Webinar: Stop Playing Games with Data Privacy · 408-464-3820 Allan@abmar,n.com 3 1 • Data...
Transcript of Webinar: Stop Playing Games with Data Privacy · 408-464-3820 Allan@abmar,n.com 3 1 • Data...
Webinar: Stop Playing Games with Data Privacy Data Masking Solutions for the Gaming Industry April 12, 2016
2
Speakers
MarcHebert JohnL.WellsChiefOpera,ngOfficer GlobalDevelopmentServicesManagerEstuate LasVegasSandsCorpora,on510-468-7132 [email protected]@estuate.comAllanMar4nCTOABMar,nGroup408-464-3820Allan@abmar,n.com
3
1 • Data Security Challenges in the Gaming
Industry
2 • Securing Structured and Unstructured Data
3 • Gaming Industry Case Study
4 • Summary and Q&A
5 • About ABMartin
6 • About Estuate
Discussion Topics
4
1 • Data Security Challenges in the Gaming
Industry
2 • Securing Structured and Unstructured Data
3 • Gaming Industry Case Study
4 • Summary and Q&A
5 • About ABMartin
6 • About Estuate
Discussion Topics
Data Security Challenges in the Gaming Industry
Ø Inthepastyearrecordnumberofdatabreaches–781intotalthatleT169,068,506peopleexposed,accordingtotheIden,tyTheTResourceCenter
Ø Stringent regulations on the casino industry are increasing
Ø A perfectstormishiYngthegamingindustryrightnow.DepartmentofJus,ce(DoJ)focusingitsan,-moneylaunderingonthegamingindustry
Ø FinancialCrimesEnforcementNetwork(FinCEN)istakingmoreaggressivestancesagainstcasinooperators
Ø Atexactlythesame,me,theuseof“bigdata”tocapturecustomerhabitsisbecomingmoreprevalent
Ø Illegalhackingandstealingofsensi,vedataandcustomerdataarebecomingmorefrequent
The cost of a breach?
Ø Regulatoryfines
Ø Name Recognition Ø Reputation Ø Trust Ø Lost business
Ø Cost of a single record containing confidential information? $145 to $154* (*Cost of a Data Breach Study: 2015)
Ø Averagetotalcost:$3.8million(23%upsince2014)Ø 47%arebymaliciousagacks
Ø Costofresolu,onandreac,onisincreasing
7
1 • Data Security Challenges in the Gaming
Industry
2 • Securing Structured and Unstructured Data
3 • Gaming Industry Case Study
4 • Summary and Q&A
5 • About ABMartin
6 • About Estuate
Discussion Topics
Typical Test Data Creation:
8
Produc4on Test
2TB2TB
2TB
2TB
QA
Dev.
Test
• Simple-requiresligleknowledgeofthedatamodelorinfrastructure
• Realis4c-createsanexactcopyofproduc,on
…
Typical Test Data Creation:
9
Prod Test
2TB
QA
Dev.
Test
2TB2TB
• Costly–significantstorage• Risky–sensi,veinforma,onfromproduc,onusedintest
• Timeconsuming–copyingallofproduc,on• Inefficient–developer/testerdown,me
70%breachesoccuronthetestside70%ofthosearefromtheinside70%ofdatastoredinunstructuredformat
Optim Data Privacy and Test Data Management
10
DataPrivacy TestDataManagementØ Outoftheboxmaskingtechniquestode-iden,fy
data.Ø Obfusca,onisirreversibleØ Ensuremaskeddataiscontextuallyappropriate
tothedataitreplaced–likeforlikeØ Maintainreferen,alintegrityØ AccessDefini,ons–templates.Ø Toolstodiscoversensi,vedata
Ø Sub-setandmake“right-sized”databasesØ ReducestoragecostsØ RepurposesystemsØ Fasterrefreshesandrefreshautoma,onØ Developmentandtestlifecyclereduced
JASON MICHAELS
ROBERT SMITH 2TB 200GB 50GB
Data Privacy for the Gaming Industry!
