Crucial data privacy and

protection insights for 2019

Richard Macaskill and Kendra Little

Richard MacaskillRichard.Macaskill@Red-Gate.com

20 years Oracle and SQL Server experience

Product Manager

at Redgate

Data Governance

bolshevik!

@Kendra_Little

Kendra.Little@Red-Gate.com

Founder of

SQL Workbooks

Evangelist at

Redgate

Microsoft MVP &

Microsoft Certified

Master

Agenda

Compliance is shifting left

What do we mean by ‘Shift Left’?

Employers are responsible for employees’ actions

Organizations as a whole are responsible

“If a business can’t show that good data protection is

a cornerstone of their practices, they’re leaving

themselves open to a fine or other enforcement action

that could damage bank balance or business

reputation.”

Elizabeth Denham, UK Information Commissioner

Microsoft

Confidential

https://assets.red-gate.com/products/dba/sql-clone/sql-server-database-provisioning-report.pdf

A few words on Static Data Masking

1. Realistic Values – how useful are they?

2. Correlating & syncing values across columns

3. Retaining table integrity post-masking

4. Cross-database & cross-server masking

5. Performance when masking large sets of data

➢ Applications actually work for debug/test

➢ Data rarely exists in isolation

➢ Are there keys that should be masked?

➢ ‘Systems’ use multiple data sources

➢ We can’t block our day’s work

Perimeter protection is no longer

sufficient

2018 Data Breach Investigations Report · Verizon ·

https://enterprise.verizon.com/resources/reports/dbir/

• 53,000 incidents

• 2,216 confirmed data breaches

• 43,000 successful accesses involving botnets

2018 Data Breach Investigations Report · Verizon ·

https://enterprise.verizon.com/resources/reports/dbir/

2018 Data Breach Investigations Report · Verizon ·

https://enterprise.verizon.com/resources/reports/dbir/

2018 Data Breach Investigations Report · Verizon ·

https://enterprise.verizon.com/resources/reports/dbir/

DBAs are famous for having

“zero trust” for developers

2018 Data Breach Investigations Report · Verizon ·

https://enterprise.verizon.com/resources/reports/dbir/

We need

proactive,

general “zero

trust”

The Future of Data Security: A Zero Trust Approach · John Kindervag,

Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc.

“There is a fatal flaw in the assumption… that there is

a ‘trusted’ internal network where data is safe”

Key takeaways

Security must become data-centric

A security and control framework should define, analyze, and protect the data

Data breaches dangerously erode consumer trust

The Future of Data Security: A Zero Trust Approach · John Kindervag,

Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc.

Limit access Classify data

Dispose of data when no longer needed

Devalue or “kill” data using abstraction techniques

The Future of Data Security: A Zero Trust Approach · John Kindervag,

Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc.

KEPRO: Ensuring HIPAA compliance with SQL Provision ·

Redgate · http://bit.ly/2RtUCoB

“SQL Provision has given us the ability to mask data

and push it out to multiple locations almost instantly.

That saves hours compared to the way we used to

refresh.”

You risk overspending when you

implement security controls

Executives havetraditionally under-estimated risk

relative to tech professionals

But that’s changing

Source: Redgate-commissioned survey, 378 respondents in mid-large enterprises, senior roles

But that’s changing

Source: https://uk.pcmag.com/feature/118088/gartners-cio-agenda-and-ceo-perspective-for-2019

Or misconstrued

its nature

2018 Data Breach Investigations Report · Verizon ·

https://enterprise.verizon.com/resources/reports/dbir/

Alignment protects

against over-spend

Discussion: chat on YouTube,

Slack, or Twitter #sqlinthecity

Crucial DPP insights for 2019

1. Compliance is shifting left

2. Perimeter protection is no longer sufficient, adopt a

“Zero Trust” mindset for your data

3. Alignment of developers, ops, and IT Managers

protects against over spending when implementing

security controls

Next steps

Download the Data

Privacy Influencer PDF

red-gate.com/sitc

Contact

sales@red-gate.com

References & Resources

2018 Data Breach Investigations Report · Verizon · https://enterprise.verizon.com/resources/reports/dbir/

KEPRO: Ensuring HIPAA compliance with SQL Provision · Redgate · http://bit.ly/2RtUCoB

SQL Provision adds fully integrated data masking · Redgate · https://www.red-gate.com/hub/product-learning/sql-provision/sql-provision-adds-fully-integrated-data-masking

The Future of Data Security: A Zero Trust Approach · John Kindervag, Heidi Shey, Kelley Mak, 2014 · Forrester Research, Inc.

Zero Trust: Your Knight In Cyber Armor · Forrester Research, Inc. · https://go.forrester.com/what-it-means/ep93-zero-trust-cyber-armor/