Cybersecurity, Data Management, and You: Best Practices ... · Cybersecurity, Data Management, and...

Cybersecurity, Data Management, and You: Best Practices for Protecting Enterprise Data

Johna Till Johnson CEO, Nemertes Research

[email protected], @johnatilljohnso

May 9, 2018

© 2018 Nemertes Research DN6744 1

Agenda

• Information stewardship: the discipline of data management

• The cybersecurity challenge: risk management in a hyperconnected world

• New paradigm: the zero-trust model

• Putting it all together


Information Stewardship: The Art of Data Management

3© 2018 Nemertes Research DN6744

Information Stewardship

Information

Protection

Data quality

management

Information Lifecycle

Management

BCP/DR

Compliance

Information Stewardship

Information Stewardship Disciplines


What Information Stewardship Means

Data Classification

Organizational Structure

User Classification

Key Technologies

Information Protection

Which data must be protected?

Who is responsible for protecting data

Who can see data Identity management, encryption, anti-malware

Data Quality Management

Which data must be accurate and to what degree?

Who is responsible for ensuring data integrity

Who can enter/modify data Data cleansing, data matching, ETL

BCP/DR How quickly must different tiers of data be restored?

Who is responsible for ensuring data availability

Who needs fastest access to data in event of outage?

Networking, disk mirroring, clustering, grid

ILM Where should data reside? Who determines where data should reside

Who has access to data at different storage “tiers”

Disk arrays, virtualized storage, ILM software tape drives

Compliance Degree to which data is affected by regulations

How compliance and IT intersect and communicate

Who is responsible for ensuring/enforcing compliance

Logging, auditing, monitoring


The Information Lifecycle

Security

and

Compliance

Acquisition

Classification and Management

InfrastructureAnalysis and Visualization

End of Life


Acquisition/Transformation• Old friends

o ODBC/JDBC/SQL queryo ETL/EAI/Data integration toolso Flat file import

• Newer wayso Web serviceso Storm — “Stream Reduce” & processing/massaging continuous feedso Sqoop — Parallelize via MapReduceo Flume — Apache; light modifications of data; minutes not hours; text

file aggregation and import typicallyo Activity streams


Example: Flume• Scalable, dynamic data aggregation• Context-driven data handling

o Load balancing, routingo Split, MUX, replicate, tag, filter, serialize

• Rules based and extensible• Low latency processing

• Transactional push of data through channel

• Flexible:o Many sources, many channels

per agento Many sources to a channelo Many channels to a sourceo Sinks get one channel only


Classification Systems and Standards

• Mostly proprietary tools and systems for associating metadata with files of unstructured data

• MDM, e-Discovery, enterprise search, archiving, and general purpose classification tools

• Some standards, models, ontologies, taxonomieso RDF/SKOS/OWL (semantic web standards for modeling content)

o XBRL (taxonomy for ledger information)

o GALEN (ontology for medicine)

o NIST SP 800-60 v 1 (mapping information to security categories)


Information

Stewardship

Disciplines

Data Classification

Organizational

Structure

User Classification

Key Technologies

Processes,

and Procedures

Disciplines Parameters & Policies Processes

Tying It All Together


The cybersecurity challenge: risk management in a hyperconnectedworld


The Problem

Too much data…


The Problem

Too much data…

1400 infosec

products on the market—

all generating data


The Problem

Too much data…

1400 infosec


all generating data

1Tbyte/day or more

of security incident info


The Problem

Too much data…

1400 infosec


all generating data

1Tbyte/day or more


IDS/IPS can generate 500

or more false positives/day


The Problem

Too much data…

1400 infosec


all generating data

1Tbyte/day or more




Every networked device, system,

endpoint, application generates

1000s of log events


The Problem

Too much data…

1400 infosec


all generating data

1Tbyte/day or more






1000s of log events

Correlating events in real time

would require

100s of security analysts—and

more every day!


The Problem

Too much data…

1400 infosec


all generating data

1Tbyte/day or more






1000s of log events

Correlating events in real time

would require

100s of security analysts—and

more every day!


The Problem

Too much data…


The Problem

Too much data…not enough information!

I still don’t know

what’s going on!


What Is Advanced Security Analytics

• No single universal definition of the term

• Uses techniques from AI and machine learning to uncover security vulnerabilities, threats, breaches and attacks and perform forensic analysis

• May be developed and delivered in a range of ways: o Do it Yourself (applying general purpose Big Data tools and

techniques to the problem of enterprise security)

o Via special-purpose tools, particularly Behavioral Threat Analytics

o As enhanced capabilities of existing tools and services


Benefits of ASA

•Drastic reduction in staff time to sort and analyze

•“Went from 500 false positives/day to 3-4 real threats”—CISO, Global 200Reduce false positives

•Shut down malicious activity instantly

•“There’s no other way we could have known what our users are doing,” –CISO, major enterprise

Respond to threats immediately

•Leverages, rather than replaces, investments in Splunk, IDS/IPS, etc

•“It’s the cornerstone of 3-4 other products,”—CISO, global services provider

Leverage existing analytics

•Integrates multiple data sources; can correlate physical, user, system activity

•“Why is Bob sending 10,000 emails from his desktop when he is badged in across the country?”

Detect multi-vector & AP threats

•Evidence for audits, complianceProvide documentation

of attacks© 2018 Nemertes Research DN6744 22

New paradigm: the zero-trust model


Zero Trust: All Assets Untrusted

• Originally developed by Google as part of BeyondCorp™ architecture

• Assumes all assets untrusted; inside the firewall is no safer than outside

• Impacts on all devices, applications, services:o Data-centric approacho Requires detailed asset inventoryo Authentication, authorization, access control at every levelo Firewalls no longer delineate “safe” from “risky”o Encryption everywhere!


Zero Trust: All Assets Untrusted

©2016 Google


Zero Trust: Classification is Key

©2016 Google


State of Zero Trust Today


Current State: Overall

34.0%

17.3%

13.5%

12.8%

12.8%

9.6%

2.6%

Haven't heard of it or am not quite sure what it is

Evaluating

Have now

No plans

Planning for 2017

Planning for 2018

No plans (evaluated but rejected)

Zero-Trust Security: Current State


Current State: by Success

34.6%

9.9%

13.6%

2.5%

14.8%

12.3%

12.3%

31.6%

16.5%

20.3%

2.5%

10.1%

12.7%

6.3%

Haven'theardofitoramnotquitesurewhatitis

CurrentlyImplemen ng

Evalua ng

Notplanning(evaluatedbutrejected)

Notplanning

Planningfor2017

Planningfor2018

ZeroTrustAdop onbySuccess

MoreSuccessful

LessSuccessful


Enabling Tools and Practices for Zero Trust


Data Classification

46.4%

26.8%

10.7%

10.7%

3.6%

1.8%

42.2%

7.8%

7.8%

17.6%

1.0%

23.5%

Havenow

Planningfor2017

Planningfor2018

Evalua ng

Notplanning(assessedandrejected)

Notplanning

DataClassifica onAdop on

ZeroTrustNon-Adopters

ZeroTrustAdopters


Data Classification

46.4%

26.8%

10.7%

10.7%

3.6%

1.8%

42.2%

7.8%

7.8%

17.6%

1.0%

23.5%

Havenow

Planningfor2017

Planningfor2018

Evalua ng


Notplanning

DataClassifica onAdop on


ZeroTrustAdopters

Adopters up to 3X as likely to be implementing data classification


Security Automation


Security Automation

Adopters up to 70% as likely to be automating security


Firewall Architecture

0.0%

46.0%

24.0%

30.0%

8.0%

17.8%

35.5%

29.0%

17.8%

11.2%

Nofirewalls

Centralized

Distributed

Virtualized

Cloud-based

FirewallArchitecture


ZeroTrustAdopters



0.0%

46.0%

24.0%

30.0%

8.0%

17.8%

35.5%

29.0%

17.8%

11.2%

Nofirewalls

Centralized

Distributed

Virtualized

Cloud-based



ZeroTrustAdopters

Adopters almost twice as likely to have virtualized firewalls



0.0%

46.0%

24.0%

30.0%

8.0%

17.8%

35.5%

29.0%

17.8%

11.2%

Nofirewalls

Centralized

Distributed

Virtualized

Cloud-based



ZeroTrustAdopters

Adopters more likely to have centralized firewalls


Advanced Endpoint Security (AES)


