security quick tour
TRANSCRIPT
1ActiveBase Ltd. All Rights reserved
ActiveBase Security™ Quick Tour
Learn how ActiveBase Security™ helps you implement preventive security policies to protect application users from accessing confidential information, with no modifications to application code or changes to the database.
Learn how to mask, scramble, hide, block and audit to protect data from outsourced DBA teams, developers or external QA.
Get quick compliance to PCI, HIPAA and other regulations.
2ActiveBase Ltd. All Rights reserved
$200 - Cost to company per compromised record
$6 Million - Average cost per data breach “incident”
34% of customers lost - Customers ceasing business with a
company after a single privacy breach
45% of customers lost - Customers ceasing business when
personal information is breached twice* Source: Ponemon Institute, Privacy Rights Clearinghouse
Costs incurred by data breaches are soaring
ActiveBase Ltd. All Rights reserved
USA: Gramm-Leach-Bliley Act (GLB), HIPAA, California Security Breach Notice Statute and in others states PCI Data Security Standard (section 3.3 masking and 3.4 encryption) European Union: Personal Data Protection Directive Fines and penalties focus on criminal misconduct
The Challenge: how to protect hundreds of applications and databases from business users, production support teams, DBAs, developers, offshore and outsourced teams while allowing them to do their job?
How to protect Personal Identifiable Information(PII) and keep up with increasing regulatory demands?
4
CISO Ultimate Security Weapon for protecting privacy and sensitive information
Authorized User
Dynamic Data MaskingDynamic Data Maskingapplies rules based on user contextapplies rules based on user context
Dynamic Data MaskingDynamic Data Maskingapplies rules based on user contextapplies rules based on user context
Database ContainingDatabase Containing Sensitive DataSensitive Data
Database ContainingDatabase Containing Sensitive DataSensitive Data
Value in Database
3890-6784-2945-0093
3245-9999-2456-7658
Original Values
3890-6784-2945-0093
3245-9999-2456-7658
Scrambled Values
1234-6789-1000-4422
2233-6789-3456-5555
Unauthorized User A Unauthorized User BMasked Values
xxxx-xxxx-xxxx-0093
xxxx-xxxx-xxxx-7658
Gartner defined a new category - “Dynamic Data Masking”, awarding ActiveBase the prestigious Cool Vendor award “Dynamic Data Masking” protects personal information from end-users who do not require to access it to perform their jobs. ActiveBase ensures that each user will see the data according to his or her identification, role and responsibility.
ActiveBase engulfs the true meaning of Enterprise Security Intelligence
“ActiveBase is a Pioneer in Dynamic Data Masking” Source: Gartner
Control access, audit, alert, mask/scramble or block when personal information is accessed by:
1. Business Users: Part time employees, offshore
workforce and business partners - restricting their access to
business applications, training and reporting environments
2. External Users: SQL Injection, CPU vulnerability
3. IT Users: Production support, outsourced teams,
developers and DBAs.
ActiveBase Privacy Protection solution
ActiveBase Privacy Protection solution
Control access, audit, alert, mask/scramble or block when personal information is accessed in:
1. Production environments: CRM, ERP, HR Apps, Billing,
Datawarehouses, Training, Clones and replications
2. Non-production: development, QA, UAT
3. Public & Hybrid Cloud
ActiveBase solution overview
A protective security layer around applications, packaged reports and tools Fully integrated with ActiveDirectory, application responsibilities, database rolls and IAM Applies Row, Column and cell level security Installed and configured within less than a day Detailed audit trail and real-time alerts Secures production database configurations Supports all applications, reporting and development tools running on all Oracle and SQL Server databases (all versions)
Values presented:
BL****
JO****
KI****
How does Dynamic Data Masking work?
Business Userapplication screen
DatabaseDatabaseDatabaseDatabase
Private Information stored in the database
BLAKE
JONES
KING
Values presented:
BLAKE
JONES
KING
Role-based anonymization and real-time prevention while maintaining operational efficiency across environments
Select nam
e from table1
(2)Select substring(name,1,2)||’***’ from table1
Dynamic Data Masking Dynamic Data Masking Layer applies real-time Layer applies real-time
SQL Rewrite rulesSQL Rewrite rules
Dynamic Data Masking Dynamic Data Masking Layer applies real-time Layer applies real-time
SQL Rewrite rulesSQL Rewrite rules
Application screensand tools used by Production support, DBAs, Outsourced or unauthorized workforce
(1) S
elec
t nam
e fr
om ta
ble1
Define once, apply on many-restrict access per "table” “column” or “cell” across applications and tools
ActiveBase Ltd. All Rights reservedActiveBase Ltd. All Rights reserved
ActiveBase rules enable anonymizing personal information within business application screens, shortening implementation time to DAYS!
