Date post: | 31-May-2015 |
Category: |
Documents |
Upload: | hossam-hassanien |
View: | 611 times |
Download: | 0 times |
Business Intelligence in Cloud Computing:
A Tokenization ApproachMaster’s Defense
Conducted by:Eng.Hossam El-Din Hassanien
Supervised by:Prof. Dr. Ahmed Elragal
Introduction Business Intelligence
◦ Technological Approaches◦ Issues & Challenges
Cloud Computing◦ Technological Approaches◦ Issues & Challenges
Tokenization Security◦ Technological Approaches◦ Benefits & Contribution
The framework◦ Architecture & Components◦ Cryptography◦ Results
Conclusion & Future work
Agenda
December, 27th 2011 2By: Hossam El-Din Hassanien
Introduction Business Intelligence
◦ Technological Approaches◦ Issues & Challenges
Cloud Computing◦ Technological Approaches◦ Issues & Challenges
Tokenization Security◦ Technological Approaches◦ Benefits & Contribution
The framework◦ Architecture & Components◦ Cryptography◦ Results
Conclusion & Future work
December, 27th 2011 3By: Hossam El-Din Hassanien
Introduction
December, 27th 2011
•Advanced Multi-Dimensional Analytics•Efficient and Accurate Enterprise Performance Management
Decision Support
•Leveraging sophisticated Business Computing solutions for SMEs
•TCO (Total Cost of Ownership) reduction/management expanding organizational ROI (Return on Investment)
Cap-Ex to Op-Ex Transformation
•Advanced Cryptography mechanisms•Untraceable ciphers omitting reverse engineering to plain texts
Secure Data Perimeters B
usin
ess-I
nte
llig
en
ce
Solu
tion
4By: Hossam El-Din Hassanien
Introduction Business Intelligence
◦ Technological Approaches◦ Issues & Challenges
Cloud Computing◦ Technological Approaches◦ Issues & Challenges
Tokenization Security◦ Technological Approaches◦ Benefits & Contribution
The framework◦ Architecture & Components◦ Cryptography◦ Results
Conclusion & Future work
December, 27th 2011 5By: Hossam El-Din Hassanien
Term Formulated by Howard Dressner, Vice President and Research Fellow in Gartner research during the1980’s.
Initially known as DSS (Decision Support System).
Refers to Computer based methodologies and techniques used to identify, extract and analyze crucial historical, current and predictive business data through employing advanced technological tools serving enhanced decision making.
December, 27th 2011
Business Intelligence
Act
MeasureAnalyze
Plan
Transactions
Extract, Transform and Load
Data Warehouse
Business Modeling
Reporting and
Analysis
Decision Making and
Planning
6By: Hossam El-Din Hassanien
“Getting data in, Getting information out.”◦ Data Warehousing:
Schema structures Star Snowflake
OLAP data stores Transforming transactional data
processing to analytical data processing.
◦ Tactical and Strategic Analytics Dashboards and Scorecards Multi-dimension analysis Cross functional
comparisons Trend analysis
December, 27th 2011
Technological approaches
Data Warehousing Architectures
OLAP cubes
Dashboards and Scorecards
7By: Hossam El-Din Hassanien
Requires massive amounts resources.◦ Network◦ Storage◦ Processing Power◦ Advanced technological tools
Requires extreme secure perimeter ◦ Protecting the tactical and strategic
confidential data Financial Inter-departmental Etc.
Limitations in a nutshell◦ Elevated Security requirements◦ Increasing TCO and ROI reduction
December, 27th 2011
Issues & Challenges
Photo taken during World War II.“If you talk too much, this man may die.”
8By: Hossam El-Din Hassanien
Introduction Business Intelligence
◦ Technological Approaches◦ Issues & Challenges
Cloud Computing◦ Technological Approaches◦ Issues & Challenges
Tokenization Security◦ Technological Approaches◦ Benefits & Contribution
The framework◦ Architecture & Components◦ Cryptography◦ Results
Conclusion & Future work
December, 27th 2011 9By: Hossam El-Din Hassanien
“Among the top 3 technology trends to impact IT Infrastructure, top 10 to impact Business Development”. Gartner Inc.
Is the new utility model of IT services delivery on a “Pay-per-Use” schemes, through deploying scalable virtualized resources that are allocated on a user choice of combinations of types and models.
December, 27th 2011
Cloud Computing
10By: Hossam El-Din Hassanien
Cloud Computing Types:
◦ SaaS (Software-as-a-Service) Defines the utility services and
user control provided by the SP (Service Provider) over the application level.
◦ PaaS (Platform-as-a-Service) Defines the utility services and
user control provided by the SP over the application as well as the platform level.
◦ IaaS (Infrastructure-as-as-Service) Defines the utility services and
user control provided by the SP over the application ,the platform level. and Infrastructure level.
December, 27th 2011
Technological approachesCloud Computing Types
11By: Hossam El-Din Hassanien
Cloud Computing Models:◦ Public Cloud
Virtualized to be shared and used by the public with no segregations done by SPs over user classifications.
Widely adopted Least Expensive Usually poses security
constraints
◦ Private Cloud Virtual remote privately
dedicated and leased to the users.
Adopted by enterprises interested in full resource outsourcing and highest security measures.
Comparatively expensive. Security constrained by SP
defense mechanisms.
December, 27th 2011
Technological approaches (Contd.)Cloud Computing Models
◦ Community Cloud Virtualized to be shared and
used by the public with access to several communityy groups.
Adopted by community groups.
Security constrained only by adversarial frequencies within the community.
◦ Hybrid Cloud Combines outsourcing virtual
resources with on-premise resource hosting.
Usually adopted by stakeholders seeking expanding present infrastructures,
Security constraints complemented by merging SP enforced rules and stakeholders measures.
12By: Hossam El-Din Hassanien
Security , privacy and trust.◦ Third party control over production resources.◦ Hosting confidential data, posing leakage threats.
Currently based on Open-Standards◦ Ad-hoc standards as the only real standards.
Customized SLAs between customers and SPs.
Data lock-in◦ Probable inabilities towards completely relinquishing outsized restricted
organizational data.
Random instance placement◦ Multi-tenancy over the different types and models of CC.
December, 27th 2011
Issues & Challenges
13By: Hossam El-Din Hassanien
Introduction Business Intelligence
◦ Technological Approaches◦ Issues & Challenges
Cloud Computing◦ Technological Approaches◦ Issues & Challenges
Tokenization Security◦ Technological Approaches◦ Benefits & Contribution
The framework◦ Architecture & Components◦ Cryptography◦ Results
Conclusion & Future work
December, 27th 2011 14By: Hossam El-Din Hassanien
Payment Card Industry-Data Security Standard(PCI-DSS).
Emerged through research and developments done by Payment Card Industry- Security Standards Council (PCI-SSC).
Originally adopted to elevate security measures in PCI.
Token Servers originates surrogate values called tokens, replacing sensitive data in applications and databases. These tokens are stored in Central Data Vaults that is unlocked only by proper authorization credentials.
December, 27th 2011
Tokenization Security
15By: Hossam El-Din Hassanien
tokenization-edits8.swf
Easier to manage and more secure.◦ Reducing points of crucial data is stored to
only CDVs, hence less exposure.◦ Consolidating and centralizing security
systems to be audited.
Eliminates impedance introduced by inconsistencies aroused from random encryption.◦ Records created only once in CDV (Reducing
storage space).◦ DW sensitive encrypted data values used in
referential integral analytics queries are consistent.
Reverse-Engineering Omission:◦ Eliminates mathematical relations
between plain-texts and cipher-texts.
December, 27th 2011
Benefits & Contribution
16By: Hossam El-Din Hassanien
Simpler to
Implement
Simpler to
Audit
Simpler to
Manage
Absolutely
Secure
Introduction Business Intelligence
◦ Technological Approaches◦ Issues & Challenges
Cloud Computing◦ Technological Approaches◦ Issues & Challenges
Tokenization Security◦ Technological Approaches◦ Benefits & Contribution
The framework◦ Architecture & Components◦ Cryptography◦ Results
Conclusion & Future work
December, 27th 2011 17By: Hossam El-Din Hassanien
December, 27th 2011
The Framework
18By: Hossam El-Din Hassanien
Bu
sin
ess-I
nte
llig
en
ce
Solu
tion
Decision
Support
•Advanced Multi-Dimensional Analytics•Efficient and Accurate Enterprise Performance Management
Cap-Ex to Op-Ex Transformation
•Leveraging sophisticated Business Computing solutions for SMEs •Cost reduction/management expanding organizational ROI
Secure Data
Perimeters
•Advanced Cryptography mechanisms•Untraceable ciphers omitting reverse engineering to plain texts
Business
Intelligence/ Data
Warehouse
Hybrid Cloud Computing
Model
Tokenization Data
Security
Virtual CC resources:◦ BI/Reporting Server.◦ Data Warehouse back-end (Tokenized).◦ Extraction, Transform and Load Server.
On-premise/Private-Cloud resources:◦ Virtual Private Cloud (VPC) interlink.◦ Tokenization Server
Tokenization Data Vault. Algorithmic packages and functions orchestrating/maintaining tokens:
Fine Grained Audit conditional policies (DBMS_FGA) over DB DML operations.
maintain_Tokenization_lookup_algorithm. substitute_values_Actual_to_Token. Supervisory global_Algorithm.
December, 27th 2011
Components & Architecture
19By: Hossam El-Din Hassanien
Tokenization Server
BI/Reporting Server
ETL Server and Data-Warehouse
December, 27th 2011
Components & Architecture (Contd.)
20By: Hossam El-Din Hassanien
Disparate source systems Present inside or outside Cloud networks
Actual Sensitive Data Flow:
Logical Sensitive Data Flow:
Legend:
Tokenization Server
Tokenization Sever present on-premise or inside a Private Cloud
Network
BI/DWH components hosted inside a Cloud (Public, Private Etc.)
ETL Server and Data-Warehouse
BI/Reporting Server
December, 27th 2011By: Hossam El-Din Hassanien 21
•Algorithm maintain_Tokenization_lookup_algorithm:
maintain_Tokenization_lookup_algorithm(SET unique_Token = 0; GET <sensitive_Data_column_name>;GET <sensitive_Data_table_name>; CURSOR sensitive_Data_Cursor IS SELECT <sensitive_Data_Column_Name> FROM <sensitive_Data_Table_Name>; FOR I = 0 TO sensitive_Data_Cursor.length ( IF SELECT COUNT(token) FROM tokenization_lookup_table = 0 ; THEN INSERT INTO tokenization_lookup_table (token, corresponding_Sensitive_Data) VALUES (unique_Token, sensitive_Data_Cursor.current_Actual_Data); unique_Token ++;
ELSE SELECT <sensitive_Data_Column_Name>_Token
FROM tokenization_lookup_table WHERE ROWID=(SELECT MAX(ROWID) FROM tokenization_lookup_table); IF sensitive_Data_Cursor.current_Actual_Data exists in tokenization lookup table; THEN END; ELSEINSERT INTO tokenization_lookup_table (token, corresponding_Sensitive_Data) VALUES (unique_Token, sensitive_Data_Cursor.current_Actual_Data); unique_Token ++; ENDIF;
I ++; ) End LOOP;) End maintain_Tokenization_lookup_algorithm;;
Cryptography Customized Token generation.
1. maintain_Tokenization_lookup_algorithm2. substitute_values_Actual_to_Token
Global algorithm:
December, 27th 2011By: Hossam El-Din Hassanien 22
Cryptography
•Algorithm substitute_values_Actual_to_Token:
substitute_values_Actual_to_Token( GET <sensitive_Data_column_name>;GET <sensitive_Data_table_name>; CURSOR sensitive_Data_Cursor IS SELECT <sensitive_Data_Column_Name> FROM <sensitive_Data_Table_Name>; FOR I = 0 TO sensitive_Data_Cursor.length ( Token_Value = SELECT token FROM tokenization_lookup_table WHERE sensitive_Data_Cursor. current_sensitive_Data = tokenization_lookup_table. current_Corresponding_Sensitive_Data; INSERT INTO <actual_table_name> (<actual_column_name>_token) VALUES (Token_Value); DELETE <actual_table_name>.<actual_column_name> WHERE <actual_table_name>.<actual_column_name>_token = tokenization_lookup_table.token; ) End LOOP;) End substitute_values_Actual_to_Token;
Customized Token generation.1. maintain_Tokenization_lookup_algorithm2. substitute_values_Actual_to_Token
Global algorithm:
Customized Token generation.◦ maintain_Tokenization_lookup_algorithm
◦ substitute_values_Actual_to_Token
Global algorithm:
December, 27th 2011
Cryptography
23By: Hossam El-Din Hassanien
December, 27th 2011
Results
24By: Hossam El-Din Hassanien
Decision
Support
•Advanced Multi-Dimensional Analytics•Efficient and Accurate Enterprise Performance Management
Cap-Ex to Op-Ex Transformation
•Leveraging sophisticated Business Computing solutions for SMEs •Cost reduction/management expanding organizational ROI
Secure Data
Perimeters
•Advanced Cryptography mechanisms•Untraceable ciphers omitting reverse engineering to plain texts
Business
Intelligence/ Data
Warehouse
Hybrid Cloud Computing
Model
Tokenization Data
Security
Introduction Business Intelligence
◦ Technological Approaches◦ Issues & Challenges
Cloud Computing◦ Technological Approaches◦ Issues & Challenges
Tokenization Security◦ Technological Approaches◦ Benefits & Contribution
The framework◦ Architecture & Components◦ Cryptography◦ Results
Conclusion & Future work
December, 27th 2011 25By: Hossam El-Din Hassanien
December, 27th 2011
Conclusion & Future work
26By: Hossam El-Din Hassanien
Conclusion◦ BI is important for organizations.
Performance analysis. Fact based decision making.
◦ Cloud Computing extensively addresses expense issues with large scale implementations. CapEx to OpEx. Undermined resources.
◦ Non-convenitional data security approaches imperative combining BI with CC. Simplified Infrastructure management, Data audit, Implementations. Elevated levels of data security.
◦ Almost all the current applications does not support Tokenization Data Security.
Future work◦ Driving motivations for vendors to support out-of-the-box Tokenization Data
Security.◦ Sophisticated Tokenization algorithms.◦ Propagation and Replication of current approaches to different frameworks in
organizations, forming complete center points of truth for data security.
December, 27th 2011 27By: Hossam El-Din Hassanien
Q & A