Advanced Endpoint Security (AES)

Adopters more likely to have implemented AES


Behavioral Threat Analytics

26.8%

23.2%

28.6%

14.3%

0.0%

7.1%

17.5%

5.8%

7.8%

23.3%

3.9%

41.7%

Havenow

Planningfor2017

Planningfor2018

Evalua ng


Notplanning

BTAAdop on


ZeroTrustAdopters

Adopters more likely to have implemented BTA


Behavioral Threat Analytics

26.8%

23.2%

28.6%

14.3%

0.0%

7.1%

17.5%

5.8%

7.8%

23.3%

3.9%

41.7%

Havenow

Planningfor2017

Planningfor2018

Evalua ng


Notplanning

BTAAdop on


ZeroTrustAdopters


Cloud: Data Loss Prevention


Cloud: Data Loss Prevention

Adopters more likely to have implemented DLP for cloud


Cloud: Cloud Access Security Brokers


Cloud: Cloud Access Security Brokers

Adopters more likely to have implemented CASB


Putting It All Togther

• Review your data management efforts in light of emerging paradigm shiftso Cloud

o Zero trust security

• Invest in data-centric security analytics toolso BTA

o CASB

o Cloud DLP

• Seek assistance where appropriate


Additional Resources

Nemertes Strategic Support Program: Technology Users

• Assistance developing policy, business cases, strategy, architecture, roadmap, vendor strategic selection

• Data-based guidance on staffing, spending, budgeting, governance, operations• Success metrics for comparable organizations

o Maturity modelso Operational and success benchmarking

• Interactive tools and modelso Cost models o Capacity plannerso Vendor selection weighted scorecards

Ongoing support, telephone advisory service, written inquiries and access to all research


Thank you!

[email protected]

[email protected]

@Nemertes


49

© 2018 NTT DATA, Inc. All rights reserved.

The Data-Driven Enterprise: The Key to Succeeding with AI, IoT

and Disruptive Technologies

Michael GoodmanSenior Director, Data & Analytics, and Technology Advisory Practice Lead, NTT DATA Services

© 2018 NTT DATA, Inc. All rights reserved. 51

Customer Service, Ease of Use, Personalization, and Cost Efficiency are the most commonly used words to describe what the market is asking of Financial Services companies now – all packaged in innovative delivery and formats for consumption.

Moving Toward Advanced Customer Experience (CX) and Cost Efficiency

Cognitive AI

Analytics is no longer enough –

insight must be derived and

leveraged through NLP-based

interactions with Virtual Agents,

Machine Learning, Predictive

Algorithms, and chatbots

Personalization

Customers of all types think about

interactions they way they think about

making purchases on Amazon and

selecting content on Netflix

Channel of Choice

The way in which consumers interact

with their money has changed and with

it has come a desire for convenience

and minimal unnecessary interactions

Ease of Use

Customers want their

business to be transactional

(not conversational) and

quick

Free Service

Many services that used to be

profitable fee-based business can

be had at minimal-to-no-cost

somewhere else

APIs

Integration is no longer a term being

used - Open APIs, Exposed APIs,

Partner Ecosystems – these are how

you create new business channels

and products so that you can find

new monetization opportunities


CX: Critical Driver for Banks to Gain Market Share

for ONE point

improvement in

CX score.Source: Clarabridge

$59MIMPACT

61%customers who demand that

digital CX improveSource: NTT DATA Services

56%

RISK REWARDS

of “Explorers” would leave

FSI for a better digital CX Source: NTT DATA Services

higher growth for

banks in the top

100 ranking for

CX excellenceSource: Clarabridge

163%86%

of financial services

orgs say they don’t

have the data and

systems to take

digital CX to the next

levelSource: NTT DATA Services

49%

of banks believe that digital

CX will be a differentiator Source: NTT DATA Services


AI and machine learning are critical to success of data-driven digital business models. Consider the various domains that benefit from AI.

