsEastq AlaskaAirlinesq CSX

q DellInc.q  ICBCq NewYorkStateq WellsFargoq RegionsBankq ZionBankq EntertainmentPartnersq MarriogVaca,onWorldwideq EntertainmentPartnersq StJude'sChildren'sHospital

SuccessStories:Archiving|Decommissioning

q SAPq BusinessObjectsq Kimberly-Clarkq DicksSpor,ngGoodsq Bayerq Ericssonq CanadaYellowPagesq DollarGeneralq OPERS

q SouthernCompanyq NGSMedicareq Penskeq PressGaneyq WellsFargoq Zirmedq TorranceHospitalq Nortel

About Estuate – 10 Years and Counting…

24

CustomerFocus- CustomersfromstartupstoFortune50- Highestcustomersa,sfac,onandasourceofrepeatbusiness- Outstandingvalue,notlowestprice- Trustedadvisors,beyondcontractualrela,onships

- Celebra,ng10yearsinJan,2015- SiliconvalleyHQ,officesinCanada,UK,UAEandIndia- 350+employeesworldwideandgrowingrapidly- Establishengineeringrela,onshipwithISVsandgotomarketstrategy- Referencedrivengrowth- PreferredvendorforUSgovernmentagencies

TechnologyFocus- TechnologyandApplica,onsImplementa,on- ProductEngineering- BigDataandBusinessIntelligence- Informa,onLifecycleGovernance&Security

Execu4onFocus- Emphasisonmasteryoftechnology–SMEs,state-of-the-artlabs,expertdevelopers- Productengineeringrela,onship- Personalizedresourcepooltomeeteachcustomerstyle- Can-doaYtude,obsessionwithprojectsuccess

25

Information Lifecycle Governance & Security Practice We have built a great track record of 300+ ILM client successes

SERVICES / CLIENTS

STRATEGY & ARCHITECTURE ü ü ü ü ü ü ü ü ü ü ü ü üARCHIVING ü ü ü ü ü ü ü ü ü ü ü üTEST DATA MANAGEMENT ü ü ü ü ü üDATA PRIVACY ü ü ü ü üRETIREMENT ü ü ü üFACTORY MODEL ü ü ü üCUSTOM APPLICATION ü ü ü ü üPACKAGED APPLICATION ü ü ü ü ü ü ü ü ü üDISTRIBUTED ü ü ü ü ü ü ü ü ü ü ü üMAINFRAME ü ü ü ü üSUPPORT / MAINTENANCE ü ü ü ü ü ü ü ü ü ü ü üUPGRADES ü ü ü ü ü ü ü

LargeD

efen

se

Indu

stryClient

Webinar: Stop Playing Games with Data Privacy · 408-464-3820 Allan@abmar,n.com 3 1 • Data...

Documents

Transcript of Webinar: Stop Playing Games with Data Privacy · 408-464-3820 Allan@abmar,n.com 3 1 • Data...