SlideShare a Scribd company logo

Global bigdata conf_01282013

HPCC Systems, profile picture
HPCC Systems

The document discusses the challenges of security and privacy in the context of big data, defined by its dimensions of volume, velocity, variety, and complexity. It highlights the risks introduced by public clouds and distributed data stores, emphasizing the limitations of traditional security measures such as tokenization and encryption. The document advocates for comprehensive data governance and the importance of tracking data provenance while noting that access to hardware equates to access to data.

Technology
1 of 12
Downloaded 24 times
1
2
3
4
5
6
7
8
9
10
11
12
Security and Privacy in a Big Data World Dr. Flavio Villanustre, CISSP, LexisNexis Risk Solutions VP of Information Security & Lead for the HPCC Systems open source initiative 28 January 2013
But what is Big Data? • Gartner told us that it’s defined by its four dimensions: • Volume • Velocity • Variety • Complexity • Driven by the proliferation of social media, sensors, the Internet of Things and the such (a lot of the latter) • Became accessible thanks to open source distributed data intensive platforms (for example, the open source LexisNexis HPCC Systems platform and Hadoop) • Made popular by consumer oriented services such as recommendation systems and search engines 2
Big Data platforms: key design principles • Distributed local store • Move algorithm to the data – exploit locality • Many data problems are embarrassingly parallel • Leverage massive resource aggregation: • Thousands of execution cores • Hundreds of disk controllers • Hundreds of network interfaces • Terabytes of memory and massive memory bandwidth • Storage is cheap • Moving data into the system takes time (hence keep the data around, if possible) • It’s fine (and encouraged) to perform iterative exploration • In the end: It’s just and all about the data 3
A timeline of the main open source Big Data platforms LexisNexis designs the HPCC Systems Google’s platform to meet its MapReduce Paper First Hadoop These platforms gain own Big Data Needs. is Published. Summit mainstream adoption Late 90s/Early 2001 2004 2007 2008 2011 2012 2000s The first few systems are First Release of The LN HPCC Systems sold to companies and Hadoop (designed platform is officially organizations after Google’s Map released as an open Reduce ideas) source project 4
Just when we thought that we knew data security… Big Data is not your dad’s data a. More data sources (beware! data + data > 2 * information) b. Boiling the ocean is at the reach of your hand c. Public clouds offer scalability but introduce risks d. Distributed data stores can blur boundaries e. Leveraging diverse skills implies more people accessing the data Old tricks may not work a. Tokenization only goes so far b. Encryption at rest just protects against misplaced hardware c. Tracking data provenance is hard d. Enforcing data access controls can quickly get unwieldy e. Conveying policy information across multiple systems is hard 5
The ever present challenges • Security • Keeping the bad guys out • Making sure the good guys are good and stay good • Preventing mistakes • Disposing of unnecessary/expired data • Enforcing “least privilege” and “need to know” basis • Privacy • Statistics safer than aggregates • Aggregates safer than tokenized samples • Tokenized samples safer than individuals • Don’t underestimate the power of de-anonymization • Mistakes in privacy are irreversible • Security <> Privacy 6
Be wary of “tokenization in a box” • Tokenized dataset * Tokenized dataset ~= identifiable data • The problem of eliminating inference is NP-complete • Several examples in the last decade: • The “Netflix case” • The “Hospital discharge data case” • The “AOL case” 7
Common sense to the rescue • Track data provenance, permissible use and expiration through metadata (data labels and RCM) • Enforce fine granular access controls through code/data encapsulation (data access wrappers) • Utilize homogeneous platforms that allow for end-to-end policy preservation and enforcement • Deploy (and properly configure) Network and host based Data Loss Prevention • A comprehensive data governance process is king • Use proven controls (Homomorphic encryption and PIR are, so far, only theoretical concepts) 8
And always keep in mind that… • Access to the hardware ~= Access to the data • Encryption at rest only mitigates the risk for the isolated hard drive, but NOT if the decryption key goes with it • Compromise of a running system is NOT mitigated by encryption of data at rest • Virtualization may increase efficiency, but… • In virtual environments, s/he who has access to your VMM/Hypervisor, also has access to your data • Cross-VM side-channel attacks are not just theoretical 9
Remember • Data exhibits its own form of quantum entanglement: once a copy is compromised, all other copies instantly are • The closer to the source the [filtering, grouping, tokenization] is applied, the lower the risk • YCLWYDH! You can’t lose what you don’t have (data destruction) 10
Useful Links  LexisNexis Risk Solutions: http://lexisnexis.com/risk  LexisNexis Open Source HPCC Systems Platform: http://hpccsystems.com  Cross-VM side-channel attacks: http://blog.cryptographyengineering.com/2012/10/attack-of-week-cross- vm-timing-attacks.html  K-Anonymity: a model for protecting privacy: http://dataprivacylab.org/dataprivacy/projects/kanonymity/kanonymity.p df  Robust de-anonymization of Large Sparse Datasets (the Netflix case): http://www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf  Broken Promises of Privacy: Responding to the surprising failure of anonymization: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1450006  Tamper detection and Relationship Context Metadata: http://blogs.gartner.com/ian-glazer/2011/08/19/follow-up-from-catalyst- 2011-tamper-detection-and-relationship-context-metadata/ The HPCC Systems Platform 11
Questions? Email: info@hpccsystems.com The HPCC Systems Platform 12

