Robert Shields

Robert Shields
Robert leads product marketing for Informatica's data security, data privacy and test data management solutions. Robert is responsible for product positioning, strategy, GTM, sales tools and sales enablement, analyst briefings and thought leadership of all related software products. These products include the award winning Dynamic Data Masking solution, Test Data Management (including persistent data masking, data subset and test data generation) and Cloud Test Data Management.

Informatica is a Leader in the Gartner 2014 Data Masking Magic Quadrant Three Years in a Row

Informatica a Leader in Data Masking

Informatica a Leader in Data Masking

Informatica announced this week its leadership position in Gartner 2014 Magic Quadrant for Data Masking Technology for the third year in a row. For the first time, Informatica was positioned the furthest to the right for Completeness of Vision.

In the report, Gartner cites. “Global-scale scandals around sensitive data losses have highlighted the need for effective data protection, especially from insider attacks. Data masking, which is focused on protecting data from insiders and outsiders, is a must-have technology in enterprises’ and governments’ security portfolios.”

Organizations realize that data protection must be hardened to protect against the inevitable breach; originating from either internal or external threats.  Data masking covers gaps in data protection in production and non-production environments that can be exploited by attackers.

Informatica customers are elevating the importance of data security initiatives in 2015 given the high exposure of recent breaches and the shift from just stealing identities and intellectual property, to politically charged platforms.  This raises the concern that existing security controls are insufficient and a more data-centric security approach is necessary.

According to the Ponemon Institute’s report, The State of Data Centric Security, out of 1,587 respondents in security professional roles, 56% stated the protect sensitive data by masking, data de-identification, data redaction, or data suppression.

Recent enforcement by the Federal Trade Commission in the US and emerging legislation worldwide has clearly indicated that sensitive data access and sharing should be tightly controlled; this is the strength of data masking.

Data Masking de-identifies and/or de-sensitizes private and confidential data by hiding it from those who are unauthorized to access it. Other terms for data masking include data obfuscation, sanitization, scrambling, de-identification, and anonymization.

To learn more, Download the Gartner Magic Quadrant Data Masking Report now. And visit the Informatica website for data masking product information.

About the Magic Quadrant

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

FacebookTwitterLinkedInEmailPrintShare
Posted in B2B, Business Impact / Benefits, Data masking, Data Privacy | Tagged , , , | Leave a comment

Just In Time For the Holidays: How The FTC Defines Reasonable Security

Reasonable Security

How The FTC Defines Reasonable Security

Recently the International Association of Privacy Professionals (IAPP, www.privacyassociation.org ) published a white paper that analyzed the Federal Trade Commission’s (FTC) data security/breach enforcement. These enforcements include organizations from the finance, retail, technology and healthcare industries within the United States.

From this analysis in “What’s Reasonable Security? A Moving Target,” IAPP extrapolated the best practices from the FTC’s enforcement actions.

While the white paper and article indicate that “reasonable security” is a moving target it does provide recommendations that will help organizations access and baseline their current data security efforts.  Interesting is the focus on data centric security, from overall enterprise assessment to the careful control of access of employees and 3rd parties.  Here some of the recommendations derived from the FTC’s enforcements that call for Data Centric Security:

  • Perform assessments to identify reasonably foreseeable risks to the security, integrity, and confidentiality of personal information collected and stored on the network, online or in paper files.
  • Limited access policies curb unnecessary security risks and minimize the number and type of network access points that an information security team must monitor for potential violations.
  • Limit employee access to (and copying of) personal information, based on employee’s role.
  • Implement and monitor compliance with policies and procedures for rendering information unreadable or otherwise secure in the course of disposal. Securely disposed information must not practicably be read or reconstructed.
  • Restrict third party access to personal information based on business need, for example, by restricting access based on IP address, granting temporary access privileges, or similar procedures.

How does Data Centric Security help organizations achieve this inferred baseline? 

  1. Data Security Intelligence (Secure@Source coming Q2 2015), provides the ability to “…identify reasonably foreseeable risks.”
  2. Data Masking (Dynamic and Persistent Data Masking)  provides the controls to limit access of information to employees and 3rd parties.
  3. Data Archiving provides the means for the secure disposal of information.

Other data centric security controls would include encryption for data at rest/motion and tokenization for securing payment card data.  All of the controls help organizations secure their data, whether a threat originates internally or externally.   And based on the never ending news of data breaches and attacks this year, it is a matter of when, not if your organization will be significantly breached.

For 2015, “Reasonable Security” will require ongoing analysis of sensitive data and the deployment of reciprocal data centric security controls to ensure that the organizations keep pace with this “Moving Target.”

FacebookTwitterLinkedInEmailPrintShare
Posted in Data Integration, Data masking, Data Privacy, Data Security | Tagged , , , | Leave a comment

ILM Day: Test management, Data archives and Data security discussions and more…

At the Informatica World 2014 pre-conference, the “ILM Day” sessions were packed, with over 100 people in attendance. This attendance reflects the strong interest in data archive, test data management and data security. Customers were the focus of the panel sessions today, taking center stage to share their experiences, best practices and lessons learned from successful deployments.

