Thought leaders in big data ulf mattsson, cto of protegrity (part 2)
Download as DOCX, PDF0 likes262 views
This document features a conversation between Ulf Mattsson, CTO of Protegrity, and Sramana Mitra about data security compliance, with a focus on the Payment Card Industry Data Security Standard (PCI DSS). Mattsson discusses the importance of data protection solutions like tokenization and encryption for companies handling sensitive data, exemplified by a large retailer and a beauty products retailer that need to secure personal and payment information. The dialogue emphasizes the challenges and standards that businesses face in safeguarding their data.
Thought leaders in big data ulf mattsson, cto of protegrity (part 2)
- 1. Thought Leaders in Big Data: Ulf Mattsson, CTO of Protegrity (Part 2) By Sramana Mitra, One Million by One Million Blog Sramana Mitra: Let’s take maybe three customers from three different segments. Let’s double-click down on understanding how they’re using your technology. Ulf Mattsson: I would like to mention that we do provide services in the architecture and data flow, which is very important to be able to find the right solution in. Let’s take a large retailer. This is a company that needed to be compliant to the payment card industry standard. It’s a $4 billion retail company operating in more than 30 States. They need to secure sensitive data in several large databases restricting access from administrators and power users. They needed to be compliant, track, and monitor all access to the sensitive data. That’s one example. Sramana Mitra: What kind of card are we talking about? Is this credit card data of their customers? What qualifies as sensitive data that needs this ultra-secure protection? Ulf Mattsson: There’s a standard defined by credit card brands – all the large card brands. That standard is called the Payment Card Industry Data Security Standard. Usually, it’s called PCIDSS. That standard defines different areas that you need to comply with such as access control, monitoring, and logging. The most challenging area is actually how to protect that data. That is the most difficult area for many companies. The standard defines four different ways that you can use to protect the data at cell level. The most effective way proves to be data tokenization. Data tokenization is a way to replace the sensitive data with fake data. Some people look at tokens as gaming chips or casino tokens so they are no longer sensitive. You can view tokenization as bubble wrap. Like bubble wrap, you can actually see some aspects of the data, so applications can actually work on the data but they do not see the full clear text. That’s part of the standard. The standard also allows you to use encryption. The standard is encouraging tokenization because it provides separation of duties and a higher level of usefulness. If you go to a PII use case, we have a retailer that is selling beauty products. It’s a $10 billion annual sales company with 3,600 stores in the United States. They have the challenge to protect their personal data. They also need to protect payment data. They were audited by Visa at that time and had to live up to a very high level of standard. That’s a typical situation where they are also looking to protect the PII data. It goes beyond credit card data. That’s a typical trend that you see in security today. This segment is part 2 in the series : Thought Leaders in Big Data: Ulf Mattsson, CTO of Protegrity