11
Infinium
DB2SQLServerOracleSybaseInformixTeradata
…
iSeries.Linux.Unix.Windows…
ACSCAn,MoneyLaundering
CasinoManagementSystem
Custom…
Ø AccessDefini,ons,wedidtheworksoyoudon’thaveto
Ø Datadiscoveryforcustomapplica,ons
Ø Completebusinessobjectacrossapplica,ons,systems,andenvironments
Ø Automa,onandrepeatableprocessesØ Beyonddatabases–Unstructured
data
Maintainreferen,alintegrity
SQLServer
iSeries
Oracle
Web
Filesystem
12
Unstructured Data Masking
Structured
Unmasked Masked
Relational databases
Scanned images Office docs
Web logs PDF’s
Flat files...
Unstructured Complete the compliance circle
13
Unmasked Masked
Unstructured Complete the compliance circle
q Maskover48differentfiletypesincludingImages,PDF,CSV,Email,Images,Officedocs…q Maintainreferen,alintegrityensuringdataismaskedconsistentlybothwithinthedatabase
andwithinthefilesq Runstandaloneorinconjunc,onwithOp,m
Unstructured Data Masking
14
1 • Data Security Challenges in the Gaming
Industry
2 • Securing Structured and Unstructured Data
3 • Gaming Industry Case Study
4 • Summary and Q&A
5 • About ABMartin
6 • About Estuate
Discussion Topics
Gaming Industry Case Study Optim Pilot Results Summary
(Infinium HR/PY) Storage
File Size Before 2.39gb
File Size After 0.32gb
Storage Reduction 2.07gb
87% reduction
Execution Data Refresh Time
Before 4.5 hours
Data Refresh Time After 15 minutes
Time Savings 4.0 hours
89% reduction
• Modules were sub-setted and data obfuscated leveraging the Optim toolset.
• QA and UAT successfully conducted testing for
data integrity
• Application is now compliant and possibility for breach has been mitigated
• Because of smaller footprint, performance on backups/restores, testing, and development has increased
• Extra storage can be repurposed for other projects without requiring to purchase more disk
• SOX-404 $7,800,000 penalty has been avoided
Projected Results (iSeries)
Storage Storage Before 4.8tb
Storage After 2.4tb
Storage Reduction 2.4tb
50% reduction*
Execution Data Refresh Time
Before 4.5 hours
Data Refresh Time After 1 hour
Time Savings 3.5 hours
78% reduction*
• All data will be secured and risk mitigated • Estimate immediate reduction by 40% • Continued reduction to 60% by EOY • Back up storage costs reduced by 60% (+/-)
(based on cost of back up tapes)
* estimated
• Data Refresh times reduced by an estimated 78% • Back-up times reduced by an estimated 50%
Increase productivity
• Get in Compliance’
• Current projects (Anti Money Laundering and Impact) MUST be obfuscated before roll out
• Obfuscate data maintaining referential integrity between applications
Why Optim? Why now?
• PII, PCI and Gaming data is currently exposed across enterprise – Systems at Risk!
• With Optim, obfuscation cannot be reverse engineered.
• Optim ensures test data has ‘production like’ data reducing risk of failure when final rollout to production.
• Ensures relationships and data is masked consistently across all applications and environments.
• Optim is a single mature certified product can be used on all platforms and applications for both obfuscation and sub setting
• Pilot successfully completed. Optim experts onsite, vetted, and ramped up on current environment.
