Threat Ready Data: Protect data from the Inside and the Outside

Amit Walia Senior Vice President, General Manager Data Integration & Security April 23, 2015

Current State – Threat ready…Really?

2010

2011

2012

2013

2014

Industry: Healthcare ID Theft is Even More Pervasive

44% Of all data breaches are in

Healthcare From Identity Theft Resource Center

90% Have experienced a breach

in the last 2 years

2013 ID Experts data security survey of 91 healthcare organizations

38% Have experienced > 5 breach

incidents in the last 2 years

20-50X Medical identities are more valuable

than financial identities

Industry: Retail The Real Cost of a Data Breach

Retail data breaches makes the headlines Customer Loyalty and Revenue Declines Stolen data used to defraud the retail company

Jobs of C-level leaders are at stake

2014 was the year of retail data breaches Number of stolen records continue to increase

Industry: Financial Services Impacted Not Only by Direct Breach, But Also Retail Breaches

45% Of financial services have been hit 2014 Economic Crime Survey by PWC of 5000 senior executives in 99

countries

$200M Card replacement cost of Target

data breach

$40M Card replacement cost of smaller banks for 4M cards from Target and Neiman Marcus breaches

Industry: Public Sector

•  73% of DBA’s can view all data, increasing risk of breach •  50% say data has been compromised or stolen by

malicious insider such as a privileged user •  The cost of a breach averages $5.5 million

per organization

Data Breach: Internal Breaches and Growing Challenges

Ponemon Institute May 2012

Data Breach: Is Not IF But WHEN

Data is the new OIL….and everyone wants to steal it!

Why?

Data Breach: Shouldn’t we Focus on Protecting the Data?

Host Endpoint Network Devices Application Data

Do You Know the Most Critical Data to Protect?

What Level of Protection Is Required?

Against Outsiders?

Against Insiders?

BUT…

? What has changed?

13

“We’ve moved beyond just protecting endpoints and networks. APTs combined with trends like mobility, cloud, and outsourcing require us to

have security as close to the data as possible– independent of devices, applications, databases, storage platforms, and network topologies.

We need companies like Informatica, who understand data deeply, to take a more active role in helping us to secure information.” –CISO/

CRO, leading global bank

1. Traditional Security Architectures are Insufficient

2. Data Proliferation Is Inevitable

Is the risk greater out here? Or in here?

Data Points to Internal Users Inside the Firewall •  Accidental •  Rogue employee •  Criminal activity •  Opportunistic

3. Insiders with privileged access

4. Interpretation of the Law

How do you define and enforce data residency?

? Where are the risks?

Where is your sensitive/private data that should be protected?

Do you know its RISK exposure?

“…only 26 percent (CEOs) say they have identified which types of data they hold are the most

attractive to hackers…” Washington Post, 2014

N=1587, Source: Ponemon Research, May 2014

13%

20% 15% 16%

30%

19%

45%

27%

42%

26% 23% 24%

ROW EMEA North America

Yes, All Data Yes, Most Data Yes, Some Data No

Do you know where your structured sensitive and confidential data resides?

Primary Research of 1500+ enterprise customers validates key pain points

19 Source: Ponemon Institute June 2014; 1,587 Global IT and Security practitioners in 16 countries

You Need Insights to Manage Your Sensitive Data Risks

Do you have this information to prioritize your security investments?

Where Is Your

Sensitive Data?

Where Is Its Residency?

Where Is It Going?

Is It Protected?

What Are The

Regulations That Apply?

Who Has Access To

It?

What Is Its Cost If Stolen?

Data-Centric Security Intelligence & Analytics

Security approach that focuses on gaining insights about the data context to enable cost-

effective data security controls, complementing security solutions that focus on protecting the

network perimeter, endpoints, and infrastructure.