ActiveBase rules enable anonymizing personal information within business application screens, shortening implementation time to DAYS!
ActiveBase Ltd. All Rights reservedActiveBase Ltd. All Rights reserved
ActiveBase Security anonymizes Names, account numbers and other personal information dynamically when accessed by unauthorized users, outsourced and IT personnel with no changes to databases or application source-code
ActiveBase Security anonymizes Names, account numbers and other personal information dynamically when accessed by unauthorized users, outsourced and IT personnel with no changes to databases or application source-code
ActiveBase Ltd. All Rights reservedActiveBase Ltd. All Rights reserved
Masking PII in every language
Customer name is masked from the production support team
Customer name is masked from the production support team
ActiveBase Ltd. All Rights reserved
Masking PII accessed by development and DBA tools in production and training environments
Names, credit card numbers and salary data are masked using ActiveBase Security
Names, credit card numbers and salary data are masked using ActiveBase Security
Common usages: Block or notify users before truncating tables in Prod or DML\DDL execution Block requests before they penalize production performance (e.g., full scans
or high parallel), also enabling to redirect automatically to a replication
Production control gained using ActiveBase unique Informed Block™ functionality
Clear message presented in all tools and applications (multi-language support)
15
When an unauthorized users’ access to various environments needs to be audited and
secured (consultants, contractors) – DAM and Access Control
When Different group of users need to see confidential information in different forms
(based on their access level and ActiveDirectory grouping)
When Production Data needs to be accessed from offshore or when Production
Support needs to be done internally or offshore
When un-authorized updates (inserts/ updates/ deletes) or ad-hoc queries from end
users need to be prevented
When Audit Trail for all the transactions performed on the database
(Who, When, What, From where or which application) is needed
When required to anonymize personal information in non-production environments.
ActivBase Ltd. All Rights reserved
ActiveBase Personal Information Protection examples, implemented WITHIN DAYS!
Two optional ActiveBase deployment strategies
DATABASEDATABASE
ActiveBase Process
Option 2: Dedicated ActiveBase Servers act as hubs for multiple apps
Option 1: Install on Database Server
DATABASE
DATABASE
Adds an additional security level by acting as a Database firewall on the DMZ, enabling network segmentation between users and the databases
DATABASE
DATABASE
DATABASE
DATABASE
DATABASE
DATABASE
Ac
tive
Ba
se
Business applications, reporting,development and DBA tools
DATABASEDATABASEDATABASEDATABASEDATABASEDATABASE
ActiveBase Management Console
Central ActiveBaseAudit and Reporting
database
More Secure – In other masking solutions, sensitive information leaves production into staging unmasked (takes time until masking is performed while the data is unprotected). ONLY ActiveBase automatically protects ALL environments with a click of a mouse.
Secure everywhere – Immediately applied on ALL environments, with automatic rule propagation across instances – development, staging, replications, clones and backups
Faster masking – Physical masking takes weeks to complete and then needs to be rolled out to all environments – which also takes weeks to complete. ActiveBase anonymization is completed within days!
Simpler- No need to change your existing Export and ETL processes
Comparing ActiveBase Security Maskingwith physical Masking tools
In production environments: Encryption causes all business users to suffer from performance
penalties and complexity -> just to secure several DBA’s…!?! Encryption DOES NOT solve cases when production support team
members access the application in production to solve problems!!! ActiveBase protects data from DBAs with no interferance to the
application or business users
In non-production environments: Not applicable, as application screens need to be anonymized, and
encryption DOES NOT anonymize PII in application screens
Comparing ActiveBase Security with Encryption solutions
ActiveBase delivers a new level of personal information protection across production and non-production environments
Transparency - no need for changes to production databases or applications
Integrated with ActiveDirectory, responsibilities and rolls with rule propagation between different applications and across environments
Simple GUI and predefined rule sets enable security teams to be trained within a single day (No DBA skills required)
Quick installation, unique implementation methodology and Knowledge Packs for common business applications
Enables the securing of complex business application within days
ActiveBase provides fast ROI – addressing existing and future regulatory requirements across applications and environments
Summary
> Founded in 2002 in Israel by experienced database veterans
> More than 100 man years in R&D
> More than 50 production installations worldwide
> Protected by patent USPTO 7,676,516
> First production sites early 2004
> Cool Vendor award
> SC Magazine US and Europe Awards 2011 finalist
> Among our customers:
About ActiveBase