More Related Content

PPTX
Security issues associated with big data in cloud
sornalathaNatarajan
 
PDF
IRJET- Distributed Decentralized Data Storage using IPFS
IRJET Journal
 
PDF
Clouds, Clusters, and Containers: Tools for responsible, collaborative computing
Matthew Vaughn
 
PPTX
Decentralized Cloud Storage-Storjio
Alireza Nouri
 
PDF
Doc A hybrid cloud approach for secure authorized deduplication
Shakas Technologie
 
PDF
Cloud Computing Forensic Science
David Sweigert
 
PPT
Unit 3 -Data storage and cloud computing
MonishaNehkal
 
DOCX
A Hybrid Cloud Approach for Secure Authorized Deduplication
SWAMI06
 
Security issues associated with big data in cloud
sornalathaNatarajan
 
IRJET- Distributed Decentralized Data Storage using IPFS
IRJET Journal
 
Clouds, Clusters, and Containers: Tools for responsible, collaborative computing
Matthew Vaughn
 
Decentralized Cloud Storage-Storjio
Alireza Nouri
 
Doc A hybrid cloud approach for secure authorized deduplication
Shakas Technologie
 
Cloud Computing Forensic Science
David Sweigert
 
Unit 3 -Data storage and cloud computing
MonishaNehkal
 
A Hybrid Cloud Approach for Secure Authorized Deduplication
SWAMI06
 

What's hot (20)

DOCX
a hybrid cloud approach for secure authorized reduplications
swathi78
 
PDF
A Study of Data Storage Security Issues in Cloud Computing
vivatechijri
 
DOCX
Hybrid Cloud Approach for Secure Authorized Deduplication
Prem Rao
 
PDF
How One to One Sharing Enforces Secure Collaboration - xonom
Laurent Henocque
 
PDF
11.cyber forensics in cloud computing
Alexander Decker
 
PPTX
Research Data (and Software) Management at Imperial: (Everything you need to ...
Sarah Anna Stewart
 
PDF
Oruta privacy preserving public auditing
shakas007
 
PPTX
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Mahmuda Rahman
 
PDF
DDS-to-JSON and DDS Real-time Data Storage with MongoDB
Abdullah Ozturk
 
PPTX
Hadoop and Big Data Security
Chicago Hadoop Users Group
 
PPTX
Thoughts on Cybersecurity
Frank Wuerthwein
 
PDF
The “obsession” with checksums by Helen Hockx-Yu
CLOCKSS
 
PDF
Reactive Systems with Data Distribution Service (DDS)
Abdullah Ozturk
 
PDF
A Hybrid Cloud Approach for Secure Authorized De-Duplication
Editor IJMTER
 
PDF
Improved deduplication with keys and chunks in HDFS storage providers
IRJET Journal
 