Leveraging AI Across the Enterprise

BI / AnalyticsAutomation

Customer Engagement

Internet of

Things

Natural Language

Processing

Prediction

Visualization

Digital Marketing

Robotic Process

Automation

Autonomics

UI / UX

Artificial Intelligence

Machine Learning Virtual Agents

“[AI] systems don’t

just require more

information than

humans to

understand concepts

or recognize features,

they require hundreds

of thousands times

more.”Neil Lawrence,

Professor of machine learning

at the University of Sheffield

and part of Amazon’s AI team


Bad data is circulating through businesses at a rapid rate. New technologies are increasing the need to be sure your business is spending less time fixing data and more time gaining business insights from good data.

The Cost of Bad Data

1 IBM estimate published in “Extracting business value from the 4 V's of big data” 20162 http://soa.sys-con.com/node/19751263 https://www.edq.com/globalassets/white-papers/2017-global-data-management-benchmark-report.pdf

Cost to US businesses due to poor

quality customer data

% of global companies that trust

their data to make important

business decisions

Poor data quality translates into lost productivity, creates competitive disadvantages,

regulatory scrutiny, and ultimately, customer relationship and financial loss.

Business cost of bad data for an

organization’s revenue

$3.1Trillion1

10-25%of revenue2

56%don’t trust

their data3

“It is rare to see a discussion of a business objective that

does not include data issues as a barrier to success.”

http://soa.sys-con.com/node/1975126


Problems range from sourcing and obtaining data and data quality to managing real-time interaction data and integration of data across products and channels.

What’s Behind the Data Problem?

Privacy is a major

challenge

70%

Security is a major challenge

64%

Have a data talent shortage

59%

Do not have a solid data

strategy that supports Digital CX

49%

67%Have limited or no trust in data

and analytics

48%

Struggle to manage the volume

of data for Digital CX

46%

@NTTDATAServices

Q62: Do you have a data talent shortage that is limited your ability to succeed in digital CX

Q64: How would you answer the following statements as it pertains to your data strategy and initiatives for digital CX?


Companies that successfully manage data as an asset gain competitive advantage.

The Data-Driven Enterprise

70% of executives surveyed say data and analytics have caused at least moderate changes in the competitive landscape

McKinsey survey, “Data monetization is becoming a differentiator,” December 2017

>50% have begun monetizing data, say respondents in basic materials and energy, financial services, and high tech

High performing companies are three times more likely than others to say their data monetization efforts contribute more than

20% to company revenues


Data-Driven Enterprises seek to maximize insight through optimized analytics, treat data as an asset and recognize the importance of a basic data management capability.

The Data-Driven Enterprise

Data as an asset

Data Management

Maturity

Optimized Analytics

Establish an analytics

ecosystem that is able to

adapt to the rapidly changing

world of data and analytics.

Recognize the costs and risks

posed by their data and manage

that data for maximum return.

Lay the foundation supporting

the pursuit of insight and the

monetization of data.


Three Roads to the Data-Driven Enterprise

Data-Driven

Enterprise

Optimized

Analytics

Data as an

Asset

Data

Management

Maturity

Drive Quality Derive

Insight

Manage as a

Service Monetize

Strategy Governance Architecture Platform Operations

Organized

Analytics

Governed

Analytics

Analytics

Services

Information

Marketplace


An analytics ecosystem where models are judged by the insight and value they provide. Methods, inputs and outputs are continually evaluated and adjusted to maximize value.

Defining Advance Analytics

Output

s

Inp

uts

Isolated Integrate

d

Prescriptive


To get the full report, visit: www.nttdataservices.com/DigitalCXin2020

Download the White Paper

http://www.nttdataservices.com/DigitalCXin2020

http://www.nttdataservices.com/DigitalCXin2020


About NTT DATA Services

Top 10 IT services provider, helping clients

integrate business strategy and technology to

accelerate business growth in a digital world.

