Place Your Bets on Tokenization to Improve Cybersecurity

Similar documents
Mastering The Endpoint

Converged Security - Protect your Digital Enterprise May 24, Copyright 2016 Vivit Worldwide

Managing Cybersecurity Risk

CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL

Privacy & Information Security Protocol: Breach Notification & Mitigation

Operationalize Security To Secure Your Data Perimeter

2017 THALES DATA THREAT REPORT

Data Privacy Breach Policy and Procedure

Martijn Loderus. Merritt Maxim. Principal Analyst Forrester. Director & Global Practice Partner for Advisory Consulting Janrain

QUALITY HIPAA December 23, 2013

HIPAA in 2017: Hot Topics You Can t Ignore. Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017

Solving the Really Big Tech Problems with IoT Data Security and Privacy

The Cyber War on Small Business

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE

Data Compromise Notice Procedure Summary and Guide

Build Your Zero Trust Security Strategy With Microsegmentation

Fact Or Fiction: The State Of GDPR Compliance

2015 VORMETRIC INSIDER THREAT REPORT

Vulnerability Management Trends In APAC

Teradata and Protegrity High-Value Protection for High-Value Data

Rethink Enterprise Endpoint Security In The Cloud Computing Era

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP

DeMystifying Data Breaches and Information Security Compliance

Encrypting PHI for HIPAA Compliance on IBM i. All trademarks and registered trademarks are the property of their respective owners.

The Digital Risk Dilemma

Incident Response: Are You Ready?

(c) Apgar & Associates, LLC

Supporting The Zero Trust Model Of Information Security: The Important Role Of Today s Intrusion Prevention Systems

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

All 3 Billion Yahoo Accounts Were Affected by 2013 Attack NY Times 10/3/17

Cyber Security Issues

Systemic Analyser in Network Threats

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

Orlando, FL September 23-27, Your School Has Been Breached Now What? Cyber Incident Simulation Exercise

Securing the Distributed Enterprise

Modern Database Architectures Demand Modern Data Security Measures

The Realities of Data Security and Compliance: Compliance Security

Breaches and Remediation

Protect Sensitive Data from Prying Eyes

2017 Varonis Data Risk Report. 47% of organizations have at least 1,000 sensitive files open to every employee.

Digital Transformation Drives Distributed Store Networks To The Breaking Point

The State of Privacy in Washington State. August 16, 2016 Alex Alben Chief Privacy Officer Washington

3/24/2014. Agenda & Objectives. HIPAA Security Rule. Compliance Institute. Background and Regulatory Overlay. OCR Statistics/

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

CipherCloud CASB+ Connector for ServiceNow

Formulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements

PRIVACY AND ONLINE DATA: CAN WE HAVE BOTH?

Why you MUST protect your customer data

Full Disk Encryption. Larry Carson, Associate Director, Information Security Management

Is Your Payment Card Data Secure Enough?

2018 THALES DATA THREAT REPORT

DHS Hackers and the Lawyers Who Advise Them

Understanding the Changing Cybersecurity Problem

UCOP Guidelines for Protection of Electronic Personal Information Data and for Security Breach Notification

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

Cybersecurity Guidance for Small Firms Thursday, November 8 9:00 a.m. 10:00 a.m.

A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

Processing Payments Securely in the Digital World

A Comedy of Errors: Assessing and Managing the Human Element of Cyber Risk

ips.insight.com/healthcare Identifying mobile security challenges in healthcare

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE

Building a Threat Intelligence Program

WHOIS Survey Prepared on behalf of:

Modern Compute Is The Foundation For Your IT Transformation

Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D.

What is Cybersecurity?

The Rise of the CSO Welcome

Cybersecurity: Federalism as Defense-in-Depth

Jeff Wilbur VP Marketing Iconix

Performance Audit: City Could Better Protect Personally Identifiable Information July 2015

Elements of a Swift (and Effective) Response to a HIPAA Security Breach

Building a Privacy Management Program

FINANCIAL INFORMATION FORUM 5 Hanover Square New York, New York 10004

KEY FINDINGS INTERACTIVE GUIDE. Uncovering Hidden Threats within Encrypted Traffic

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Policy. Sensitive Information. Credit Card, Social Security, Employee, and Customer Data Version 3.4

Management Frameworks

Security and Privacy Breach Notification

EDENRED COMMUTER BENEFITS SOLUTIONS, LLC PRIVACY POLICY. Updated: April 2017

PCI Compliance. What is it? Who uses it? Why is it important?

Trusted Identities. Foundational to Cloud Services LILA KEE CHIEF PRODUCT OFFICER GLOBALSIGN

Frequently Asked Questions (FAQ)

Healthcare HIPAA and Cybersecurity Update

Upcoming PIPEDA Changes What is changing and what to do about it

GLBA, information security and incident response a compliance perspective

It s About the Data, Stupid.

