GDPR Compliance Made Easy with Data Virtualization
3 likes894 views
The document discusses GDPR compliance through data virtualization, addressing principles, challenges, and solutions for managing personal data securely and efficiently. It highlights data virtualization's role in governance, role-based access, and real-time data availability while ensuring compliance with GDPR regulations. Additionally, a case study of Asurion demonstrates the successful implementation of these principles within their data architecture.
GDPR Compliance Made Easy with Data Virtualization
- 1. GDPR Compliance Made Easy with Data Virtualization Mark Pritchard, UK Sales Engineering Director May 2017
- 2. Agenda1.GDPR Principles 2.Challenges of Data Provisioning 3. Data Virtualization 1. Abstraction 2. Security 3. Reuse 4.Customer Case Study 5.Summary & Q&A
- 3. 1. General Data Protection Regulation Principles
- 4. 4 Wikipedia Information privacy, or data privacy (or data protection), is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them.
- 10. SECURE
- 15. 2. Challenges of Data Provisioning Governing Personal Data
- 16. 16 The Business Need Ready Access to Critical Information to Support Business Processes 16 MarketingSales ExecutiveSupport Customers Invoices Products Service Usage Access to complete information: business entities and pre-integrated views Access to related information: discovery and self service Access in real-time from different apps and devices
- 17. The Challenge 17 Governing Personal Data MarketingSales ExecutiveSupport Is the data being processed in a lawful, fair and transparent way? Is the data being collected for a specific, explicit and legitimate purpose? Is the data adequate and limited to what is necessary for processing? Is the data you are viewing accurate, up- to-date? Is the data kept in a form where subject is identifiable no longer than is necessary? Is the data processed in a manner that ensures appropriate security of data? Database Apps Warehouse Cloud Big Data Documents AppsNo SQL Multiple ungoverned and potentially unsecured copies of the data? Lineage of the data? Consistent security of the data? Data on premise and off? Data access audit? Who is replicating the data? Discovery what data is actually published to consumers? Access to most up to date data? Is data anonymised ?
- 19. 3. Data Virtualization Governing Personal Data
- 20. Data Abstraction Layer 20 The Solution Abstracts access to disparate data sources Acts as a single repository (virtual) Makes data available in real-time to consumers 20 DATA ABSTRACTION LAYER
- 21. 21 Data Abstraction Layer Logical Data Model Sources Combine, Transform & Integrate Publish Base View (Source Abstraction)Client Address Client Type Company Invoicing Service Usage Product Logs Web Incidents Customer Invoice Product Customer Invoicing Service Usage Incident Hadoop Web SiteRest Web Service Multi- dimensional SalesforceSQL Server Oracle SQL, SOAP, REST, ODATA, etc. Denodo’s Information Self Service
- 24. 24 Abstraction Lasagne Bringing Replicated Data Under Control ERP / CRM 1 Agile BI / App1 2 Data Virtualization Enterprise BI / App 3 Data Lake / Warehouse 4 4 4 ETL
- 25. “3 Steps to Data Protection Compliance” www.datavirtualizationblog.com Mark Pritchard Don’t update tomorrow what you could update today!
- 27. 27 Security in Denodo Overview Authentication • Pass-through authentication • Kerberos and Windows SSO • OAuth, SPNEGO Authentication • Standard JDBC/ODBC security • Kerberos and Windows SSO • Web Service security LDAP Active Directory Role based Authentication & Authorization Guest, employee, corporate Schema-wide Permissions Data Specific Permissions (Row, Column level, Masking) Policy Based Security Data in motion • SSL/TLS Data in motion • SSL/TLS Encrypted data at rest • Cache • Swap
- 28. Security in Denodo 28 Role-Based Granular Privileges
- 29. Security in Denodo 29 Advanced Selective Data Masking
- 30. Security in Denodo 30 Advanced Selective Data Masking
- 31. Security in Denodo 31 Partial Data Masking
- 32. 32 Custom Policy Conditions satisfied Security: applies custom security policies • If person accessing data has role of 'Supervisor' and location is 'New York', then show compensation information for employees in the New York office only. Enforcement: rejects/filters queries by specified criteria like user priority, cost, time of day etc. • If the production batch window runs from 3 am - 6 am, there is increased load on production servers at this time. So, all queries on these servers can be blocked during this time to prevent failure of a process. Data consuming users, Apps Query Accept / add filters Reject Security in Denodo Custom Policies: Interception of queries before they are executed Policy Server (e.g. Axiomatics)
- 33. 33 Security in Denodo • Audit trail of all the queries and other actions executed on the system Complete Auditability • With this information it is possible to check at any time who has accessed to which resources, what changes have been made or what queries have been executed, and when it happened • The information is stored centrally and Denodo supports SNMP, JMX and WS-Management standards