Who we serve

leading financial services and

insurance firms around the

globe including:

>50

15 of the 20 largest U.S. banks

2 of the top 5 global investment banks

50,000 professionals

#9 on Consulting Magazine’s “Best Firms to Work For” List

NTT DATA Services

NTT DATA Services Portfolio:

Organized around your industry and priorities

275,000 professionals | $105B

$2B investment in R&D

#15 World’s Most Valuable

Brands

Acquired Dell Services

2016

Deal of the Year

Acquired Carlisle & Gallagher

2015

Consulting

Digital and Application Services

Infrastructure, Cloud and Security Services

BPO Services

Customer Experience

IT OptimizationInternet of Things

(IoT)

Intelligent Automation

Cybersecurity

Data &

IntelligenceFocus

Areas

Banking and Financial

Services

Capital Markets, Wealth

and Asset Mgmt.

Insurance

© 2018 NTT DATA, Inc. All rights reserved.

63

The Global Shift in Data

Analytics in Bridging the

Knowledge Gap

Pinar Celen

Pre-Sales Manager, Northeast Region

65

Data Acquisition

Data Preparation

Data Selection

Model Selection

Result Generation

Result Presentation

Action Steps

Data Model Creation

Business AnalystIT Business User

Results Interpretation

The old way

66

Data Model Creation

Governance & Oversight

Data Selection

Basic Parameterization

Result Generation

Result Presentation

Action Steps

Data Acquisition

Data Preparation

Advanced Parameterization

Automated Model Selection

Roles are changing

Business AnalystIT Business User

67

Data Lake Explorer

68

Data Lake Explorer

• Helps guide the user to build a

Qlik app on the fly using data

stored anywhere in Cloudera

• Enables the user to visually shop

through the data lake for info they

want to analyze in Qlik.

• Consumes metadata from

Cloudera Navigator, Cloudera

Manager, and Impala to help the

user access data stored in

Cloudera

69

AML

70

AML

Thank You

72

Operational Risk Prediction in IT Systems

Mark Chamness, Director – Data Science

74

AGENDA

1. Common modes of failure

2. Standard forecasting methods

3. Reframe question as failure probability

4. Financial models of risk

75

PROBLEM STATEMENT

Hardware Failures

• Network

• Memory

• Disk/SSD

• Power/Cooling

Software Failures

• Bugs

• Deadlocks

• Memory Leaks

• Full capacity

76

STANDARD ANALYSIS: CAPACITY FORECAST MODEL

77

REFRAME QUESTION: PROBABILITIES

78

INSPIRATION FROM FINANCIAL MODELS

79

MODEL COMPARISON

80

MODEL COMPARISON

81

SOLUTION: BROWNIAN MOTION WITH DRIFT

𝑃 𝑀 𝑡 ≥ 𝑦 = 𝑒2𝑦𝜇/𝜎2 ഥΦ

𝜇𝑡 + 𝑦

𝜎 𝑡+ ഥΦ

𝑦 − 𝜇𝑡

𝜎 𝑡

R Code:

exp(2*y*mu/s)*(1-pnorm((mu*t+y)/sqrt(s*t)))+(1-pnorm((y-

mu*t)/sqrt(s*t)))

82

PRIORITIZE RISKS ACROSS SYSTEMS

SYSTEMPROBABILITY FULL CAPACITY

(90 DAYS)

drt-ds-dev-data01-i2.corp.nutanix.com 93%

drt-ba-tableau01-3.corp.nutanix.com 27%

drt-ds-dev-data01-i3.corp.nutanix.com 23%

drt-ba-tableau-dev01-i4.corp.nutanix.com 7%

drt-ds-prod-data01-c4.corp.nutanix.com 5%

83

KEY POINTS

1. Reframe question – focus on core issue of risk

2. Financial model predicts risk of 100% capacity

3. Generalizable: capacity, memory, network capacities

4. Prioritize and focus on most critical issues

Thank You

Date post:	04-Jun-2020
Category:	Documents
Upload:	others
View:	10 times
Download:	0 times

Cybersecurity, Data Management, and You: Best Practices ... · Cybersecurity, Data Management, and...

Documents