PDF
C017421624
IOSR Journals
 
PPSX
Secure and Privacy-Preserving Big-Data Processing
Shantanu Sharma
 
PPTX
Paul Stokes (Jisc) - A provocation about preservation
CLOCKSS
 
PDF
Encryption based multi user manner secured data sharing and storing in cloud
prjpublications
 
PDF
Cloud Computing Using Encryption and Intrusion Detection
ijsrd.com
 
a hybrid cloud approach for secure authorized reduplications
swathi78
 
A Study of Data Storage Security Issues in Cloud Computing
vivatechijri
 
Hybrid Cloud Approach for Secure Authorized Deduplication
Prem Rao
 
How One to One Sharing Enforces Secure Collaboration - xonom
Laurent Henocque
 
11.cyber forensics in cloud computing
Alexander Decker
 
Research Data (and Software) Management at Imperial: (Everything you need to ...
Sarah Anna Stewart
 
Oruta privacy preserving public auditing
shakas007
 
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Mahmuda Rahman
 
DDS-to-JSON and DDS Real-time Data Storage with MongoDB
Abdullah Ozturk
 
Hadoop and Big Data Security
Chicago Hadoop Users Group
 
Thoughts on Cybersecurity
Frank Wuerthwein
 
The “obsession” with checksums by Helen Hockx-Yu
CLOCKSS
 
Reactive Systems with Data Distribution Service (DDS)
Abdullah Ozturk
 
A Hybrid Cloud Approach for Secure Authorized De-Duplication
Editor IJMTER
 
Improved deduplication with keys and chunks in HDFS storage providers
IRJET Journal
 
C017421624
IOSR Journals
 
Secure and Privacy-Preserving Big-Data Processing
Shantanu Sharma
 
Paul Stokes (Jisc) - A provocation about preservation
CLOCKSS
 
Encryption based multi user manner secured data sharing and storing in cloud
prjpublications
 
Cloud Computing Using Encryption and Intrusion Detection
ijsrd.com
 
Ad

Viewers also liked (20)

PDF
IBM's four key steps to security and privacy for big data
IBM Analytics
 
PPTX
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
kevintsmith
 
PDF
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis
 
PPT
Information security in big data -privacy and data mining
harithavijay94
 
PPTX
Time Of Courage
Victorias Church
 
PDF
Cyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cybera Inc.
 
PDF
走出IT人才荒 研討會
Charles Mok
 
PPT
Data Privacy &amp; Security Update 2012
Jason Haislmaier
 
PDF
Privacy and Big Data Overload!
SparkPost
 
PDF
Privacy preserving detection of sensitive data exposure
redpel dot com
 
PPTX
The Impact of Cloud: Cloud Computing Security and Privacy
Charles Mok
 
PPTX
Big Data Day LA 2016/ NoSQL track - Privacy vs. Security in a Big Data World,...
Data Con LA
 
PDF
Literature Review: The Role of Signal Processing in Meeting Privacy Challenge...
Kato Mivule
 
PPTX
Information Security in Big Data : Privacy and Data Mining
wanani181
 
PPTX
Big data
Harsh Kishore Mishra
 
PPTX
Big Data and Security - Where are we now? (2015)
Peter Wood
 
PPTX
Paper presentation held at national seminar
Krishna Kumar
 
PPTX
Big data security
Joey Echeverria
 
PPTX
Conference Powerpoint Presentations
apdh1312
 
PDF
The Security and Privacy Threats to Cloud Computing
Ankit Singh
 
IBM's four key steps to security and privacy for big data
IBM Analytics
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
kevintsmith
 
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis
 
Information security in big data -privacy and data mining
harithavijay94
 
Time Of Courage
Victorias Church
 
Cyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cybera Inc.
 
走出IT人才荒 研討會
Charles Mok
 
Data Privacy &amp; Security Update 2012
Jason Haislmaier
 
Privacy and Big Data Overload!
SparkPost
 
Privacy preserving detection of sensitive data exposure
redpel dot com
 
The Impact of Cloud: Cloud Computing Security and Privacy
Charles Mok
 
Big Data Day LA 2016/ NoSQL track - Privacy vs. Security in a Big Data World,...
Data Con LA
 
Literature Review: The Role of Signal Processing in Meeting Privacy Challenge...
Kato Mivule
 
Information Security in Big Data : Privacy and Data Mining
wanani181
 
Big data
Harsh Kishore Mishra
 
Big Data and Security - Where are we now? (2015)
Peter Wood
 
Paper presentation held at national seminar
Krishna Kumar
 
Big data security
Joey Echeverria
 
Conference Powerpoint Presentations
apdh1312
 
The Security and Privacy Threats to Cloud Computing
Ankit Singh
 
Ad

Similar to Global bigdata conf_01282013 (20)

PDF
Data Analytics Governance and Ethics
HPCC Systems
 
PPTX
2015 04 bio it world
Chris Dwan
 
PDF
The Internet-of-things: Architecting for the deluge of data
bcantrill
 
PDF
DevOps for Data Engineers - Automate Your Data Science Pipeline with Ansible,...
Mihai Criveti
 
PDF
Big Data Fabric: A Necessity For Any Successful Big Data Initiative
Denodo
 
PDF
Cloud - Security - Big Data
Raffael Marty
 
PPTX
Introduction to Cloud computing and Big Data-Hadoop
Nagarjuna D.N
 
PDF
Kave Salamatian, Universite de Savoie and Eiko Yoneki, University of Cambridg...
i_scienceEU
 
PDF
BIG DATA
Dr. Shashank Shetty
 
PPTX
Big data and hadoop
Mohit Tare
 
PPT
Toward a Mobile Data Commons
kingsBSD
 
PPT
Peer-to-peer Systems.ppt
Ashok Chandrasekaran
 
PDF
Big data and cloud computing 9 sep-2017
Dr. Anita Goel
 
ODP
Liberate Your Files with a Private Cloud Storage Solution powered by Open Source
Isaac Christoffersen
 
PDF
From Single Purpose to Multi Purpose Data Lakes - Broadening End Users
Denodo
 
PPTX
The How and Why of Container Vulnerability Management
Tim Mackey
 
PPTX
The How and Why of Container Vulnerability Management
Black Duck by Synopsys
 
PDF
110307 cloud security requirements gourley
GovCloud Network
 
PDF
Logical Data Lakes: From Single Purpose to Multipurpose Data Lakes (APAC)
Denodo
 
PDF
Big Data
Putchong Uthayopas
 
Data Analytics Governance and Ethics
HPCC Systems
 
2015 04 bio it world
Chris Dwan
 
The Internet-of-things: Architecting for the deluge of data
bcantrill
 
DevOps for Data Engineers - Automate Your Data Science Pipeline with Ansible,...
Mihai Criveti
 
Big Data Fabric: A Necessity For Any Successful Big Data Initiative
Denodo
 
Cloud - Security - Big Data
Raffael Marty
 
Introduction to Cloud computing and Big Data-Hadoop
Nagarjuna D.N
 
Kave Salamatian, Universite de Savoie and Eiko Yoneki, University of Cambridg...
i_scienceEU
 
BIG DATA
Dr. Shashank Shetty
 
Big data and hadoop
Mohit Tare
 
Toward a Mobile Data Commons
kingsBSD
 
Peer-to-peer Systems.ppt
Ashok Chandrasekaran
 
Big data and cloud computing 9 sep-2017
Dr. Anita Goel
 
Liberate Your Files with a Private Cloud Storage Solution powered by Open Source
Isaac Christoffersen
 
From Single Purpose to Multi Purpose Data Lakes - Broadening End Users
Denodo
 
The How and Why of Container Vulnerability Management
Tim Mackey
 
The How and Why of Container Vulnerability Management
Black Duck by Synopsys
 
110307 cloud security requirements gourley
GovCloud Network
 
Logical Data Lakes: From Single Purpose to Multipurpose Data Lakes (APAC)
Denodo
 
Big Data
Putchong Uthayopas
 

More from HPCC Systems (20)

PPTX
Natural Language to SQL Query conversion using Machine Learning Techniques on...
HPCC Systems
 
PPT
Improving Efficiency of Machine Learning Algorithms using HPCC Systems
HPCC Systems
 
PPTX
Towards Trustable AI for Complex Systems
HPCC Systems
 
PPTX
Welcome
HPCC Systems
 
PPTX
Closing / Adjourn
HPCC Systems
 
PPTX
Community Website: Virtual Ribbon Cutting
HPCC Systems
 
PPTX
Path to 8.0
HPCC Systems
 
PPTX
Release Cycle Changes
HPCC Systems
 
PPTX
Geohashing with Uber’s H3 Geospatial Index
HPCC Systems
 
PPTX
Advancements in HPCC Systems Machine Learning
HPCC Systems
 
PPTX
Docker Support
HPCC Systems
 
PPTX
Expanding HPCC Systems Deep Neural Network Capabilities
HPCC Systems
 
PPTX
Leveraging Intra-Node Parallelization in HPCC Systems
HPCC Systems
 
PPTX
DataPatterns - Profiling in ECL Watch
HPCC Systems
 
PPTX
Leveraging the Spark-HPCC Ecosystem
HPCC Systems
 
PPTX
Work Unit Analysis Tool
HPCC Systems
 
PPTX
Community Award Ceremony
HPCC Systems
 
PPTX
Dapper Tool - A Bundle to Make your ECL Neater
HPCC Systems
 
PPTX
A Success Story of Challenging the Status Quo: Gadget Girls and the Inclusion...
HPCC Systems
 
PPTX
Beyond the Spectrum – Creating an Environment of Diversity and Empowerment wi...
HPCC Systems
 
Natural Language to SQL Query conversion using Machine Learning Techniques on...
HPCC Systems
 
Improving Efficiency of Machine Learning Algorithms using HPCC Systems
HPCC Systems
 
Towards Trustable AI for Complex Systems
HPCC Systems
 
Welcome
HPCC Systems
 
Closing / Adjourn
HPCC Systems
 
Community Website: Virtual Ribbon Cutting
HPCC Systems
 
Path to 8.0
HPCC Systems
 
Release Cycle Changes
HPCC Systems
 
Geohashing with Uber’s H3 Geospatial Index
HPCC Systems
 
Advancements in HPCC Systems Machine Learning
HPCC Systems
 
Docker Support
HPCC Systems
 
Expanding HPCC Systems Deep Neural Network Capabilities
HPCC Systems
 
Leveraging Intra-Node Parallelization in HPCC Systems
HPCC Systems
 
DataPatterns - Profiling in ECL Watch
HPCC Systems
 
Leveraging the Spark-HPCC Ecosystem
HPCC Systems
 
Work Unit Analysis Tool
HPCC Systems
 
Community Award Ceremony
HPCC Systems
 
Dapper Tool - A Bundle to Make your ECL Neater
HPCC Systems
 
A Success Story of Challenging the Status Quo: Gadget Girls and the Inclusion...
HPCC Systems
 
Beyond the Spectrum – Creating an Environment of Diversity and Empowerment wi...
HPCC Systems
 

Recently uploaded (20)

PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Teaching material agriculture food technology
LiaRayya
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
A Presentation on Artificial Intelligence
memembruh336
 
Approach and Philosophy of On baking technology
30anthuong17
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 

Global bigdata conf_01282013

  • 1. Security and Privacy in a Big Data World Dr. Flavio Villanustre, CISSP, LexisNexis Risk Solutions VP of Information Security & Lead for the HPCC Systems open source initiative 28 January 2013
  • 2. But what is Big Data? • Gartner told us that it’s defined by its four dimensions: • Volume • Velocity • Variety • Complexity • Driven by the proliferation of social media, sensors, the Internet of Things and the such (a lot of the latter) • Became accessible thanks to open source distributed data intensive platforms (for example, the open source LexisNexis HPCC Systems platform and Hadoop) • Made popular by consumer oriented services such as recommendation systems and search engines 2
  • 3. Big Data platforms: key design principles • Distributed local store • Move algorithm to the data – exploit locality • Many data problems are embarrassingly parallel • Leverage massive resource aggregation: • Thousands of execution cores • Hundreds of disk controllers • Hundreds of network interfaces • Terabytes of memory and massive memory bandwidth • Storage is cheap • Moving data into the system takes time (hence keep the data around, if possible) • It’s fine (and encouraged) to perform iterative exploration • In the end: It’s just and all about the data 3
  • 4. A timeline of the main open source Big Data platforms LexisNexis designs the HPCC Systems Google’s platform to meet its MapReduce Paper First Hadoop These platforms gain own Big Data Needs. is Published. Summit mainstream adoption Late 90s/Early 2001 2004 2007 2008 2011 2012 2000s The first few systems are First Release of The LN HPCC Systems sold to companies and Hadoop (designed platform is officially organizations after Google’s Map released as an open Reduce ideas) source project 4
  • 5. Just when we thought that we knew data security… Big Data is not your dad’s data a. More data sources (beware! data + data > 2 * information) b. Boiling the ocean is at the reach of your hand c. Public clouds offer scalability but introduce risks d. Distributed data stores can blur boundaries e. Leveraging diverse skills implies more people accessing the data Old tricks may not work a. Tokenization only goes so far b. Encryption at rest just protects against misplaced hardware c. Tracking data provenance is hard d. Enforcing data access controls can quickly get unwieldy e. Conveying policy information across multiple systems is hard 5
  • 6. The ever present challenges • Security • Keeping the bad guys out • Making sure the good guys are good and stay good • Preventing mistakes • Disposing of unnecessary/expired data • Enforcing “least privilege” and “need to know” basis • Privacy • Statistics safer than aggregates • Aggregates safer than tokenized samples • Tokenized samples safer than individuals • Don’t underestimate the power of de-anonymization • Mistakes in privacy are irreversible • Security <> Privacy 6
  • 7. Be wary of “tokenization in a box” • Tokenized dataset * Tokenized dataset ~= identifiable data • The problem of eliminating inference is NP-complete • Several examples in the last decade: • The “Netflix case” • The “Hospital discharge data case” • The “AOL case” 7
  • 8. Common sense to the rescue • Track data provenance, permissible use and expiration through metadata (data labels and RCM) • Enforce fine granular access controls through code/data encapsulation (data access wrappers) • Utilize homogeneous platforms that allow for end-to-end policy preservation and enforcement • Deploy (and properly configure) Network and host based Data Loss Prevention • A comprehensive data governance process is king • Use proven controls (Homomorphic encryption and PIR are, so far, only theoretical concepts) 8
  • 9. And always keep in mind that… • Access to the hardware ~= Access to the data • Encryption at rest only mitigates the risk for the isolated hard drive, but NOT if the decryption key goes with it • Compromise of a running system is NOT mitigated by encryption of data at rest • Virtualization may increase efficiency, but… • In virtual environments, s/he who has access to your VMM/Hypervisor, also has access to your data • Cross-VM side-channel attacks are not just theoretical 9
  • 10. Remember • Data exhibits its own form of quantum entanglement: once a copy is compromised, all other copies instantly are • The closer to the source the [filtering, grouping, tokenization] is applied, the lower the risk • YCLWYDH! You can’t lose what you don’t have (data destruction) 10
  • 11. Useful Links  LexisNexis Risk Solutions: http://lexisnexis.com/risk  LexisNexis Open Source HPCC Systems Platform: http://hpccsystems.com  Cross-VM side-channel attacks: http://blog.cryptographyengineering.com/2012/10/attack-of-week-cross- vm-timing-attacks.html  K-Anonymity: a model for protecting privacy: http://dataprivacylab.org/dataprivacy/projects/kanonymity/kanonymity.p df  Robust de-anonymization of Large Sparse Datasets (the Netflix case): http://www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf  Broken Promises of Privacy: Responding to the surprising failure of anonymization: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1450006  Tamper detection and Relationship Context Metadata: http://blogs.gartner.com/ian-glazer/2011/08/19/follow-up-from-catalyst- 2011-tamper-detection-and-relationship-context-metadata/ The HPCC Systems Platform 11
  • 12. Questions? Email: info@hpccsystems.com The HPCC Systems Platform 12