Tag Archives: Secure@Source

SailPoint Partners with Informatica Secure@Source

Secure@Source

Informatica World 2015

As part of the Informatica Secure@Source launch, Data Security Group Director of Business Development, Christophe Hassaine, interviewed our partner SailPoint’s Vice President of Product Management, Paul Trulove.  They discuss the importance of data security intelligence to ensure effective identity and access management

Christophe: Tell us a little more about what SailPoint does?

Paul: SailPoint is a leader in Identity and Access Management. Our products, IdentityIQ and IdentityNow help customers get the right access to the right users at the right time. This helps keeps users productive while at the same time minimizing the risk of inappropriate access or non-compliant access to sensitive resources or data for the customer.

Christophe: What are the challenges you are seeing in the market?

Paul: One of the most significant challenges we’re seeing in the market today is around the amount of data being generated and stored in the enterprise. This is creating issues for IT security teams to restrict access to only those users with a valid business reason.

Christophe: Specifically what gaps do you see in customers’ data security posture?

Paul: There are two important gaps that we see in the approaches being used today: one is a general lack of visibility to where sensitive data is within the enterprise; the second is how access to it is managed as customer generally think about managing access from a higher-level than data. These issues are compounded by the fact that in most organizations the data management teams and technology don’t link tightly with the IAM teams and systems. This can create blind shots and slow reaction time when a security event is detected.

Christophe: Why is Data Security Intelligence important to your customers?

Paul: Data security intelligence is important because you can’t manage everything. You have to prioritize security controls based on risk or you don’t have a chance.

Christophe: What are your integration plans with Informatica Secure@Source?

Paul: We are working on several innovative integration options with Secure@Source. One of the main focus areas is around providing identity context for data events. Since SailPoint knows who has access to what across every system in the enterprise, we can tell Secure@Source who it should be looking at when a security event is detected.

We are also automating risk responses with Informatica. For example, when Secure@Source identifies and locates sensitive and confidential data, SailPoint IdentityIQ ensures only authorized users have appropriate levels of access, no matter where the data proliferates – on-premises or in the cloud.

Christophe: How will the joint offering benefit your customers?

Paul: By combining our industry-leading approach to identity and access management with Informatica’s innovative Data Security Intelligence, our joint customers can proactively gain control of risk and improve their security posture by managing and securing all end users and tying them to the data they create.

If you are not able to view the video, click here.

For more information, check out our product website at https://www.informatica.com/products/data-security/secure-at-source.html

Share
Posted in Data Security | Tagged , , | Leave a comment

Vormetric Partners with Informatica Secure@Source

Secure@Source

Informatica World 2015

Informatica recently launched the industry’s first data security intelligence offering, Secure@Source. Informatica’s Data Security Group Director of Business Development, Christophe Hassaine, interviewed our partner Vormetric’s Vice President of Product Management, Derek Tumulak to get his take on how our complementary solutions address the need for more data centric security.

Christophe:  Derek, tell us a little more about how Vormetric customers benefit from your offerings.

Derek: Vormetric provides data security solutions. We help organizations protect sensitive information assets and we enable them to achieve regulatory compliance and security requirements. We also help them protect against data breaches. Our solution benefits customers by protecting information in database and file servers, big data, and cloud environments.

Christophe: What are the shifts in the industry you see and what new challenges it creates?

Derek:  The challenges we see in the market today are data breaches that are occurring more frequently. The largest gaps are in the fact that historically organizations have focused on anti-virus and anti-malware solutions. Even today many organizations continue to focus on network/perimeter and host based solutions when they need to be more focused on data-centric security solutions that bring the controls closer to the data itself. Organizations need to be implementing encryption, tokenization, access control and comprehensive auditing solutions in order to better protect their sensitive data in any environment.

Christophe: Why is data security intelligence so important to your customers?

Derek:    Data security intelligence is important for our customers since they not only need to understand and classify the data they have but also need to understand potentially anomalous/suspicious access patterns and even failed attempts to access sensitive information by various users and applications. Based on this type of threat intelligence and analytics organizations can be proactive about adapting their access policies particularly in situations where an organization may be under attack.

Christophe: How will the integration between Vormetric and Secure@Source benefit your customers?

Derek: We are integrating with Informatica Secure@Source in two distinct areas. The first allows customers to implement encryption, tokenization, and sophisticated access controls in environments that Informatica identifies as having sensitive information and potentially inadequate data security controls. The second integration is around providing rich data access audit information to Secure@Source for increased threat intelligence and analytics. This benefits our common customers by giving them an end-to-end solution and a comprehensive view around the data security lifecycle. Customers can discover, protect, and continuously monitor sensitive data.

If you are not able to view the video, click here.

For more information, check out our product website at https://www.informatica.com/products/data-security/secure-at-source.html

Share
Posted in Data Security | Tagged , , | Leave a comment

Data Privacy Needs Data Security Intelligence and Controls

logo_rsac

RSA Conference, San Francisco

In an RSA Conference session entitled IAPP: Engineering Privacy: Why Security Isn’t Enough, Sagi Leizerov, E&Y’s Privacy Practice leader began with a plea:

‘We need effective ways to bring together privacy and security controls in an automated way”

Privacy professionals, according to Sagi, essentially need help in determining the use of information – which is a foundational definition of data privacy. Security tools and controls can provide the information necessary to perform that type of investigation conducted by privacy officers.   Yet as data proliferates, are the existing security tools truly up for the task?

In other sessions, such as A Privacy Primer for Security Officers , many speakers are claiming that Data Security projects get prioritized as a result of a need to comply with Data Privacy policies and legislation.

We are in an age where data proliferation is one of the major sources of pain for both Chief Information Security Officers and Chief Privacy and Risk Officers (CPO/CRO). Business systems that were designed to automate key business processes store sensitive and private information are primary sources of data for business analytics. As more business users want access data to understand the state of their businesses, data naturally proliferates. Data proliferates to spreadsheets and presentations, emailed in and out of a corporate network, and potentially stored in a public cloud storage offering.

Even though the original intention for using this information was likely all above board, one security violation could potentially open up a can of worms for nefarious characters to take advantage of this data for mal intent. Jeff Northrop, the CTO of the International Association of Privacy Professionals (IAPP) suggests we need to close the gap between security and privacy in a panel discussion with Larry Ponemon, founder of the Ponemon Institute.

Sagi concluded his session by stating ‘Be a voice of change in your organization. Pilot products, be courageous, give new ideas a chance.’ In the recent launch of Informatica Secure@Source,  we discuss the need for more alignment between security and privacy teams and the industry seems to agree. Congratulations to the Informatica Secure@Source development team for their recent announcement of winning Gold Medal in the New Product and Service Category at the Info Security Products Guide 2015 Global Excellence Awards!

For more on the importance of Data Security Intelligence in Privacy, watch Larry Ponemon, Founder of the Ponemon Institute and Jeff Northrop, CTO IAPP discuss this topic with Arnold Federbaum, former CISO and Adjunct Professor, NYU, and Linda Hewlett, Sr Enterprise Security Architect, Santander Holdings USA.

If unable to view the video, click here.

Share
Posted in Data Privacy, Data Security, Governance, Risk and Compliance | Tagged , , , , | Leave a comment

The Power and Security of Exponential Data

The Power and Security of Exponential Data

The Power and Security of Exponential Data

I recently heard a couple different analogies for data. The first is that data is the “new oil.” Data is a valuable resource that powers global business. Consequently, it is targeted for theft by hackers. The thinking is this: People are not after your servers, they’re after your data.

The other comparison is that data is like solar power. Like solar power, data is abundant. In addition, it’s getting cheaper and more efficient to harness. The juxtaposition of these images captures the current sentiment around data’s potential to improve our lives in many ways. For this to happen, however, corporations and data custodians must effectively balance the power of data with security and privacy concerns.

Many people have a preconception of security as an obstacle to productivity. Actually, good security practitioners understand that the purpose of security is to support the goals of the company by allowing the business to innovate and operate more quickly and effectively. Think back to the early days of online transactions; many people were not comfortable banking online or making web purchases for fear of fraud and theft. Similar fears slowed early adoption of mobile phone banking and purchasing applications. But security ecosystems evolved, concerns were addressed, and now Gartner estimates that worldwide mobile payment transaction values surpass $235B in 2013. An astute security executive once pointed out why cars have brakes: not to slow us down, but to allow us to drive faster, safely.

The pace of digital change and the current proliferation of data is not a simple linear function – it’s growing exponentially – and it’s not going to slow down. I believe this is generally a good thing. Our ability to harness data is how we will better understand our world. It’s how we will address challenges with critical resources such as energy and water. And it’s how we will innovate in research areas such as medicine and healthcare. And so, as a relatively new Informatica employee coming from a security background, I’m now at a crossroads of sorts. While Informatica’s goal of “Putting potential to work” resonates with my views and helps customers deliver on the promise of this data growth, I know we need to have proper controls in place. I’m proud to be part of a team building a new intelligent, context-aware approach to data security (Secure@SourceTM).

We recently announced Secure@SourceTM during InformaticaWorld 2014. One thing that impressed me was how quickly attendees (many of whom have little security background) understood how they could leverage data context to improve security controls, privacy, and data governance for their organizations. You can find a great introduction summary of Secure@SourceTM here.

I will be sharing more on Secure@SourceTM and data security in general, and would love to get your feedback. If you are an Informatica customer and would like to help shape the product direction, we are recruiting a select group of charter customers to drive and provide feedback for the first release. Customers who are interested in being a charter customer should register and send email to SecureCustomers@informatica.com.

Share
Posted in Big Data, Data Governance, Data Privacy, Data Security | Tagged , , , , , | Leave a comment

How Can CEOs Protect Customer Data And Their Own Jobs?

Data Security

Data-centric security

Recently, a number of high-profile data breaches have drawn attention to the impact that compromised data can have on a business. When customer data is breached, the consequences can include:

  • A loss of customer trust
  • Revenue shortfalls
  • A plummeting stock price
  • C-level executives losing their jobs

As a result, Data security and privacy has become a key topic of discussion, not just in IT meetings, but in the media and the boardroom.

Preventing access to sensitive data has become more complex than ever before. There are new potential entry points that IT never previously considered. These new options go beyond typical BYOD user devices like smartphones and tablets. Today’s entry points can be much smaller: Things like HVAC controllers, office polycoms and temperature control systems. 

So what can organizations do to combat this increasing complexity? Traditional data security practices focus on securing both the perimeter and the endpoints. However, these practices are clearly no longer working and no longer manageable. Not only is the number and type of devices expanding, but the perimeter itself is no longer present. As companies increasingly outsource, off-shore and move operations to the cloud, it is no longer possible fence the perimeters and to keep intruders out. Because 3rd parties often require some form of access, even trusted user credentials may fall into the hands of malicious intruders. 

Data security requires a new approach. It must use policies to follow the data and to protect it, regardless of where it is located and where it moves. Informatica is responding to this need. We are leveraging our market leadership and domain expertise in data management and security. We are defining a new data security offering and category.  This week, we unveiled our entry into the Data Security market at our Informatica World conference. Our new security offering, Secure@Source™ will allow enterprises to discover, detect and protect sensitive data.

The first step towards protecting sensitive data is to locate and identify them. So Secure@Source™ first allows you discover where all the sensitive data are located in the enterprise and classify them.  As part of the discovery, Secure@source also analyzes where sensitive data is being proliferated, who has access to the data, who are actually accessing them and whether the data is protected or unprotected when accessed.  Secure@Source™ leverages Informatica’s PowerCenter repository and lineage technology to perform a first pass, quick discovery with a more in depth analysis and profiling over time.  The solution allows you to determine the privacy risk index of your enterprise and slice and dice the analysis based on region, departments, organization hierarchy, as well as data classifications.

infaaa

The longer term vision of Secure@Source™ will allow you to detect suspicious usage patterns and orchestrate the appropriate data protection method, such as:  alerting, blocking, archiving and purging, dynamically masking, persistently masking, encrypting, and/or tokenizing the data. The data protection method will depend on whether the data store is a production or non-production system, and whether you would like to de-identify sensitive data across all users or only for some users.  All can be deployed based on policies. Secure@Source™ is intended to be an open framework for aggregating data security analytics and will integrate with key partners to provide a comprehensive visibility and assessment of an enterprise data privacy risk.

Secure@Source™ is targeted for beta at the end of 2014 and general availability in early 2015.  Informatica is recruiting a select group of charter customers to drive and provide feedback for the first release. Customers who are interested in being a charter customer should register and send email to SecureCustomers@informatica.com.

Share
Posted in Big Data, Business Impact / Benefits, Customers, Data Governance, Data Privacy | Tagged , , , , , | Leave a comment