Robert Shields

Robert Shields
Robert leads product marketing for Informatica's data security, data privacy and test data management solutions. Robert is responsible for product positioning, strategy, GTM, sales tools and sales enablement, analyst briefings and thought leadership of all related software products. These products include the award winning Dynamic Data Masking solution, Test Data Management (including persistent data masking, data subset and test data generation) and Cloud Test Data Management.

SailPoint Partners with Informatica Secure@Source

Secure@Source

Informatica World 2015

As part of the Informatica Secure@Source launch, Data Security Group Director of Business Development, Christophe Hassaine, interviewed our partner SailPoint’s Vice President of Product Management, Paul Trulove.  They discuss the importance of data security intelligence to ensure effective identity and access management

Christophe: Tell us a little more about what SailPoint does?

Paul: SailPoint is a leader in Identity and Access Management. Our products, IdentityIQ and IdentityNow help customers get the right access to the right users at the right time. This helps keeps users productive while at the same time minimizing the risk of inappropriate access or non-compliant access to sensitive resources or data for the customer.

Christophe: What are the challenges you are seeing in the market?

Paul: One of the most significant challenges we’re seeing in the market today is around the amount of data being generated and stored in the enterprise. This is creating issues for IT security teams to restrict access to only those users with a valid business reason.

Christophe: Specifically what gaps do you see in customers’ data security posture?

Paul: There are two important gaps that we see in the approaches being used today: one is a general lack of visibility to where sensitive data is within the enterprise; the second is how access to it is managed as customer generally think about managing access from a higher-level than data. These issues are compounded by the fact that in most organizations the data management teams and technology don’t link tightly with the IAM teams and systems. This can create blind shots and slow reaction time when a security event is detected.

Christophe: Why is Data Security Intelligence important to your customers?

Paul: Data security intelligence is important because you can’t manage everything. You have to prioritize security controls based on risk or you don’t have a chance.

Christophe: What are your integration plans with Informatica Secure@Source?

Paul: We are working on several innovative integration options with Secure@Source. One of the main focus areas is around providing identity context for data events. Since SailPoint knows who has access to what across every system in the enterprise, we can tell Secure@Source who it should be looking at when a security event is detected.

We are also automating risk responses with Informatica. For example, when Secure@Source identifies and locates sensitive and confidential data, SailPoint IdentityIQ ensures only authorized users have appropriate levels of access, no matter where the data proliferates – on-premises or in the cloud.

Christophe: How will the joint offering benefit your customers?

Paul: By combining our industry-leading approach to identity and access management with Informatica’s innovative Data Security Intelligence, our joint customers can proactively gain control of risk and improve their security posture by managing and securing all end users and tying them to the data they create.

If you are not able to view the video, click here.

For more information, check out our product website at https://www.informatica.com/products/data-security/secure-at-source.html

Share
Posted in Data Security | Tagged , , | Leave a comment

Vormetric Partners with Informatica Secure@Source

Secure@Source

Informatica World 2015

Informatica recently launched the industry’s first data security intelligence offering, Secure@Source. Informatica’s Data Security Group Director of Business Development, Christophe Hassaine, interviewed our partner Vormetric’s Vice President of Product Management, Derek Tumulak to get his take on how our complementary solutions address the need for more data centric security.

Christophe:  Derek, tell us a little more about how Vormetric customers benefit from your offerings.

Derek: Vormetric provides data security solutions. We help organizations protect sensitive information assets and we enable them to achieve regulatory compliance and security requirements. We also help them protect against data breaches. Our solution benefits customers by protecting information in database and file servers, big data, and cloud environments.

Christophe: What are the shifts in the industry you see and what new challenges it creates?

Derek:  The challenges we see in the market today are data breaches that are occurring more frequently. The largest gaps are in the fact that historically organizations have focused on anti-virus and anti-malware solutions. Even today many organizations continue to focus on network/perimeter and host based solutions when they need to be more focused on data-centric security solutions that bring the controls closer to the data itself. Organizations need to be implementing encryption, tokenization, access control and comprehensive auditing solutions in order to better protect their sensitive data in any environment.

Christophe: Why is data security intelligence so important to your customers?