Focus security investments on high risk data assets

Data Centric Security: 2 Key Components

DATA SECURITY CONTROLS

PERSISTENT MASKING

DYNAMIC MASKING VALIDATION & AUDIT

ARCHIVE

DATA SECURITY INTELLIGENCE

DISCOVERY

CLASSIFICATION PROLIFERATION ANALYSIS

RISK ASSESSMENT

REDUCE RISK OF SENSITIVE DATA EXPOSURE

Data-Centric Security Maturity Model

23

DISCOVER

Classification Proliferation

ANALYZE

Exposure Risk

LDAP IAM

DAM/DAP DLP SIEM

DETECT

Access Controls

User Activity

Controls Remediation

PROTECT ORCHESTRATE

Block Alert Mask

Archive

Encrypt Tokenize

MONITOR

Baselines Usage Patterns

Behavioral Anomalies

PREDICT

Threats Behaviors

COLLECT & CORRELATE

Informatica Data Security Keep Data Safe Throughout Its Lifecycle

Data  Security  Intelligence  

Data  Protec2on  with  Data  Masking  

Secure  Tes2ng  with  Test  Data  

Management  

Safely  Retain  and  Dispose  with  Data  

Archive  

DISCOVER CLASSIFY ANALYZE MONITOR

MANAGE RISK

DYNAMIC MASKING PERSISTENT MASKING

COMPLY

SUBSET GENERATE MAINTAIN

MASK TEST DATA

RETIRE LEGACY APPLICATIONS

MANAGE RETENTION COMPLY

REDUCE COSTS

OPTIMIZE PERFORMANCE

What is it? •  Gather insights from data context

and metadata to deliver location and risk analytics

•  Leverages information from existing data management and security solutions

It answers:

•  Where is my sensitive data? •  Is it protected? •  What country is it resident in? •  Where is it proliferating? •  Who has access to it? •  Who uses it? •  What is its value if stolen? •  What is my risk?

Data Security Intelligence: Understand Risks

A ‘single pane of glass' to continuously monitor sensitive data stores and their risks •  Enterprise-wide sensitive data

risk analytics •  Sensitive data classification &

discovery •  Proliferation analysis •  Policy-based alerting •  Integrates data security

information from 3rd parties: •  Data stores •  Data owners •  Classification •  Protection status

Secure@Source Overview

Informatica Data Privacy and Test Data Mgmt Solution Architecture

Production

Dev

Test

Train

Informatica Dynamic Data Masking

Informatica Test Data

Management Informatica Data Subset

Informatica Persistent Data Masking

Sensitive Data Discovery

Users

Production Support

CRM Custom

Billing ERP

Packaged EDW

Data Privacy Compliance Validation

Synthetic Test Data

Informatica Test Data Generation

Apply Persistent Data Masking Protect Sensitive Information in Test & Dev

Masked Values

5992-9989-1333-5429

3724-6743-8000-2421

Masked Values

5992-9989-1333-5429

3724-6743-8000-2421

Development

Masked Values 5992-9989-1333-5429

3724-6743-8000-2421

Shuffle Substitution

Skewing Credit Card

Informatica Persistent Data Masking

Testing Training

Apply Dynamic Data Masking Protect Sensitive Information in Production

(Sr. Analyst) Original Values

5992-9989-1333-5429

3724-6743-8000-2421

Masked Values

1234-6789-1000-4422

2233-6789-3456-5555

Custom Application (IT Administrator) Masked Values

xxxx-xxxx-xxxx-0093

xxxx-xxxx-xxxx-7658

National ID Credit Card

Blocking

Informatica Dynamic Data Masking

(Offshore Support)

Why Informatica? Thinking Data First: The Intelligent Data Platform Uniquely Addresses Data Security Challenges

Intelligent Data Platform

Data Intelligence Metadata meets machine learning

Data Infrastructure Industry leading data integration, profiling, masking, complex event processing across all sources, anywhere

Define Once. Deploy Anywhere.

On-premise or in cloud

Data Warehouse

Transactional Applications

CRM ERP HR FIN

Big Data

Unstructured Semi-Structured

Real-time Events

Mainframe Systems

Cloud, Social, Partner Data

Enterprise Applications

Platform for Universal Data Access

We have successfully LOWER RISKS, REDUCE COSTS, and

PROTECT SENSITIVE DATA for 600+ customers…

We have been are building off a strong foundation - Strong showing at RSA 2013, 2014, and 2015

Informatica won awards at Product Award reception at RSA 2013, 2014 & 2015 •  Gold Award for Best New Security Product - Informatica Secure@Source •  Gold Award for Database Security, Data Leakage Prevention/Extrusion Prevention -

Informatica Dynamic Data Masking •  Bronze Award for New Product - Informatica Cloud Test Data Management

Threat Ready -

It’s In Your Hands

THANK YOU