• Repurpose storage savings now for upcoming projects instead of purchasing more disk space
Breach Loss Cost There Is Potential Of Private Data In Global Test Environments That Increases Business Risk
90.0%Proposedimpact
datasani4za4oncanhaveonpreven4ngadisclosureevent
=
x500,000
Averagenumberofaffected
recordsinanygivendataloss
scenario
$197Thecostper
recordat99,000records
2.0%
Proposedprobabilityofdisclosureeventoccurring
$98.50MPoten4alTotal
DataLossCostsperEvent
Poten4alDataLossRiskMi4ga4onvia
Sani4za4on
Poten4alExpectedDataLossCostsperEventat
2.0%Probability
$1.97M$1.77Mannually
=
x=
Thepoten)allossesresul)ngfromabreachcanbesignificant
19
1 • Data Security Challenges in the Gaming
Industry
2 • Securing Structured and Unstructured Data
3 • Gaming Industry Case Study
4 • Summary and Q&A
5 • About ABMartin
6 • About Estuate
Discussion Topics
Summary and Q&A
• Gaming Industry companies are especially vulnerable to data breaches
• Data breaches are particularly painful and expensive to fix, and cause lasting damage to customer loyalty
• There are proven, packaged solutions to protecting sensitive data in non-production copies of gaming industry databases
• ABMartin and Estuate have partnered with IBM Optim to offer packaged data masking for structured and unstructured data for the leading gaming industry applications from:
• Bally • Infor • Agilysis
• Q&A
AboutABMar4nq Establishedin2009
q Informa,onManagementSpecialists
q SpecializinginComplexDataPrivacy,TestDataManagement,andDecommissioning
q Unstructureddatamaskingleaderq Heterogeneoussystemsexper,sespanningacrossMainframe,iSeries,Distributed,toHandheldand
Embeddedsystemsq AllrangesofDBMS:Rela,onal,ObjectOriented,Hierarchical
q Aboveandbeyondservices:toolsets,products,soTwareu,li,es
SuccessStories:DataPrivacy
q HSBCq BankOfAmericaq StandardInsuranceq HealthPartnersq OREGONstate(ODOT)q FederalDHS–VeteransAffairsq SANDSCorpora,onq CatholicHospitalsEastq AlaskaAirlinesq CSX
q DellInc.q ICBCq NewYorkStateq WellsFargoq RegionsBankq ZionBankq EntertainmentPartnersq MarriogVaca,onWorldwideq EntertainmentPartnersq StJude'sChildren'sHospital
SuccessStories:Archiving|Decommissioning
q SAPq BusinessObjectsq Kimberly-Clarkq DicksSpor,ngGoodsq Bayerq Ericssonq CanadaYellowPagesq DollarGeneralq OPERS
q SouthernCompanyq NGSMedicareq Penskeq PressGaneyq WellsFargoq Zirmedq TorranceHospitalq Nortel
About Estuate – 10 Years and Counting…
24
CustomerFocus- CustomersfromstartupstoFortune50- Highestcustomersa,sfac,onandasourceofrepeatbusiness- Outstandingvalue,notlowestprice- Trustedadvisors,beyondcontractualrela,onships
- Celebra,ng10yearsinJan,2015- SiliconvalleyHQ,officesinCanada,UK,UAEandIndia- 350+employeesworldwideandgrowingrapidly- Establishengineeringrela,onshipwithISVsandgotomarketstrategy- Referencedrivengrowth- PreferredvendorforUSgovernmentagencies
TechnologyFocus- TechnologyandApplica,onsImplementa,on- ProductEngineering- BigDataandBusinessIntelligence- Informa,onLifecycleGovernance&Security
Execu4onFocus- Emphasisonmasteryoftechnology–SMEs,state-of-the-artlabs,expertdevelopers- Productengineeringrela,onship- Personalizedresourcepooltomeeteachcustomerstyle- Can-doaYtude,obsessionwithprojectsuccess
25
Information Lifecycle Governance & Security Practice We have built a great track record of 300+ ILM client successes
SERVICES / CLIENTS
STRATEGY & ARCHITECTURE ü ü ü ü ü ü ü ü ü ü ü ü üARCHIVING ü ü ü ü ü ü ü ü ü ü ü üTEST DATA MANAGEMENT ü ü ü ü ü üDATA PRIVACY ü ü ü ü üRETIREMENT ü ü ü üFACTORY MODEL ü ü ü üCUSTOM APPLICATION ü ü ü ü üPACKAGED APPLICATION ü ü ü ü ü ü ü ü ü üDISTRIBUTED ü ü ü ü ü ü ü ü ü ü ü üMAINFRAME ü ü ü ü üSUPPORT / MAINTENANCE ü ü ü ü ü ü ü ü ü ü ü üUPGRADES ü ü ü ü ü ü ü
LargeD
efen
se
Indu
stryClient