The web seminar has not yet started: A sound check will be performed 5 minutes before the start time.

HIPAA Compliance is not a Cybersecurity Strategy

Protegrity Vaultless Tokenization

Postal Inspection Service Mail Covers Program

IT Audit and Risk Trends for Credit Union Internal Auditors. Blair Bautista, Director Bob Grill, Manager David Dyk, Manager

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

Identity Theft Prevention Program. Effective beginning August 1, 2009

Mid-Market Data Center Purchasing Drivers, Priorities and Barriers

Corporate IT Survey Messaging and Collaboration, Editor: Sara Radicati, Ph.D

Putting It All Together:

Update on the Key Initiatives Recommended by NTT Data regarding the Agency Cyber Security Framework

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

Data Loss Prevention:

Transcription:

SESSION ID: PDAC-F01 Place Your Bets on Tokenization to Improve Cybersecurity John Kindervag Vice President & Principal Analyst Forrester Research, Inc. @Kindervag

What is Tokenization? PAN 4672564304618386 Tokenized 467256GH3LKK8386 FPE or token 9810143588110281 *Maths courtesy of Terence Spies (HPE)

Data Security was driven by PCI

Breaches Happen How many times do you estimate that your firm s sensitive data was potentially compromised or breached in the past 12 months? No breaches in the past 12 months 59% Once Twice 8% 16% Sensitive data was compromised or breached for 37% of firms in the past 12 months. Three to five times 8% Six to 10 times 11 to 25 times More than 25 times in the past 12 months 2% 2% 1% For 29% of these companies, cyberattacks occurred more than once. Base: 166 director+ security decision-makers in the US in firms with more than 100 employees Source: Forrester's Global Business Technographics Security Survey, 2015 (Note: Not showing Don t know ) 9

Selling fresh vergin wordwide cvv Selling (Worldwide Cvvs, Worldwide Fullz, UK, Usa Logins Worldwide Dumps, UK, Usa Paypal, Ebay Accounts...)

There are only Two Types of Data 2 Everything else 1 Data that someone wants to steal

Cybercriminals Steal Toxic Data Remember the Four P s: PCI PHI PII IP 3P + IP = TD

THE REAL ANSWER TO DATA THEFT IS TO MAKE IT MEANINGLESS

Encryption Covers A Multitude Of Sins California SB 1386 This bill, operative July 1, 2003, would require a state agency, or a person or business that conducts business in California, that owns or licenses computerized data that includes personal information, as defined, to disclose in specified ways, any breach of the security of the data, as defined, to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.

Big data security and control framework Source: January 26, 2012, The Future Of Data Security And Privacy: Controlling Big Data Forrester report

Killing Data Encryption Masking Tokenization Data Abstraction Source: January 26, 2012, The Future Of Data Security And Privacy: Controlling Big Data Forrester report

Tokenization vs. Encryption PAN Tokenized In binary 4672564304618386 16 467256GH3LKK8386 16 10000100110011010110000100111100100010010001110010010 53 Padded for AES AES encrypted 0000000000000000000000000000000000000000000000000000000000000000 0000000000010000100110011010110000100111100100010010001110010010 0101011001000000111010011110010110011100101111011001110110110000 1000111101001010000011110010100101101011111010011111001011110100 128 128 FPE or token 9810143588110281 16 *Maths courtesy of Terence Spies (HPE)

Tokenization High-Level Flow April 2010 Demystifying Tokenization And Transaction Encryption, Part 1: Get Ready To Place Some Bets

Tokenization Supports Data Residency

Data Privacy is a global initiative Source: August 2014 Forrester s 2014 Data Privacy Heat Map Forrester report

Tokenization Protects Consumer Privacy

Privacy is a value we all care about

Privacy is a value we care about 46% would stop shopping from retailers who track in-store behavior 22% look for specific topics in privacy policies 27% worry about unintentionally granting access to their info 33% have canceled a transaction because of privacy concerns

Kill your data! Abstracting toxic data into a token mitigates the risks associated with data privacy and residency issues. Tokenization is a type of data loss prevention. Tokenized systems are typically not in scope (e.g. PCI) Tokenization can be applied to any Toxic Data string (00110100101001001000111101010) Source: January 26, 2012, The Future Of Data Security And Privacy: Controlling Big Data Forrester report

Apply What You Have Learned Today Appoint a Data Champion Do you have a Chief Data Officer? Who is incentivized to Protect Data? Treat Data as a Corporate Social Responisbility What Data should You Tokenize? Classify Your Data based upon how you need to protect it. Tokenization vs. Encryption Investigate Tokenization Technologies Do you have a Data Encryption provider? Rise of the API Economy Focus of Management 26

Thank You John Kindervag +1 469.221.5372 jkindervag@forrester.com @Kindervag

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback