Protecting Sensitive Personal Data in the Enterprise
0 likes681 views
Personal identifiable information (PII) data breaches have risen significantly, posing challenges for enterprises storing PII on cloud. There are five critical aspects to protecting PII data: data classification, security controls, encryption, loss prevention, and regulatory compliance. TCS recommends classifying data using tools and predefined criteria. Then applying security controls like access management and monitoring. Data should be encrypted at rest and in transit. Loss prevention controls like monitoring network traffic can prevent data leakage. Assessing regulatory risks and enforcing policies helps ensure compliance. Combining TCS and AWS security services provides a comprehensive approach to protecting sensitive user data on cloud.
Protecting Sensitive Personal Data in the Enterprise
- 1. Protecting sensitivepersonal data in the enterprise Powered by TCSAWS business unit 24 August2021 RajiKrishnamoorthy Head, AWS Security and Compliance AWS Business Unit, TCS
- 2. 2 Challenges in protecting PII data on cloud *Source: Cyware.com Nearly 80-90% of the data breaches involve personally identifiable information (PII); ransomwareattackswitnessed a rise of 57%.* Enterprises storing PII data on the cloud need to secure data at rest and in transit from intruders. They needto: • Set-upcomplex monitoringsystemsto identifyandthwart maliciousor unauthorizedaccess • Track complex and sensitive dataexchangesforsource, structure, quality,lineage andusage • Ensure compliance to global privacyregulations • Choose a combinationof native servicesand third-partytools to protect data
- 3. 3 Five critical aspects for protecting PII Data classification Leveragedata classification toolsandpre-defined criteria to categorizedata Data security controls Protectdata and infrastructurewith in-builtfraud detection controls Data encryption Cipher dataatrestandinmotion makingdata unintelligibleto eavesdroppers Data loss prevention Preventdata loss,leakageor misuseof datathrough breaches,ex-filtration transmissions andunauthorized use Regulatory compliance Equip organizationsto continueoperationsandmeet obligationsdespitedisruption In a world of ever-increasing compliance andprivacyconcerns, building PII guardrails helps enterprises uphold customertrust and adhere to regulatory standards. We recommenda five-foldapproachto build guardrails forenterprise PII data.
- 4. 4 Data classification | First step to protect PII data TCS Confidential Categorize data basedon predefined criteria to efficientlymanage and protect data Combine manual and automated techniquesto optimallyclassifydata Leverage cloud service providersto search for storage volumesand match data against pre-definedpatterns Implementthe right securitymeasures based on data sensitivityusing data classificationstools
- 5. 5 Data security controls | Using domain and configurability TCS Confidential Applythe rightidentityand access management(IAM) mechanisms to manage and log accesses across users and groups Detect unauthorizedtrafficproactively, monitor deviationinconfigurationand facilitate auditsof databases Secure cloud environmentsagainstattacks such as distributeddenial of service,prevent threats to applicationlayerand bring-in secure networksegmentation Enable layeringof multiple controlsfor securityredundancy and eliminate single pointsecurity failure
- 6. 6 Data encryption | Making PII data indecipherable TCS Confidential • Enforcesecurity measures that comply with dataprivacy laws • Prevent datafrombeing manipulated by unauthorizedusers • Protect databoth at rest and in transit • File/folder encryption • Full-disk encryption for cloud workload storagevolumes • Specialized encryption (database,email) • Cloud-nativestorageencryption • Encrypting the data before transmission; authenticatingtheendpoints;and decryptingand verifyingthe data on arrival Data at rest Data intransit
- 7. 7 Data loss prevention | Prevent PII data leakage TCS Confidential Classify PII databased on natureof business and regulatory standards Implement monitoringatthe boundary of network egress,on all internetdevices Install a data lossprevention (DLP) agent on hosts that process production data Enforce security policies rules -- based on the content and context of the data classification -- when certain types of data is accessed or leaked
- 8. 8 Regulatory compliance | Establish user trust TCS Confidential Assessthe regulatoryrisks by identifying the gaps inthe existingsecuritysetup Enforce securitypoliciesto meetthe compliance requirements Buildauto-remediationcompliance capabilities Remediate the identifiedweaknessbased on the risk assessment
- 9. 9 The combined synergy of TCS Cloud Foundation Designer and AWS Security Services TCS Confidential • PII data security design patternsfor five elements of sensitive user information • 40% reduced efforts to build security guardrails • Aligned with AWS well- architectedframework principles • Compliant with Center for Internet Security (CIS) AWS foundation benchmark • Role-based access control to workloads on AWS cloud • Advanced encryption engines • End-to-end, AI-driven data protection Amazon Macie AWS IAM AWS KMS AWS Security Hub AWS Certificate Manager (ACM) AWS CloudHSM AWS Secrets Manager AWS Shield
- 10. 10 A quick recap on protecting PII data TCS Confidential Protectingdata onAWScloudis easier witha host of security services at organization’s disposal MonitoringPII data access andstorage canbe achievedusinga combination of AWS-native security services,AI services andthird-party tools Compliance to industry standards is paramount to continue business and privacy assurance to customers Building security foundations forAWScloudis supportedby an automatedparadigm By minimizing storage anduse of PII,enterprises cansignificantly reduce the risk for data breaches andmisuse of data,andlower compliance costs.
- 11. Thank you Copyright © 2021 Tata ConsultancyServices Limited TCS Confidential Write to us @ BusinessAndTechnologyServices.Marketing@TCS.COM to know more about protectingPII data