Both the test management and data archive panels had strong audience interest and interaction. For Test Data Management, the panel topic was “Agile Development by Streamlining Test Data Management”; for data archive, the session tackled “Managing Data Growth in the Era of Application Consolidation and Modernization”. The panels provided practical tactics and strategies to address the challenges and issues in managing data growth, and how to efficiently and safely provision test data. Thank you to the customers, partners and analysts who served on the panels; participating was EMC, Visteon, Comcast, Lowes, Tata Consultancy Services and Neuralytix.

The day concluded with a most excellent presentation from the ILM General Manager, Amit Walia and the CTO of the International Association of Privacy Professionals, Jeff Northrop. Amit provided an executive summary pre-view of Tuesday’s Secure@Source(TM) announcement, while Jeff Northrop provided a thought provoking market backdrop on the issues and challenges for data privacy and security, and how the focus on information security needs to shift to a ‘data-centric’ approach.

A very successful event for all involved!

FacebookTwitterLinkedInEmailPrintShare
Posted in Application ILM, Data Privacy, Data Services | Leave a comment

Data Security and Privacy: What’s Next?

DataSecurityData security breaches continue to escalate. Privacy legislation and enforcement is tightening and analysts have begun making dire predictions in regards to cyber security’s effectiveness. But there is more – Trusted insiders continue to be the major threat. In addition, most executives cannot identify the information they are trying to protect.

Data security is a senior management concern, not exclusive to IT. With this in mind, what is the next step CxOs must take to counter these breaches?

A new approach to Data Security

It is clear that a new approach is needed. This should focus on answering fundamental, but difficult and precise questions in regards to your data:

  1. What data should I be concerned about?
  2. Can I create re-usable rules for identifying and locating sensitive data in my organization?
  3. Can I do so both logically and physically?
  4. What is the source of the sensitive data and where is it consumed?
  5. What are the sensitive data relationships and proliferation?
  6. How is it protected? How should it be protected?
  7. How can I integrate data protection with my existing cyber security infrastructure?

The answers to these questions will help guide precise data security measures in order to protect the most valuable data. The answers need to be presented in an intuitive fashion, leveraging simple, yet revealing graphics and visualizations of your sensitive data risks and vulnerabilities.

At Informatica World 2014, Informatica will unveil its vision to help organizations address these concerns. This vision will assist in the development of precise security measures designed to counter the growing sophistication and frequency of cyber-attacks, and the ever present danger of rogue insiders.

Stay tuned, more to come from Informatica World 2014.

FacebookTwitterLinkedInEmailPrintShare
Posted in Business/IT Collaboration, Data Privacy, Informatica World 2014 | Tagged , , , | Leave a comment

Data Privacy and Security at RSA and IAPP

Data SecurityIt is an important time for data security. This past month, two crucial data privacy events have taken place. Informatica was on hand for both:

  1. The RSA conference took place in San Francisco from February 24-28, 2014
  2. The IAPP Global Privacy Summit took place Washington, DC from March 5-7, 2014

Data Privacy at the 2014 RSA Conference

The RSA conference was busy as expected, with over 30,000 attendees. Informatica co-sponsored an after-hours event with one of our partners, Imperva, at the Dark Circus. The event was standing room only and provided a great escape from the torrential rain. One highlight of RSA, for Informatica, is that we were honored with two of the 2014 Security Products Guide Awards:

  1. Informatica Dynamic Data Masking won the Gold Award for Database Security, Data Leakage Prevention/Extrusion Prevention
  2. Informatica Cloud Test Data Management and Security won the Bronze Award for New Products

Of particular interest to us was the growing recognition of data-centric security and privacy at RSA. I briefly met Bob Rudis, co-author of “Data Driven Security” which was featured at the onsite bookstore. In the book, Rudis has presented a great case for focusing on data as the center-point of security, through data analysis and visualization. From Informatica’s perspective, we also believe that a deep understanding of data and its relationships will escalate as a key driver of security policies and measures.

Data Privacy at the IAPP Global Privacy Summit

The IAPP Global Privacy Summit was an amazing event, small (2,500), but completely sold-out and overflowing its current venue. We exhibited and had the opportunity to meet CPOs, privacy, risk/compliance and security professionals from around the world, and had hundreds of conversations about the role of data discovery and masking for privacy. From the privacy perspective, it is all about finding, de-identification and protection of PII, PCI and PHI. These privacy professionals have extensive legal and/or data security backgrounds and understand the need to safeguard privacy by using data masking. Many notable themes were present at IAPP:

  • De-identification is a key topic area
  • Concerns about outsourcing and contractors in application development and testing have driven test data management adoption
  • No national US privacy regulations expected in the short-term
  • Europe has active but uneven privacy enforcement (France: “name and shame”, UK: heavy fines, Spain; most active)

Register for Informatica WorldIf you want to learn more about data privacy and security, you will find no better place than Informatica World 2014. There, you’ll learn about the latest data security trends, see updates to Informatica’s data privacy and security offerings, and find out how Informatica protects sensitive information in real time without requiring costly, time-consuming changes to applications and databases. Register TODAY!

FacebookTwitterLinkedInEmailPrintShare
Posted in Data masking, Data Privacy | Tagged , | Leave a comment