Derek:    Data security intelligence is important for our customers since they not only need to understand and classify the data they have but also need to understand potentially anomalous/suspicious access patterns and even failed attempts to access sensitive information by various users and applications. Based on this type of threat intelligence and analytics organizations can be proactive about adapting their access policies particularly in situations where an organization may be under attack.

Christophe: How will the integration between Vormetric and Secure@Source benefit your customers?

Derek: We are integrating with Informatica Secure@Source in two distinct areas. The first allows customers to implement encryption, tokenization, and sophisticated access controls in environments that Informatica identifies as having sensitive information and potentially inadequate data security controls. The second integration is around providing rich data access audit information to Secure@Source for increased threat intelligence and analytics. This benefits our common customers by giving them an end-to-end solution and a comprehensive view around the data security lifecycle. Customers can discover, protect, and continuously monitor sensitive data.

If you are not able to view the video, click here.

For more information, check out our product website at https://www.informatica.com/products/data-security/secure-at-source.html

Share
Posted in Data Security | Tagged , , | Leave a comment

Striking Gold at RSA

logo_rsac

Striking Gold at RSA

Each year, many RSA exhibitors vie for the prestigious Info Security Product Guide’s security awards.  Informatica has fared well in in past years with our data- centric security solutions, earning gold, silver, bronze and the Most Innovative Security Product of the year.  These awards were for our dynamic and cloud masking products.

On the heels of our April 8 Secure@Source announcement, we were cautiously optimistic that the 50 judges who rank entries would find this solution innovative, valuable and contemporary to the needs of information security.  We were honored to receive the Gold award for the “New Product and Services” category.

While these awards represent a significant achievement for Informatica, they more importantly highlight the growing recognition of data-centric security.  They echo what our customers, partners and advisors have told us; improving information security requires focus on the data itself.

While encryption, APT protection and network security analytics dominate the RSA show floor, data-centric security is creeping into the pitches of many exhibitors and is cited in many of the session presentations.  With their utilization of Informatica’s data-centric security solution, our customers have certainly been early adopters and innovators in data-centric security, understanding its importance and benefits before the masses have recognized the need.

So what does Secure@Source offer for our clients?  To summarize, it analyzes sensitive data and determines its risk.  There is much to this story though.  First, to understand sensitive data risk requires a solution that can classify and discover sensitive data in its many combinations and permutations.  There are solutions that have been in the market for sensitive data discovery.  However, the complex data structures, relationships and proliferation mandate the need for high precision and rules-based discovery.   Informatica ’ s 20 years of understanding, integrating and managing data from disparate sources provides a distinct advantage for this capability.

Second, for accurate risk scoring, sensitive data protection, value, size and proliferation must be precisely determined so that sensitive data risk scores have meaning and relevance to the organization.  With location and risk scores, organizations can identify the data security priorities and align network and host security accordingly.  Informatica brings to bear it heritage in all things data to provide powerful analytics and scoring; delivering abstracted views for decision makers and detailed views for practitioners.

Finally, Secure@Source provides a repeatable and automated solution for sensitive data risk, replacing time consuming and manual audits and surveys, and replacing disparate tools.  Risk assessment is timely, repeatable, accurate and auditable.

The need for data security intelligence and for data protection beyond encryption is emerging in organizations that understand that protecting the network perimeter and host security are important.  But, most importantly, focus on the target of breaches, the data.  Understand, prioritize by risk and implement the controls to reduce risk.  The combination of data-centric security with traditional security will significantly improve what organizations urgently need; risk reduction and breach resiliency.

Share
Posted in Data Security | Tagged , | Leave a comment

How Organizations can Prepare for 2015 Data Privacy Legislation

Original article can be found here, scmagazine.com

On Jan. 13 the White House announced President Barack Obama’s proposal  for new data privacy legislation, the Personal Data Notification and Protection Act.  Many states have laws today that require corporations and government agencies to notify consumers in the event of a breach – but it is not enough.  This new proposal aims to improve cybersecurity standards nationwide with the following tactics:

Enable cyber-security information sharing between private and public sectors. 

Government agencies and corporations with a vested interest in protecting our information assets need a streamlined way to communicate and share threat information. This component of the proposed legislation incents organizations that participate in knowledge-sharing with targeted liability protection, as long as they are responsible for how they share, manage and retain privacy data.

Modernize the tools law enforcement has to combat cybercrime.
Existing laws, such as the Computer Fraud and Abuse Act, need to be updated to incorporate the latest cyber-crime classifications while giving prosecutors the ability to target insiders with privileged access to sensitive and privacy data.  The proposal also specifically calls out pursuing prosecution when selling privacy data nationally and internationally.

Standardize breach notification policies nationwide.
Many states have some sort of policy that requires notification of customers that their data has been compromised.  Three leading examples include California , Florida’s Information Protection Act (FIPA) and Massachusetts Standards for the Protection of Personal Information of Residents of the Commonwealth.  New Mexico, Alabama and South Dakota have no data breach protection legislation.  Enforcing standardization and simplifying the requirement for companies to notify customers and employees when a breach occurs will ensure consistent protection no matter where you live or transact.

Invest in increasing cyber-security skill sets.
For a number of years, security professionals have reported an ever-increasing skills gap in the cybersecurity profession.  In fact, in a recent Ponemon Institute report, 57 percent of respondents said a data breach incident could have been avoided if the organization had more skilled personnel with data security responsibilities. Increasingly, colleges and universities are adding cybersecurity curriculum and degrees to meet the demand. In support of this need, the proposed legislation mentions that the Department of Energy will provide $25 million in educational grants to Historically Black Colleges and Universities (HBCU) and two national labs to support a cybersecurity education consortium.

This proposal is clearly comprehensive, but it also raises the critical question: How can organizations prepare themselves for this privacy legislation?

The International Association of Privacy Professionals conducted a study of Federal Trade Commission (FTC) enforcement actions.  From the report, organizations can infer best practices implied by FTC enforcement and ensure these are covered by their organization’s security architecture, policies and practices:

  • Perform assessments to identify reasonably foreseeable risks to the security, integrity, and confidentiality of personal information collected and stored on the network, online or in paper files.
  • Limited access policies curb unnecessary security risks and minimize the number and type of network access points that an information security team must monitor for potential violations.
  • Limit employee access to (and copying of) personal information, based on employee’s role.
  • Implement and monitor compliance with policies and procedures for rendering information unreadable or otherwise secure in the course of disposal. Securely disposed information must not practicably be read or reconstructed.
  • Restrict third party access to personal information based on business need, for example, by restricting access based on IP address, granting temporary access privileges, or similar procedures.

The Personal Data Notification and Protection Act fills a void at the national level; most states have privacy laws with California pioneering the movement with SB 1386.  However, enforcement at the state AG level has been uneven at best and absent at worse.

In preparing for this national legislation organization need to heed the policies derived from the FTC’s enforcement practices. They can also track the progress of this legislation and look for agencies such as the National Institute of Standards and Technology to issue guidance. Furthermore, organizations can encourage employees to take advantage of cybersecurity internship programs at nearby colleges and universities to avoid critical skills shortages.

With online security a clear priority for President Obama’s administration, it’s essential for organizations and consumers to understand upcoming legislation and learn the benefits/risks of sharing data. We’re looking forward to celebrating safeguarding data and enabling trust on Data Privacy Day, held annually on January 28, and hope that these tips will make 2015 your safest year yet.

Share
Posted in Business Impact / Benefits, Business/IT Collaboration, Data Integration, Data Security, Data Services | Tagged , , , | Leave a comment

Informatica is a Leader in the Gartner 2014 Data Masking Magic Quadrant Three Years in a Row

Informatica a Leader in Data Masking

Informatica a Leader in Data Masking

Informatica announced this week its leadership position in Gartner 2014 Magic Quadrant for Data Masking Technology for the third year in a row. For the first time, Informatica was positioned the furthest to the right for Completeness of Vision.

In the report, Gartner cites. “Global-scale scandals around sensitive data losses have highlighted the need for effective data protection, especially from insider attacks. Data masking, which is focused on protecting data from insiders and outsiders, is a must-have technology in enterprises’ and governments’ security portfolios.”

Organizations realize that data protection must be hardened to protect against the inevitable breach; originating from either internal or external threats.  Data masking covers gaps in data protection in production and non-production environments that can be exploited by attackers.

Informatica customers are elevating the importance of data security initiatives in 2015 given the high exposure of recent breaches and the shift from just stealing identities and intellectual property, to politically charged platforms.  This raises the concern that existing security controls are insufficient and a more data-centric security approach is necessary.

Recent enforcement by the Federal Trade Commission in the US and emerging legislation worldwide has clearly indicated that sensitive data access and sharing should be tightly controlled; this is the strength of data masking.

Data Masking de-identifies and/or de-sensitizes private and confidential data by hiding it from those who are unauthorized to access it. Other terms for data masking include data obfuscation, sanitization, scrambling, de-identification, and anonymization.

To learn more, Download the Gartner Magic Quadrant Data Masking Report now. And visit the Informatica website for data masking product information.

About the Magic Quadrant

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Share
Posted in B2B, Business Impact / Benefits, Data masking, Data Privacy | Tagged , , , | Leave a comment

Just In Time For the Holidays: How The FTC Defines Reasonable Security

Reasonable Security

How The FTC Defines Reasonable Security

Recently the International Association of Privacy Professionals (IAPP, www.privacyassociation.org ) published a white paper that analyzed the Federal Trade Commission’s (FTC) data security/breach enforcement. These enforcements include organizations from the finance, retail, technology and healthcare industries within the United States.

From this analysis in “What’s Reasonable Security? A Moving Target,” IAPP extrapolated the best practices from the FTC’s enforcement actions.

While the white paper and article indicate that “reasonable security” is a moving target it does provide recommendations that will help organizations access and baseline their current data security efforts.  Interesting is the focus on data centric security, from overall enterprise assessment to the careful control of access of employees and 3rd parties.  Here some of the recommendations derived from the FTC’s enforcements that call for Data Centric Security:

  • Perform assessments to identify reasonably foreseeable risks to the security, integrity, and confidentiality of personal information collected and stored on the network, online or in paper files.
  • Limited access policies curb unnecessary security risks and minimize the number and type of network access points that an information security team must monitor for potential violations.
  • Limit employee access to (and copying of) personal information, based on employee’s role.
  • Implement and monitor compliance with policies and procedures for rendering information unreadable or otherwise secure in the course of disposal. Securely disposed information must not practicably be read or reconstructed.
  • Restrict third party access to personal information based on business need, for example, by restricting access based on IP address, granting temporary access privileges, or similar procedures.

How does Data Centric Security help organizations achieve this inferred baseline? 

  1. Data Security Intelligence (Secure@Source coming Q2 2015), provides the ability to “…identify reasonably foreseeable risks.”
  2. Data Masking (Dynamic and Persistent Data Masking)  provides the controls to limit access of information to employees and 3rd parties.
  3. Data Archiving provides the means for the secure disposal of information.

Other data centric security controls would include encryption for data at rest/motion and tokenization for securing payment card data.  All of the controls help organizations secure their data, whether a threat originates internally or externally.   And based on the never ending news of data breaches and attacks this year, it is a matter of when, not if your organization will be significantly breached.

For 2015, “Reasonable Security” will require ongoing analysis of sensitive data and the deployment of reciprocal data centric security controls to ensure that the organizations keep pace with this “Moving Target.”

Share
Posted in Data Integration, Data masking, Data Privacy, Data Security | Tagged , , , | Leave a comment

ILM Day: Test management, Data archives and Data security discussions and more…

At the Informatica World 2014 pre-conference, the “ILM Day” sessions were packed, with over 100 people in attendance. This attendance reflects the strong interest in data archive, test data management and data security. Customers were the focus of the panel sessions today, taking center stage to share their experiences, best practices and lessons learned from successful deployments.

Both the test management and data archive panels had strong audience interest and interaction. For Test Data Management, the panel topic was “Agile Development by Streamlining Test Data Management”; for data archive, the session tackled “Managing Data Growth in the Era of Application Consolidation and Modernization”. The panels provided practical tactics and strategies to address the challenges and issues in managing data growth, and how to efficiently and safely provision test data. Thank you to the customers, partners and analysts who served on the panels; participating was EMC, Visteon, Comcast, Lowes, Tata Consultancy Services and Neuralytix.

The day concluded with a most excellent presentation from the ILM General Manager, Amit Walia and the CTO of the International Association of Privacy Professionals, Jeff Northrop. Amit provided an executive summary pre-view of Tuesday’s Secure@Source(TM) announcement, while Jeff Northrop provided a thought provoking market backdrop on the issues and challenges for data privacy and security, and how the focus on information security needs to shift to a ‘data-centric’ approach.

A very successful event for all involved!

Share
Posted in Application ILM, Data Privacy, Data Services | Leave a comment

Data Security and Privacy: What’s Next?

DataSecurityData security breaches continue to escalate. Privacy legislation and enforcement is tightening and analysts have begun making dire predictions in regards to cyber security’s effectiveness. But there is more – Trusted insiders continue to be the major threat. In addition, most executives cannot identify the information they are trying to protect.

Data security is a senior management concern, not exclusive to IT. With this in mind, what is the next step CxOs must take to counter these breaches?

A new approach to Data Security

It is clear that a new approach is needed. This should focus on answering fundamental, but difficult and precise questions in regards to your data:

  1. What data should I be concerned about?
  2. Can I create re-usable rules for identifying and locating sensitive data in my organization?
  3. Can I do so both logically and physically?
  4. What is the source of the sensitive data and where is it consumed?
  5. What are the sensitive data relationships and proliferation?
  6. How is it protected? How should it be protected?
  7. How can I integrate data protection with my existing cyber security infrastructure?

The answers to these questions will help guide precise data security measures in order to protect the most valuable data. The answers need to be presented in an intuitive fashion, leveraging simple, yet revealing graphics and visualizations of your sensitive data risks and vulnerabilities.

At Informatica World 2014, Informatica will unveil its vision to help organizations address these concerns. This vision will assist in the development of precise security measures designed to counter the growing sophistication and frequency of cyber-attacks, and the ever present danger of rogue insiders.

Stay tuned, more to come from Informatica World 2014.

Share
Posted in Business/IT Collaboration, Data Privacy, Informatica World 2014 | Tagged , , , | Leave a comment

Data Privacy and Security at RSA and IAPP

Data SecurityIt is an important time for data security. This past month, two crucial data privacy events have taken place. Informatica was on hand for both:

  1. The RSA conference took place in San Francisco from February 24-28, 2014
  2. The IAPP Global Privacy Summit took place Washington, DC from March 5-7, 2014

Data Privacy at the 2014 RSA Conference

The RSA conference was busy as expected, with over 30,000 attendees. Informatica co-sponsored an after-hours event with one of our partners, Imperva, at the Dark Circus. The event was standing room only and provided a great escape from the torrential rain. One highlight of RSA, for Informatica, is that we were honored with two of the 2014 Security Products Guide Awards:

  1. Informatica Dynamic Data Masking won the Gold Award for Database Security, Data Leakage Prevention/Extrusion Prevention
  2. Informatica Cloud Test Data Management and Security won the Bronze Award for New Products

Of particular interest to us was the growing recognition of data-centric security and privacy at RSA. I briefly met Bob Rudis, co-author of “Data Driven Security” which was featured at the onsite bookstore. In the book, Rudis has presented a great case for focusing on data as the center-point of security, through data analysis and visualization. From Informatica’s perspective, we also believe that a deep understanding of data and its relationships will escalate as a key driver of security policies and measures.

Data Privacy at the IAPP Global Privacy Summit

The IAPP Global Privacy Summit was an amazing event, small (2,500), but completely sold-out and overflowing its current venue. We exhibited and had the opportunity to meet CPOs, privacy, risk/compliance and security professionals from around the world, and had hundreds of conversations about the role of data discovery and masking for privacy. From the privacy perspective, it is all about finding, de-identification and protection of PII, PCI and PHI. These privacy professionals have extensive legal and/or data security backgrounds and understand the need to safeguard privacy by using data masking. Many notable themes were present at IAPP:

  • De-identification is a key topic area
  • Concerns about outsourcing and contractors in application development and testing have driven test data management adoption
  • No national US privacy regulations expected in the short-term
  • Europe has active but uneven privacy enforcement (France: “name and shame”, UK: heavy fines, Spain; most active)

Register for Informatica WorldIf you want to learn more about data privacy and security, you will find no better place than Informatica World 2014. There, you’ll learn about the latest data security trends, see updates to Informatica’s data privacy and security offerings, and find out how Informatica protects sensitive information in real time without requiring costly, time-consuming changes to applications and databases. Register TODAY!

Share
Posted in Data masking, Data Privacy | Tagged , | Leave a comment