- 35. 35 Information Self Service E/R diagram 1 Click on a view to navigate to the details 2 Hover on the arrows to show the details of the PK-FK relationships
- 36. 36 Information Self Service Browse and Search Metadata Catalog 1Browse and search virtual databases 2 Browse and search available views 3 Review metadata and descriptions 4 Query the view
- 37. 37 Information Self Service Querying Data 1Access to the Denodo catalog 2 Query and filter for data 3 Click on the green arrows to drill down into related information
- 38. 38 Information Self Service Data Lineage 1 Select Data Lineage for the View 2 Select column to see lineage 3 Hover and click the icons to see details
- 39. 39 Data Virtualization Supports GDPR Adhering to GDPR principles Purpose Based Processing • Role based access ensures that views can be reused for multiple purposes. • Users and Applications can access single view but ensure that the data returned is applicable for the user/applications purpose. Consent Based Processing • Integrate real- time with consent management systems • Row level, column level policies can be applied in Denodo • Custom policies have access to context information Data Minimization • Create virtual model for data necessary for given purpose • Limit specific access of data as designed centrally in Denodo Data Anonoymization • Views can be configured in Denodo to offer anonymized reporting of data • Allow access only to aggregated data
- 40. 3. Denodo Customer Case Study
- 41. Centralizing data security with data virtualization
- 42. Asurion’s continuous innovation is helping 290M customers globally stay connected while driving loyalty to our partners’ brands • Founded in the mid 1990’s, Asurion has been serving the communications and retail industries for over 20 years • Based in Nashville, Tennessee, Asurion has over 17,000 associates worldwide • Serving more then 290 million consumers globally through our operations in 18 countries: • Asurion is privately-held with annual revenues in excess of $5.8 billion • Our management team comes from best-in-class companies with experience across mobile, wireline telecom, logistics, insurance, service contracts, consulting, customer care, marketing, retail and more • Asurion partners with the worlds leading mobile carriers, retailers cable satellite and cable providers. North America • Global Headquarters • 15 Corporate Owned Call Centers • Logistics Center South America • 2 Corporate Offices Europe • 3 Corporate Offices • 1 Corporate Owned Call Center Asia Pacific • 13 Corporate Offices • Logistics Center • 2 Corporate Owned Call Centers • Australia • Brazil • Canada • China/Hong-Kong • Colombia • England • France • Israel • Japan • Korea • Malaysia • Mexico • Philippines • Peru • Singapore • Taiwan • Thailand • United States Expanding Global Presence Corporate Overview
- 43. Asurion’s Data Architecture Started Here Identify targeted business initiatives Define Data Strategy Implement Big Data infrastructure Build analytics model Determine required insights Conduct Data scientist training & certification Security Constraints Geogr aphic Client Based PII Depart mental Constr aints
- 44. Technical Challenges Security Constraints Geographical Constraints Contractual Client Obligations PII Protection Departmental Restrictions Fast Changing Hadoop & Cloud Technologies Hive, Spark, Redshift Maintaining different code base Discover, Co-relate, Enable Predictive Analytics Text, CSV, Voice, JSON, Streaming, 3rd Party Data 60TB+ structured, 200TB+ telemetry & unstructured data
- 45. 45 On-Premise Global Device Insurance and Support Services Company DataVirtualization Abstraction/Security AWS Postgres MySQL Oracle SQL Server Customer Interactions Telemetry Legacy Migration Reporting / Analytics e.g. - Oracle BI - MSRS - SQL clients Active Directory
- 46. 46 Enterprise Architect Our Denodo rollout was one of the easiest and most successful rollouts of critical enterprise software I have seen. It was successful in handling our initial, security, use case immediately, and has since shown a strong ability to cover additional use cases, in particular acting as a Data Abstraction Layer via it's web service functionality.”
- 47. 4. Summary
- 48. 48 Summary Data Virtualization for Seamless GDPR Compliance
- 49. Q&A
- 50. 50 Further reading Seamlessly Comply with the GDPR Leverage Data Virtualization to Manage Data Access from a Single Point http://www.denodo.com/en/document/solution-brief/seamlessly-comply-gdpr Enhancing the Security of your Enterprise Data Layer http://www.datavirtualizationblog.com/enhancing-security-enterprise-data-layer/ https://community.denodo.com/ Product documentation, FAQ, tutorials
- 51. Thanks! www.denodo.com info@denodo.com © Copyright Denodo Technologies. All rights reserved Unless otherwise specified, no part of this PDF file may be reproduced or utilized in any for or by any means, electronic or mechanical, including photocopying and microfilm, without prior the written authorization from Denodo Technologies.