SlideShare a Scribd company logo

How to add security in dataops and devops

Download as pptx, pdf
Ulf Mattsson
Ulf Mattsson

The document discusses the integration of security in DataOps and DevOps, highlighting the alarming increase in privacy breaches and identity theft. It defines DataOps as a collaborative practice aimed at improving data flow management and emphasizes emerging technologies such as low-code development and cloud security. Key points also include the evolving role of mainframes in handling enterprise data and the importance of compliance with privacy regulations like GDPR.

Technology
1 of 61
Downloaded 20 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
1 Ulf Mattsson www.TokenEx.com How to add Security in DataOps and DevOps Forrester, tdwi
2 Ulf Mattsson www.TokenEx.com How to add Security in DataOps and DevOps Forrester, tdwi
3 Ulf Mattsson • Head of Innovation at TokenEx • Chief Technology Officer at Protegrity • Chief Technology Officer at Atlantic BT Security Solutions • Chief Technology Officer at Compliance Engineering • Developer at IBM Research and Development • Inventor of 70+ issued US patents • Provided products and services for • Data Encryption and Tokenization, • Data Discovery, • Robotics, ERP, CRM in Manufacturing, • Cloud Application Security Broker (CASB), • Web Application Firewall (WAF), • Managed Security Services, • Security Operation Center (SOC), • Benchmarking/Gap-analysis
4 Agenda 1. Business Goals 2. DevOps & DataOps 3. Compliance & Security 4. Cloud Aspects
5 The privacy breach trend is alarming The US FEDERAL TRADE COMMISSION (FTC) reported that credit card fraud tops the list of identity theft reports in 2018. FTC received nearly three million complaints from consumers in 2018. The FTC received more than 167,000 reports from people who said their information was misused on an existing account or to open a new credit card account Source: Redhat / IBM
6 DevOps
7 Security in DevOps Source: Securosis
8 What is DevOps? Source: Redhat / IBM
9 Getting Started with DevOps? Source: Redhat / IBM
10 What is Your Value Stream? Source: IBM DevOps
11 DevOps Architecture & Tools
12 What makes up the pipeline? Source: IBM DevOps
13 Are IBM mainframes still used? • 70 percent of all enterprise data globally, resides on a mainframe • Visa, for example, uses the mainframe to secure billions of credit and debit card payments every year. In fact, mainframes process about $7 trillion in Visa payments annually, roughly equal to the annual GDP of Japan, the world’s third largest economy • 71 percent of all Fortune 500 companies have their core businesses located on a mainframe • 96 of the world’s largest 100 banks • 23 of the world’s top 25 retailers use the mainframe to make sure they can provide their customers with customized service. • All Top 10 insurers use the cloud on the mainframe to save money for their consumers Source: Forbes
14 Typical Mainframe CI / CD Pipeline Source: IBM, HCL SOFTWARE
15
16 Deployment Overview Source: IBM, HCL SOFTWARE
17 Software Developer Challenges Source: OVHcloud 1. Pace of change in the software development industry. 2. With the move to modern software development on web, mobile and cloud, new languages, frameworks, plug-ins, modules and components appear almost weekly. 3. How can developers keep on top of all the options available and how can developers ensure the choices made of which to use, are the right ones in the long- term? 4. Building a new generation of modern applications may require significant reskilling of the development team. 5. For maintaining existing applications, there may be little opportunity for developers to add new skills. 6. Some developers will embrace the change, whilst others will prefer to stick with what they know.
18 Low-code development Source: Gartner, OVHCloud Enterprise low-code application platforms offer compelling productivity gains. • By 2024, three-quarters of large enterprises will be using at least four low-code development tools for both IT application development and citizen development initiatives. • By 2024, low-code application development will be responsible for more than 65% of application development activity.
19 Low-code development platforms Source: OVHcloud Faster development • Writing less code means more apps can be built faster than ever before. Digital transformation • Transformation of manual and paper-based processes into cloud, desktop, web and mobile applications for better efficiency, productivity, data accuracy and customer service. Reducing the maintenance burden • By simplifying application maintenance as well as development, overall life-cycle costs can be reduced, and resources freed up to build new applications. Move to mobile • Satisfy the increasing demand for mobile applications across the business. Cloud computing • Improve availability while cutting operational costs by quickly moving applications, or parts of applications to the cloud for better agility and elasticity. Skills management • Eliminate pockets of expertise and specialized skills. Allow any developers to work on any part of an application. Eliminate resource shortages and conflicts. Combating Shadow IT • Accelerate the deployment of applications so that business users don’t feel they need to take matters into their own hands. Deliver apps in days or weeks instead of months or years.
20 DataOps
21Source: 451 Research Automation in Data Management A Self-driving Database
22 DataOps (Gartner) Definition: • DataOps is a collaborative data management practice focused on improving the communication, integration and automation of data flows between data managers and consumers across an organization. • The goal of DataOps is to create predictable delivery and change management of data, data models and related artifacts. • DataOps uses technology to automate data delivery with the appropriate levels of security, quality and metadata to improve the use and value of data in a dynamic environment. Position and Adoption Speed Justification: • Currently, there are no standards or known frameworks for DataOps. • Today's loose interpretation makes it difficult to know where to begin, what success looks like, or if organizations are even "doing DataOps" at all. User Advice: • As a new practice, DataOps will be most successful on projects targeting a small scope with some level of executive sponsorship, primarily from the CDO or other top data and analytics leader. • Executive sponsorship will be key as DataOps represents a new way of delivering data to consumers. • Practitioners will have to overcome the resistance to change existing practices as they introduce this concept.
23 DataOps is NOT Just DevOps for Data • One common misconception about DataOps is that it is just DevOps applied to data analytics. • While a little semantically misleading, the name “DataOps” has one positive attribute. • It communicates that data analytics can achieve what software development attained with DevOps. • DataOps can yield an order of magnitude improvement in quality and cycle time when data teams utilize new tools and methodologies. • The specific ways that DataOps achieves these gains reflect the unique people, processes and tools characteristic of data teams (versus software development teams using DevOps). Source: datakitchen
24Source: datakitchen DataOps Tools isolated in a Sandbox
25 Source: datakitchen DataOps Brings 3 Cycles of Innovation between Production, Central Data and Self-service Teams
26 Source: datakitchen DataOps Data Analytics Development Lifecycle and Tools
27 Application Security
28 Micro trends in Cloud security
29 Virtualization vs Containers
30 Flexibility with Containers
31 Portable Applications for Hybrid Cloud
32 A Framework for Hybrid Cloud Source: Tagore
33 Container management with all types of Kubernetes Source: Rancher Kubernetes will enable a new era of application portability
34 Integration Via APIs
35 Importance of API for Supporting Data and the Integrated Needs of Digital Business Source: Gartner
36 Security for APIs and Microservices Source: Gartner Source: Gartner
37 Products Delivering API Security Source: Gartner
38 Source: Microsoft Microservices is a natural evolution from SOA
39 Security Tools for DevOps Dynamic Application Security Testing (DAST) dynamically 'crawls' through an application's interface, testing how it reacts to various inputs Manual reviews often catch obvious stuff that tests miss, and developers can miss Source: Securosis
40 Security Tools for DevOps Static Application Security Testing (SAST) examines all code — or runtime binaries (less effective for Micro Services) Fuzz testing is essentially throwing lots of random garbage at applications, seeing whether any particular (type of) garbage causes errors Vulnerability Analysis including platform configuration, patch levels or application composition to detect known vulnerabilities Runtime Application Self Protection (RASP) provides execution path scanning, monitoring and embedded application white listing (effective for Micro Services) Interactive Application Self- Testing (IAST) provides execution path scanning, monitoring and embedded application white listing (emerging) Source: Securosis, Webomates Regression testing enhances the visibility on your build quality before putting it in production. Examples: Full Regressions, Overnight Targeted Checks and Smoke Checks executed with manual, automation, crowdsourcing and artificial intelligence and allows a software development team to quickly validate their UI and API as well as load test it.
41 DevOps - Security for APIs and Microservices Source: Securosis Trend: Test/scan API flows, context, parameter input/output. DAST works better. Old: Larger monolithic apps that contain more context. SAST works well. Shift right Trend: IAST is emerging
42Source: Veracode Flaws categories discovered by Static Analysis
43Source: Veracode Flaws categories discovered by Dynamic Analysis
44
45
46 OWASP API Security Top 10 2019 The Ten Most Critical API Security Risks Source: OWASP
47 Compliance
48 Global Map Of Privacy Rights And Regulations
49 A Framework can help organizations prepare for GDPR IBM Framework Helps Clients Prepare for the EU's General Data Protection Regulation
50 Data sources Data Warehouse In Italy Complete policy- enforced de- identification of sensitive data across all bank entities Tokenization for Cross Border Data-centric Security (EU GDPR) • Protecting Personally Identifiable Information (PII), including names, addresses, phone, email, policy and account numbers • Compliance with EU Cross Border Data Protection Laws • Utilizing Data Tokenization, and centralized policy, key management, auditing, and reporting
51 Data-centric Security
52 • Privacy enhancing data de-identification terminology and classification of techniques Source: INTERNATIONAL STANDARD ISO/IEC 20889 Encrypted data has the same format Server model Local model Differential Privacy (DP) Formal privacy measurement models (PMM) De-identification techniques (DT) Cryptographic tools (CT) Format Preserving Encryption (FPE) Homomorphic Encryption (HE) Two values encrypted can be combined* K-anonymity model Responses to queries are only able to be obtained through a software component or “middleware”, known as the “curator** The entity receiving the data is looking to reduce risk Ensures that for each identifier there is a corresponding equivalence class containing at least K records *: Multi Party Computation (MPC) **: Example Apple and Google ISO Standard for Encryption and Privacy Models
53 User Payment Application Payment Network Payment Data Tokenization (VBT), encryption and keys User CASB User Call Center Application Format Preserving Encryption (FPE) PII Data Vault-based tokenization (VBT) Data Protection Use Cases – Tokenization and FPE User Data Warehouse PII Data Vault-less tokenization (VLT) Salesforce
54 Data Warehouse Centralized Distributed On- premises Public Cloud Private Cloud Vault-based tokenization y y Vault-less tokenization y y y y y y Format preserving encryption y y y y y Homomorphic encryption y y Masking y y y y y y Hashing y y y y y y Server model y y y y y y Local model y y y y y y L-diversity y y y y y y T-closeness y y y y y y Formal privacy measurement models Differential Privacy K-anonymity model Privacy enhancing data de-identification terminology and classification of techniques De- identification techniques Tokenization Cryptographic tools Suppression techniques Example of mapping of data security and privacy techniques (ISO) to different deployment models
55 Risk reduction and truthfulness of some de-identification techniques and models Singling out Linking Inference Deterministic encryption Yes All attributes No Partially No Order-preserving encryption Yes All attributes No Partially No Homomorphic encryption Yes All attributes No No No Masking Yes Local identifiers Yes Partially No Local suppression Yes Identifying attributes Partially Partially Partially Record suppression Yes Sampling Yes N/A Partially Partially Partially Pseudonymization Yes Direct identifiers No Partially No Generalization Yes Identifying attributes Rounding Yes Identifying attributes No Partially Partially Top/bottom coding Yes Identifying attributes No Partially Partially Noise addition No Identifying attributes Partially Partially Partially Cryptographic tools Suppression Generalization Technique name Data truthfulness at record level Applicable to types of attributes Reduces the risk of Source: INTERNATIONAL STANDARD ISO/IEC 20889
56 Type of Data Use Case I Structured How Should I Secure Different Types of Data? I Un-structured Simple – Complex – PCI PHI PII Encryption of Files Card Holder Data Tokenization of Fields Protected Health Information Personally Identifiable Information
57 On Premise tokenization • Limited PCI DSS scope reduction - must still maintain a CDE with PCI data • Higher risk – sensitive data still resident in environment • Associated personnel and hardware costs Cloud-Based tokenization • Significant reduction in PCI DSS scope • Reduced risk – sensitive data removed from the environment • Platform-focused security • Lower associated costs – cyber insurance, PCI audit, maintenance Total Cost and Risk of Tokenization Example: 50% Lower Total Cost
58 Cloud transformations are accelerating Risk Elasticity Out-sourcedIn-house On-premises system On-premises Private Cloud Hosted Private Cloud Public Cloud Low - High - Compute Cost - High - Low Risk Adjusted Computation
59 Which of the following most closely describes what ‘hybrid cloud’ means in your organization? Source: Forrester
60 For each of the following data center and IT infrastructure components, how much outsourcing and managed services does your firm use for IT operation? (excluding systems integrators for project implementation) Source: Forrester
61 Thank You! Ulf Mattsson, TokenEx www.TokenEx.com

More Related Content

What's hot (20)

PPTX
Data Lake Overview
James Serra
 
PPTX
Sibyl HIMS: Hospital Information & Management System
Amarnath Gupta
 
PPTX
Health information systems
Somali Field Epidemiology Network (SOFEN)
 
PPT
Data Lakehouse Symposium | Day 1 | Part 2
Databricks
 
PDF
Future of Data Engineering
C4Media
 
PPTX
Kerry Group: How Neo4j graph technology is delivering benefits to Kerry Group...
Neo4j
 
PPTX
The evolution of IT in a cloud world
Zscaler
 
PDF
Data Verification
InfoCheckPoint
 
PDF
Making Apache Spark Better with Delta Lake
Databricks
 
PDF
Enabling a Data Mesh Architecture with Data Virtualization
Denodo
 
PDF
Big Data Ecosystem
Lucian Neghina
 
PDF
Learn to Use Databricks for Data Science
Databricks
 
PPTX
Tableau Presentation
Andrea Bissoli
 
PPTX
SaaS Architecture Past and Present
Techcello
 
PPTX
Comparison of MPP Data Warehouse Platforms
David Portnoy
 
PPTX
Microsoft Azure in 5 minutes
Brian Blanchard
 
PPT
Database Archiving - Managing Data for Long Retention Periods
Craig Mullins
 
PPTX
OpManager Technical Overview
ManageEngine, Zoho Corporation
 
PDF
DAMA Ireland - CDMP Overview (How to become a Certified Data Management Pract...
DAMA Ireland
 
PPTX
Master the Multi-Clustered Data Warehouse - Snowflake
Matillion
 
Data Lake Overview
James Serra
 
Sibyl HIMS: Hospital Information & Management System
Amarnath Gupta
 
Health information systems
Somali Field Epidemiology Network (SOFEN)
 
Data Lakehouse Symposium | Day 1 | Part 2
Databricks
 
Future of Data Engineering
C4Media
 
Kerry Group: How Neo4j graph technology is delivering benefits to Kerry Group...
Neo4j
 
The evolution of IT in a cloud world
Zscaler
 
Data Verification
InfoCheckPoint
 
Making Apache Spark Better with Delta Lake
Databricks
 
Enabling a Data Mesh Architecture with Data Virtualization
Denodo
 
Big Data Ecosystem
Lucian Neghina
 
Learn to Use Databricks for Data Science
Databricks
 
Tableau Presentation
Andrea Bissoli
 
SaaS Architecture Past and Present
Techcello
 
Comparison of MPP Data Warehouse Platforms
David Portnoy
 
Microsoft Azure in 5 minutes
Brian Blanchard
 
Database Archiving - Managing Data for Long Retention Periods
Craig Mullins
 
OpManager Technical Overview
ManageEngine, Zoho Corporation
 
DAMA Ireland - CDMP Overview (How to become a Certified Data Management Pract...
DAMA Ireland
 
Master the Multi-Clustered Data Warehouse - Snowflake
Matillion
 

Similar to How to add security in dataops and devops (20)

PPTX
IBM Relay 2015: Cloud is All About the Customer
IBM
 
PPTX
Troux Presentation Austin Texas
JoeFaghani
 
PPTX
How AI is transforming DevOps | Calidad Infotech
Calidad Infotech
 
PPT
DevOps for Enterprise Systems - Rosalind Radcliffe
DevOps for Enterprise Systems
 
PDF
Microservices and the Modern IT Stack: Trends of Tomorrow - AppSphere16
AppDynamics
 
PDF
Future of Data Strategy (ASEAN)
Denodo
 
PDF
#ATAGTR2020 Presentation - Microservices – Explored
Agile Testing Alliance
 
PPTX
Boston Cloud Dinner/Discussion November 2010
Ness Technologies
 
PDF
What is the future of data strategy?
Denodo
 
PPTX
Get ahead of the cloud or get left behind
Matt Mandich
 
PDF
whitepaper_workday_technology_platform_devt_process
Eric Saraceno
 
PDF
DevOps for Enterprise Systems : Innovate like a Startup
DevOps for Enterprise Systems
 
PDF
Application Modernization With Cloud Native Approach_ An in-depth Guide.pdf
basilmph
 
PPTX
A Study on the Application of Web-Scale IT in Enterprises in IoT Era
Hassan Keshavarz
 
PDF
Unlock your core business assets for the hybrid cloud with addi webinar dec...
Sherri Hanna
 
PDF
Improve_Application_Availability_and_Performance_Sales_Crib_Sheet.pdf
منیزہ ہاشمی
 
PPTX
devops market Size college project .pptx
jewipe9572
 
PDF
¿Cómo las manufacturas están evolucionando hacia la Industria 4.0 con la virt...
Denodo
 
PDF
Bridging the Gap: from Data Science to Production
Florian Wilhelm
 
PDF
Learn Best Practices of a True Hybrid IT Management Approach
Enterprise Management Associates
 
IBM Relay 2015: Cloud is All About the Customer
IBM
 
Troux Presentation Austin Texas
JoeFaghani
 
How AI is transforming DevOps | Calidad Infotech
Calidad Infotech
 
DevOps for Enterprise Systems - Rosalind Radcliffe
DevOps for Enterprise Systems
 
Microservices and the Modern IT Stack: Trends of Tomorrow - AppSphere16
AppDynamics
 
Future of Data Strategy (ASEAN)
Denodo
 
#ATAGTR2020 Presentation - Microservices – Explored
Agile Testing Alliance
 
Boston Cloud Dinner/Discussion November 2010
Ness Technologies
 
What is the future of data strategy?
Denodo
 
Get ahead of the cloud or get left behind
Matt Mandich
 
whitepaper_workday_technology_platform_devt_process
Eric Saraceno
 
DevOps for Enterprise Systems : Innovate like a Startup
DevOps for Enterprise Systems
 
Application Modernization With Cloud Native Approach_ An in-depth Guide.pdf
basilmph
 
A Study on the Application of Web-Scale IT in Enterprises in IoT Era
Hassan Keshavarz
 
Unlock your core business assets for the hybrid cloud with addi webinar dec...
Sherri Hanna
 
Improve_Application_Availability_and_Performance_Sales_Crib_Sheet.pdf
منیزہ ہاشمی
 
devops market Size college project .pptx
jewipe9572
 
¿Cómo las manufacturas están evolucionando hacia la Industria 4.0 con la virt...
Denodo
 
Bridging the Gap: from Data Science to Production
Florian Wilhelm
 
Learn Best Practices of a True Hybrid IT Management Approach
Enterprise Management Associates
 
Ad

More from Ulf Mattsson (20)

PPTX
Jun 29 new privacy technologies for unicode and international data standards ...
Ulf Mattsson
 
PPTX
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Ulf Mattsson
 
PPTX
Book
Ulf Mattsson
 
PPTX
May 6 evolving international privacy regulations and cross border data tran...
Ulf Mattsson
 
PPTX
Qubit conference-new-york-2021
Ulf Mattsson
 
PDF
Secure analytics and machine learning in cloud use cases
Ulf Mattsson
 
PPTX
Evolving international privacy regulations and cross border data transfer - g...
Ulf Mattsson
 
PDF
Data encryption and tokenization for international unicode
Ulf Mattsson
 
PPTX
The future of data security and blockchain
Ulf Mattsson
 
PPTX
New technologies for data protection
Ulf Mattsson
 
PPTX
GDPR and evolving international privacy regulations
Ulf Mattsson
 
PPTX
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Ulf Mattsson
 
PPTX
Safeguarding customer and financial data in analytics and machine learning
Ulf Mattsson
 
PPTX
Protecting data privacy in analytics and machine learning ISACA London UK
Ulf Mattsson
 
PPTX
New opportunities and business risks with evolving privacy regulations
Ulf Mattsson
 
PPTX
What is tokenization in blockchain - BCS London
Ulf Mattsson
 
PPTX
Protecting data privacy in analytics and machine learning - ISACA
Ulf Mattsson
 
PPTX
What is tokenization in blockchain?
Ulf Mattsson
 
PPTX
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Ulf Mattsson
 
PPTX
Unlock the potential of data security 2020
Ulf Mattsson
 
Jun 29 new privacy technologies for unicode and international data standards ...
Ulf Mattsson
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Ulf Mattsson
 
Book
Ulf Mattsson
 
May 6 evolving international privacy regulations and cross border data tran...
Ulf Mattsson
 
Qubit conference-new-york-2021
Ulf Mattsson
 
Secure analytics and machine learning in cloud use cases
Ulf Mattsson
 
Evolving international privacy regulations and cross border data transfer - g...
Ulf Mattsson
 
Data encryption and tokenization for international unicode
Ulf Mattsson
 
The future of data security and blockchain
Ulf Mattsson
 
New technologies for data protection
Ulf Mattsson
 
GDPR and evolving international privacy regulations
Ulf Mattsson
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Ulf Mattsson
 
Safeguarding customer and financial data in analytics and machine learning
Ulf Mattsson
 
Protecting data privacy in analytics and machine learning ISACA London UK
Ulf Mattsson
 
New opportunities and business risks with evolving privacy regulations
Ulf Mattsson
 
What is tokenization in blockchain - BCS London
Ulf Mattsson
 
Protecting data privacy in analytics and machine learning - ISACA
Ulf Mattsson
 
What is tokenization in blockchain?
Ulf Mattsson
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Ulf Mattsson
 
Unlock the potential of data security 2020
Ulf Mattsson
 
Ad

Recently uploaded (20)

PDF
Why aren't you using FME Flow's CPU Time?
Safe Software
 
PPTX
Paycifi - Programmable Trust_Breakfast_PPTXT
FinTech Belgium
 
PPTX
Enabling the Digital Artisan – keynote at ICOCI 2025
Alan Dix
 
PPTX
MARTSIA: A Tool for Confidential Data Exchange via Public Blockchain - Poster...
Michele Kryston
 
PDF
Understanding AI Optimization AIO, LLMO, and GEO
CoDigital
 
PDF
My Journey from CAD to BIM: A True Underdog Story
Safe Software
 
PDF
ArcGIS Utility Network Migration - The Hunter Water Story
Safe Software
 
PDF
Unlocking FME Flow’s Potential: Architecture Design for Modern Enterprises
Safe Software
 
PPTX
01_Approach Cyber- DORA Incident Management.pptx
FinTech Belgium
 
PDF
LLM Search Readiness Audit - Dentsu x SEO Square - June 2025.pdf
Nick Samuel
 
PPTX
Smart Factory Monitoring IIoT in Machine and Production Operations.pptx
Rejig Digital
 
PPTX
Practical Applications of AI in Local Government
OnBoard
 
PDF
Plugging AI into everything: Model Context Protocol Simplified.pdf
Abati Adewale
 
PDF
Hello I'm "AI" Your New _________________
Dr. Tathagat Varma
 
PDF
The Future of Product Management in AI ERA.pdf
Alyona Owens
 
PDF
Simplify Your FME Flow Setup: Fault-Tolerant Deployment Made Easy with Packer...
Safe Software
 
PDF
FME as an Orchestration Tool with Principles From Data Gravity
Safe Software
 
PDF
Kubernetes - Architecture & Components.pdf
geethak285
 
PPTX
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
PDF
Understanding The True Cost of DynamoDB Webinar
ScyllaDB
 
Why aren't you using FME Flow's CPU Time?
Safe Software
 
Paycifi - Programmable Trust_Breakfast_PPTXT
FinTech Belgium
 
Enabling the Digital Artisan – keynote at ICOCI 2025
Alan Dix
 
MARTSIA: A Tool for Confidential Data Exchange via Public Blockchain - Poster...
Michele Kryston
 
Understanding AI Optimization AIO, LLMO, and GEO
CoDigital
 
My Journey from CAD to BIM: A True Underdog Story
Safe Software
 
ArcGIS Utility Network Migration - The Hunter Water Story
Safe Software
 
Unlocking FME Flow’s Potential: Architecture Design for Modern Enterprises
Safe Software
 
01_Approach Cyber- DORA Incident Management.pptx
FinTech Belgium
 
LLM Search Readiness Audit - Dentsu x SEO Square - June 2025.pdf
Nick Samuel
 
Smart Factory Monitoring IIoT in Machine and Production Operations.pptx
Rejig Digital
 
Practical Applications of AI in Local Government
OnBoard
 
Plugging AI into everything: Model Context Protocol Simplified.pdf
Abati Adewale
 
Hello I'm "AI" Your New _________________
Dr. Tathagat Varma
 
The Future of Product Management in AI ERA.pdf
Alyona Owens
 
Simplify Your FME Flow Setup: Fault-Tolerant Deployment Made Easy with Packer...
Safe Software
 
FME as an Orchestration Tool with Principles From Data Gravity
Safe Software
 
Kubernetes - Architecture & Components.pdf
geethak285
 
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
Understanding The True Cost of DynamoDB Webinar
ScyllaDB
 

How to add security in dataops and devops

  • 1. 1 Ulf Mattsson www.TokenEx.com How to add Security in DataOps and DevOps Forrester, tdwi
  • 2. 2 Ulf Mattsson www.TokenEx.com How to add Security in DataOps and DevOps Forrester, tdwi
  • 3. 3 Ulf Mattsson • Head of Innovation at TokenEx • Chief Technology Officer at Protegrity • Chief Technology Officer at Atlantic BT Security Solutions • Chief Technology Officer at Compliance Engineering • Developer at IBM Research and Development • Inventor of 70+ issued US patents • Provided products and services for • Data Encryption and Tokenization, • Data Discovery, • Robotics, ERP, CRM in Manufacturing, • Cloud Application Security Broker (CASB), • Web Application Firewall (WAF), • Managed Security Services, • Security Operation Center (SOC), • Benchmarking/Gap-analysis
  • 4. 4 Agenda 1. Business Goals 2. DevOps & DataOps 3. Compliance & Security 4. Cloud Aspects
  • 5. 5 The privacy breach trend is alarming The US FEDERAL TRADE COMMISSION (FTC) reported that credit card fraud tops the list of identity theft reports in 2018. FTC received nearly three million complaints from consumers in 2018. The FTC received more than 167,000 reports from people who said their information was misused on an existing account or to open a new credit card account Source: Redhat / IBM
  • 9. 9 Getting Started with DevOps? Source: Redhat / IBM
  • 10. 10 What is Your Value Stream? Source: IBM DevOps
  • 12. 12 What makes up the pipeline? Source: IBM DevOps
  • 13. 13 Are IBM mainframes still used? • 70 percent of all enterprise data globally, resides on a mainframe • Visa, for example, uses the mainframe to secure billions of credit and debit card payments every year. In fact, mainframes process about $7 trillion in Visa payments annually, roughly equal to the annual GDP of Japan, the world’s third largest economy • 71 percent of all Fortune 500 companies have their core businesses located on a mainframe • 96 of the world’s largest 100 banks • 23 of the world’s top 25 retailers use the mainframe to make sure they can provide their customers with customized service. • All Top 10 insurers use the cloud on the mainframe to save money for their consumers Source: Forbes
  • 14. 14 Typical Mainframe CI / CD Pipeline Source: IBM, HCL SOFTWARE
  • 15. 15
  • 17. 17 Software Developer Challenges Source: OVHcloud 1. Pace of change in the software development industry. 2. With the move to modern software development on web, mobile and cloud, new languages, frameworks, plug-ins, modules and components appear almost weekly. 3. How can developers keep on top of all the options available and how can developers ensure the choices made of which to use, are the right ones in the long- term? 4. Building a new generation of modern applications may require significant reskilling of the development team. 5. For maintaining existing applications, there may be little opportunity for developers to add new skills. 6. Some developers will embrace the change, whilst others will prefer to stick with what they know.
  • 18. 18 Low-code development Source: Gartner, OVHCloud Enterprise low-code application platforms offer compelling productivity gains. • By 2024, three-quarters of large enterprises will be using at least four low-code development tools for both IT application development and citizen development initiatives. • By 2024, low-code application development will be responsible for more than 65% of application development activity.
  • 19. 19 Low-code development platforms Source: OVHcloud Faster development • Writing less code means more apps can be built faster than ever before. Digital transformation • Transformation of manual and paper-based processes into cloud, desktop, web and mobile applications for better efficiency, productivity, data accuracy and customer service. Reducing the maintenance burden • By simplifying application maintenance as well as development, overall life-cycle costs can be reduced, and resources freed up to build new applications. Move to mobile • Satisfy the increasing demand for mobile applications across the business. Cloud computing • Improve availability while cutting operational costs by quickly moving applications, or parts of applications to the cloud for better agility and elasticity. Skills management • Eliminate pockets of expertise and specialized skills. Allow any developers to work on any part of an application. Eliminate resource shortages and conflicts. Combating Shadow IT • Accelerate the deployment of applications so that business users don’t feel they need to take matters into their own hands. Deliver apps in days or weeks instead of months or years.
  • 21. 21Source: 451 Research Automation in Data Management A Self-driving Database
  • 22. 22 DataOps (Gartner) Definition: • DataOps is a collaborative data management practice focused on improving the communication, integration and automation of data flows between data managers and consumers across an organization. • The goal of DataOps is to create predictable delivery and change management of data, data models and related artifacts. • DataOps uses technology to automate data delivery with the appropriate levels of security, quality and metadata to improve the use and value of data in a dynamic environment. Position and Adoption Speed Justification: • Currently, there are no standards or known frameworks for DataOps. • Today's loose interpretation makes it difficult to know where to begin, what success looks like, or if organizations are even "doing DataOps" at all. User Advice: • As a new practice, DataOps will be most successful on projects targeting a small scope with some level of executive sponsorship, primarily from the CDO or other top data and analytics leader. • Executive sponsorship will be key as DataOps represents a new way of delivering data to consumers. • Practitioners will have to overcome the resistance to change existing practices as they introduce this concept.
  • 23. 23 DataOps is NOT Just DevOps for Data • One common misconception about DataOps is that it is just DevOps applied to data analytics. • While a little semantically misleading, the name “DataOps” has one positive attribute. • It communicates that data analytics can achieve what software development attained with DevOps. • DataOps can yield an order of magnitude improvement in quality and cycle time when data teams utilize new tools and methodologies. • The specific ways that DataOps achieves these gains reflect the unique people, processes and tools characteristic of data teams (versus software development teams using DevOps). Source: datakitchen
  • 24. 24Source: datakitchen DataOps Tools isolated in a Sandbox
  • 25. 25 Source: datakitchen DataOps Brings 3 Cycles of Innovation between Production, Central Data and Self-service Teams
  • 26. 26 Source: datakitchen DataOps Data Analytics Development Lifecycle and Tools
  • 28. 28 Micro trends in Cloud security
  • 32. 32 A Framework for Hybrid Cloud Source: Tagore
  • 33. 33 Container management with all types of Kubernetes Source: Rancher Kubernetes will enable a new era of application portability
  • 35. 35 Importance of API for Supporting Data and the Integrated Needs of Digital Business Source: Gartner
  • 36. 36 Security for APIs and Microservices Source: Gartner Source: Gartner
  • 37. 37 Products Delivering API Security Source: Gartner
  • 38. 38 Source: Microsoft Microservices is a natural evolution from SOA
  • 39. 39 Security Tools for DevOps Dynamic Application Security Testing (DAST) dynamically 'crawls' through an application's interface, testing how it reacts to various inputs Manual reviews often catch obvious stuff that tests miss, and developers can miss Source: Securosis
  • 40. 40 Security Tools for DevOps Static Application Security Testing (SAST) examines all code — or runtime binaries (less effective for Micro Services) Fuzz testing is essentially throwing lots of random garbage at applications, seeing whether any particular (type of) garbage causes errors Vulnerability Analysis including platform configuration, patch levels or application composition to detect known vulnerabilities Runtime Application Self Protection (RASP) provides execution path scanning, monitoring and embedded application white listing (effective for Micro Services) Interactive Application Self- Testing (IAST) provides execution path scanning, monitoring and embedded application white listing (emerging) Source: Securosis, Webomates Regression testing enhances the visibility on your build quality before putting it in production. Examples: Full Regressions, Overnight Targeted Checks and Smoke Checks executed with manual, automation, crowdsourcing and artificial intelligence and allows a software development team to quickly validate their UI and API as well as load test it.
  • 41. 41 DevOps - Security for APIs and Microservices Source: Securosis Trend: Test/scan API flows, context, parameter input/output. DAST works better. Old: Larger monolithic apps that contain more context. SAST works well. Shift right Trend: IAST is emerging
  • 44. 44
  • 45. 45
  • 46. 46 OWASP API Security Top 10 2019 The Ten Most Critical API Security Risks Source: OWASP
  • 48. 48 Global Map Of Privacy Rights And Regulations
  • 49. 49 A Framework can help organizations prepare for GDPR IBM Framework Helps Clients Prepare for the EU's General Data Protection Regulation
  • 50. 50 Data sources Data Warehouse In Italy Complete policy- enforced de- identification of sensitive data across all bank entities Tokenization for Cross Border Data-centric Security (EU GDPR) • Protecting Personally Identifiable Information (PII), including names, addresses, phone, email, policy and account numbers • Compliance with EU Cross Border Data Protection Laws • Utilizing Data Tokenization, and centralized policy, key management, auditing, and reporting
  • 52. 52 • Privacy enhancing data de-identification terminology and classification of techniques Source: INTERNATIONAL STANDARD ISO/IEC 20889 Encrypted data has the same format Server model Local model Differential Privacy (DP) Formal privacy measurement models (PMM) De-identification techniques (DT) Cryptographic tools (CT) Format Preserving Encryption (FPE) Homomorphic Encryption (HE) Two values encrypted can be combined* K-anonymity model Responses to queries are only able to be obtained through a software component or “middleware”, known as the “curator** The entity receiving the data is looking to reduce risk Ensures that for each identifier there is a corresponding equivalence class containing at least K records *: Multi Party Computation (MPC) **: Example Apple and Google ISO Standard for Encryption and Privacy Models
  • 53. 53 User Payment Application Payment Network Payment Data Tokenization (VBT), encryption and keys User CASB User Call Center Application Format Preserving Encryption (FPE) PII Data Vault-based tokenization (VBT) Data Protection Use Cases – Tokenization and FPE User Data Warehouse PII Data Vault-less tokenization (VLT) Salesforce
  • 54. 54 Data Warehouse Centralized Distributed On- premises Public Cloud Private Cloud Vault-based tokenization y y Vault-less tokenization y y y y y y Format preserving encryption y y y y y Homomorphic encryption y y Masking y y y y y y Hashing y y y y y y Server model y y y y y y Local model y y y y y y L-diversity y y y y y y T-closeness y y y y y y Formal privacy measurement models Differential Privacy K-anonymity model Privacy enhancing data de-identification terminology and classification of techniques De- identification techniques Tokenization Cryptographic tools Suppression techniques Example of mapping of data security and privacy techniques (ISO) to different deployment models
  • 55. 55 Risk reduction and truthfulness of some de-identification techniques and models Singling out Linking Inference Deterministic encryption Yes All attributes No Partially No Order-preserving encryption Yes All attributes No Partially No Homomorphic encryption Yes All attributes No No No Masking Yes Local identifiers Yes Partially No Local suppression Yes Identifying attributes Partially Partially Partially Record suppression Yes Sampling Yes N/A Partially Partially Partially Pseudonymization Yes Direct identifiers No Partially No Generalization Yes Identifying attributes Rounding Yes Identifying attributes No Partially Partially Top/bottom coding Yes Identifying attributes No Partially Partially Noise addition No Identifying attributes Partially Partially Partially Cryptographic tools Suppression Generalization Technique name Data truthfulness at record level Applicable to types of attributes Reduces the risk of Source: INTERNATIONAL STANDARD ISO/IEC 20889
  • 56. 56 Type of Data Use Case I Structured How Should I Secure Different Types of Data? I Un-structured Simple – Complex – PCI PHI PII Encryption of Files Card Holder Data Tokenization of Fields Protected Health Information Personally Identifiable Information
  • 57. 57 On Premise tokenization • Limited PCI DSS scope reduction - must still maintain a CDE with PCI data • Higher risk – sensitive data still resident in environment • Associated personnel and hardware costs Cloud-Based tokenization • Significant reduction in PCI DSS scope • Reduced risk – sensitive data removed from the environment • Platform-focused security • Lower associated costs – cyber insurance, PCI audit, maintenance Total Cost and Risk of Tokenization Example: 50% Lower Total Cost
  • 58. 58 Cloud transformations are accelerating Risk Elasticity Out-sourcedIn-house On-premises system On-premises Private Cloud Hosted Private Cloud Public Cloud Low - High - Compute Cost - High - Low Risk Adjusted Computation
  • 59. 59 Which of the following most closely describes what ‘hybrid cloud’ means in your organization? Source: Forrester
  • 60. 60 For each of the following data center and IT infrastructure components, how much outsourcing and managed services does your firm use for IT operation? (excluding systems integrators for project implementation) Source: Forrester
  • 61. 61 Thank You! Ulf Mattsson, TokenEx www.TokenEx.com