Analytics in the Cloud

Sid Dutta and Rich Gaston

November 2020
Our Agenda

1 Trends and market observations

2 Customer challenges

3 Value proposition and differentiators

4 Our capabilities

5 Business value

6 Competitive advantage
Trends and market observations

 Today, every company is a data company

 Data Explosion
 Data Monetization
Trends and market observations

 Rapid Cloud Adoption

Trends and market observations

 Increasing data breaches

 “Our clients want to lock down their sensitive
data, but still be able to unlock the value in
that data at scale.”

Head of Cybersecurity Practice, Global Systems Integrator

6
Customer Challenges
Customer challenges

 Regulatory Pressures
 CCPA, GDPR, PCI DSS, HIPAA, POPI, PIPEDA, LGPD, PDPB, APA, etc. are all creating
requirements for data protection, policy, audit and continuous discovery
 Customers may be blocked by contracts and legal restrictions from moving sensitive data to
the cloud without encryption
 Data lakes, data warehouses, analytics and AI/ML must enforce consistent policies around
sensitive data
 Increasingly, offshore work may be subject to regulatory compliance requirements
Customer challenges

 Operational overhead to manage “Big Data”

 Cost/benefit is shifting to cloud
 Customers are increasingly leaning toward subscription (opex) vs. infrastructure (capex)
 Cloud-native solutions like Redshift, Azure Data Warehouse, and Google Big Query are
battling for best cost and ease of integration
 3rd-parties like Oracle, Microsoft, Teradata, Vertica, Cloudera, Snowflake are rushing to serve
this market
 Cloud-based data sources can be easily integrated into cloud analytics platforms, enriching
the customer’s data

 …. but what about security?

Value proposition and differentiators
 Value propositions & market differentiators
SecureData is the cloud-ready data security solution

 Cloud-agnostic, and supports hybrid and multi-cloud implementations

 Offers a stateless solution - no storage of keys or PAN-Token vault mappings, no key transport
 Abstracts key management and crypto operations from developers
 Supports local/client based operations across a wide range of platforms, as well as remote/REST operations
 Analytics-at-scale across multiple platform options in the cloud and on-premise:
 Hadoop Developer Templates offered for MapReduce, Hive, Impala, Spark, Sqoop, NiFi, Streamsets, Kafka Connect, Kafka-Storm integrations are already supported
for:
 AWS Elastic MapReduce (EMR)
 Cloudera Distributed Hadoop (CDH)
 Hortonworks Data Platform (HDP)
 MapR
 Templates are being certified for Cloudera Data Platform (CDP-DC), Azure HDInsights and Google DataProc
 User-Defined Functions (UDFs) for major RDBMS platforms including Vertica, Teradata, Oracle, MS SQL Server, IBM DB2, etc.
 Cloud-native analytics including Snowflake, AWS Athena, etc.
 Supports various deployment models (On-premises, IaaS, PaaS), and supports business applications and data deployed
across various deployment and consumption models (On-premises, IaaS, PaaS, SaaS)
 Supports integrations with various Cloud Services around data ingestion, data catalog, and data visualization use cases

11
 Value propositions & market differentiators
SecureData supports a range of options for privacy, pseudonymization, and anonymization

 Inventor of Format-Preserving Encryption: we hold the

patent for FF1 mode of AES
 NIST standard SP 800-38G

 Secure Stateless Tokenization (SST)

 Only solution to offer Safe Unicode FPE
 Only solution to offer irreversible Format Preserving
Hash (FPH) for data anonymization
 Standard AES-256 encryption (IBSE)
 Partial FPE (expose first 6 digits or BIN of Credit Cards,
last 4 of SSN, etc.)
 Obviously Protected ciphertext/token

12
Our capabilities
 A quick introduction to SecureData
HSM
LDAP Kerberos  Format-Preserving Encryption
Applications Cloud Syslog

APIs
 Secure Stateless Tokenization
UDFs
Hadoop Open Web Service
Systems
Developer Key Service
SecureData  Format-Preserving Hash
Templates Appliance

ETL Databases
Serverless
Functions
 Stateless Key Management
SecureData
Sentry
 High Performance

Mainframe Files
SaaS COTS

14
 SecureData protects data at rest and in motion
Encryption, Tokenization, Hasking and Masking of data facilitates compliance and reduces risk

Data element Example data in the clear Example protected data

Name Harold Potter tIwqJX OhezAo

Tax ID 532-09-1847 821-90-7385

Credit Card Number 4210-9735-8310-4461 9328-0218-7219-4461

Date of Birth 09/04/1979 05/01/1998

37° 46' 26.2992'' N 91° 52' 05.7217'' N

GPS location 122° 25' 52.6692'' W 731° 60' 21.6540'' W

喜老欢 r パ我和看딸你的ン你보행
Address (unicode) Тверская, 26/1
婆

15
 SecureData can power dozens of cloud use cases
Top cloud data security use cases
AWS
 Cloud migration API Gateway AWS Macie
Encrypt data before or during migration Azure
Databricks
Normalize and tag data as it moves to the cloud

 Secure analytics Google

Decrypt data while in use Big Query
Enforce policy across cloud use cases AWS Athena
Leverage cloud for performance and cost
SecureData

Utilize AI/ML with protected data

 Security automation AWS Kinesis

Automate protection for cloud applications
Azure SQL
Automate protection upon Discovery/Classification
Automate protection with streaming and IoT

 Data security as a service Azure

Expose APIs for cloud and on-prem use cases API Management

Deploy data sharing/collaboration as a service Google Cloud APIs

16
 Reference Architecture: SecureData with AWS
On Premise

SecureData Data Ingestion Data Storage Data Access

Database Migration Zone
• Normalize SecureData SecureData Storage Zone SecureData
• Transform Landing Zone Analytics Zone
• Protect Glue Redshift • Lambda Functions Athena
• Push • Automation • User Defined Functions • Data Science
Mainframe • Tagging • Triggers • Predictive
• Catalog • External Functions Analytics On Premise
Lambda • Metadata • API Integration • Data Sharing
S3 Data Pipeline
• Monitoring • Transparent Decryption by • Visualization
• Discovery Policy • Transparent Azure / GCP
Structured • Audit Decryption by
Data File S3 Policy
EMR
Multiple Client Use IAM policies API Gateway
and/or LDAP for Use IAM policies 3rd Parties
Options fine-grained and/or LDAP for
• ETL integration Kinesis authorization fine-grained • Anonymize
Hadoop • SecureData Glacier authorization
S3 • Re-Identify
File Processor • Archive
• Hadoop • Migrate
• Streaming • Share
API Gateway Applications Serverless Functions Web Service Key Service
• Structured Data
Applications Manager EMR
Macie AWS SecureData Appliances

ETL
CloudFormation IAM  EC2  ARN  EBS  KMS  VPC  ELB CloudWatch

17
 Reference Architecture: SecureData with Snowflake
Data in the Clear Encrypted Data Data in the Clear, Masked Data, Encrypted Data

Protect Data During Ingestion Data Protected in the Cloud Access Data by Policy
Secure Analytics

snowpipe
Structured
AWS Lambda + S3
Data
Structured
Data
Snowflake Tools
Streaming
Snowflake UI SnowSQL
Data
Streaming
Data
Decrypt During Export
Data
Sharing
SDM AWS Lambda + S3

Authentication
Data Discovery and Classification Data Encryption and Tokenization
Structured Data Manager Authorization Voltage SecureData
 Continuous Discovery / Classification  NIST standard Format-Preserving Encryption
 Apply policies for masking and encryption Audit & Logging  Stateless key management
 Risk scoring for PII/PCI/PHI data  APIs for software plug-in and microservices
Policy Management
Business value
Business value

 Achieve security without impacting analytics

 We can make encryption invisible to the average user or data scientist

 Expand the scope and power of analytics

 Add contractors, offshore users, and 3rd parties (with privacy)
 Add data types and data enrichment (with privacy)
 Use cloud AI/ML (with privacy)

 Lift and shift workloads to the cloud

 Achieve cost savings through cloud migration, and by using Format-Preserving Encryption
 SecureData addresses critical security requirements

 Provide a global standard for strong protection of sensitive data

 Enforce a global policy layer with integration into IAM solutions
 Power global use cases with stateless key management in the cloud and on-premise
 Integrate into cloud-native and 3rd party products
 Audit and monitor the use of sensitive data

On Premise

21
Competitive advantage
Competitive Advantage

 SecureData is leading in cloud-native analytics

 Our competitors are lagging in cloud capabilities
 Some are stuck with a gateway approach
 Difficult to scale performance
 Complicates the customer’s pay-as-you-go cloud strategy
 Requires extensive code/support to achieve success
 Some are still focused on protection of Data at Rest strategy (TDE et. al.)– they’ve lost focus
and don’t have cloud solutions
 Others are focusing on non-data-centric protection technologies such as Dynamic Data
Masking, which are challenged with scale and platform reach
 Traditional encryption vendors are continuing with a Hardware Security Module (HSM)
strategy – they can’t compete in modern and cloud native use cases and integration
requirements
 Competitive Advantage

 Cloud service providers are supplying only the building blocks

 AWS, Azure, GCP all provide Key Management (KMS) and HSM services
 Envelope Encryption model
 No tokenization or format preserving encryption capability across these KMS and HSM
services
 Confined within their own cloud services - no interoperability across clouds and on-premises
 Server-side encryption is default

 For a deeper perspective on our advantages in cloud, please view

our white paper.

24
How do I get started?

1 Identify the data requiring protection

2 Develop fine-grained authorization policies

3 Implement data protection, with analytics at scale

25
Thank You.