Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Contentious Issues in Data Security

Karen Lopez
PRO
November 13, 2024
Technology
1
4

Contentious Issues in Data Security

Modern database systems have introduced more support for security, privacy, and compliance over the last few years. We expect this to increase as issues such as GDPR and other data compliance challenges arise. In this session, Karen will be discussing the newer features from a data modelers/database designers' point of view, including:

Data Masking
End-to-End encryption
Row Level Security
New Data Types
Data Categorization and Classification
We'll look at the new database and modeling tool features, why you should consider them, where they work, where they don't. We will also discuss how to negotiate on behalf of data protection in a world of Agile, MVP, Lean and DevOps.

Karen Lopez
PRO

November 13, 2024
Tweet

Other Decks in Technology

See All in Technology
アジャイルチームがらしさを発揮するための目標づくり / Making the goal and enabling the team
kakehashi
3
160
Amplify Gen2 Deep Dive / バックエンドの型をいかにしてフロントエンドへ伝えるか #TSKaigi #TSKaigiKansai #AWSAmplifyJP
tacck
PRO
0
390
強いチームと開発生産性
onk
PRO
36
12k
Adopting Jetpack Compose in Your Existing Project - GDG DevFest Bangkok 2024
akexorcist
0
120
Lambda10周年!Lambdaは何をもたらしたか
smt7174
2
130
iOS/Androidで同じUI体験をネ イティブで作成する際に気をつ けたい落とし穴
fumiyasac0921
1
110
Shopifyアプリ開発における Shopifyの機能活用
sonatard
4
260
誰も全体を知らない ~ ロールの垣根を超えて引き上げる開発生産性 / Boosting Development Productivity Across Roles
kakehashi
2
230
SDNという名のデータプレーンプログラミングの歴史
ebiken
PRO
2
140
10XにおけるData Contractの導入について: Data Contract事例共有会
10xinc
7
690
rootlessコンテナのすゝめ - 研究室サーバーでもできる安全なコンテナ管理
kitsuya0828
3
390
リンクアンドモチベーション ソフトウェアエンジニア向け紹介資料 / Introduction to Link and Motivation for Software Engineers
lmi
4
300k

Featured

See All Featured
Art, The Web, and Tiny UX
lynnandtonic
297
20k
The Cost Of JavaScript in 2023
addyosmani
45
6.8k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
The Pragmatic Product Professional
lauravandoore
31
6.3k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
10 Git Anti Patterns You Should be Aware of
lemiorhan
655
59k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
38
6.9k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
506
140k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.3k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
16
2.1k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
6
430
4 Signs Your Business is Dying
shpigford
180
21k

Transcript

  1. Data Modeling for Security and Privacy Karen Lopez Data Evangelist

    InfoAdvisors www.datamodel.com

  2. Karen Lopez Karen has 20+ years of data and information

    architecture experience on large, multi-project programs. She is a frequent speaker on data modeling, data- driven methodologies and pattern data models. She wants you to love your data.

  3. About this Presentation We will be using an interactive format

    - you will be participating in informal polls about data issues and best practices. This is not an introductory presentation - a good knowledge of data topics will be assumed.

  4. Why Contention? …because people are contentious!

  5. Agenda • Contentious Issues • Background • Poll • Results

    & Analysis MichaeJlSwart.com

  6. Contentious Issues Near-religious discussions and debates • People rarely change

    their minds based on this discussion • The most successful discussions are ones where both sides learn something new about the other viewpoint.

  7. POLL: Who Are You?

  8. Our Process… …vote early and vote often!

  9. Vote! We debate the answer and the results You put

    the sticky in the area for your vote I give the answers a range. I post a question

  10. Vote! 1 2 3 4

  11. Note Due to time, all questions today will be about

    Transactional data models. Not BI/DW/Dimensional models. …but you can still talk about analytical models…

  12. Volunteer Mission Specialist needed There is a thank you gift.

  13. Remember… The words in the answer are just snarky, possible

    answers to help you understand the range of possible answers. Just because you vote on one end doesn’t mean you agree with the statement.

  14. Security at the data level Models capture security & privacy

    requirements Management reports and reviews Measurement Karen’s Governance Position (c) InfoAdvisors, all rights reserved, 2024

  15. Neutrality Statement Two examples Other databases have similar features (c)

    InfoAdvisors, all rights reserved, 2024 15

  16. • Karen’s Preference • Track all kinds of metadata •

    Advanced Compare features • Support DevOps and Iterative development • Support Conceptual, Logical and Physical design Data Models (c) InfoAdvisors, all rights reserved, 2024

  17. (c) InfoAdvisors, all rights reserved, 2024 17

  18. Classification/ Categorization Sensitive, Confidential, PII and Special Data (c) InfoAdvisors,

    all rights reserved, 2024 18

  19. Ready?

  20. Encryption (c) InfoAdvisors, all rights reserved, 2024 20

  21. Locations of encryption On disk In flight At client(s) (c)

    InfoAdvisors, all rights reserved, 2024 21

  22. Always Encrypted (c) InfoAdvisors, all rights reserved, 2024 22

  23. Encryption - Vote Is a Data Pro responsible for any

    of this? 1. Love my data, so yes! 2. 3. 4. Leave it to the DBAs/Dev/Others

  24. Data Masking Hiding data..sort of… (c) InfoAdvisors, all rights reserved,

    2024 24

  25. Data Masking Exampes XXXX XXXX XXXX 1234 [email protected] $99,9999 June,

    99, 9999 KXXXXX Lopez (c) InfoAdvisors, all rights reserved, 2024 25

  26. Dynamic Data Masking (c) InfoAdvisors, all rights reserved, 2024 26

  27. Oracle Data Categorization and Masking (c) InfoAdvisors, all rights reserved,

    2024 27

  28. Data Masking - Vote Where should data masking be implemented?

    1. Every client application 2. 3. 4. In the database

  29. Why would a Data Pro love it? •Allows central, reusable

    design for standard masking •Offers more reliable masking and more usable masking •Applies across applications •Removes whining about “we can do that later” (c) InfoAdvisors, all rights reserved, 2024 29

  30. Row Level Security Who can see and manage which data?

    (c) InfoAdvisors, all rights reserved, 2024 30

  31. Security – Row Level Security (c) InfoAdvisors, all rights reserved,

    2024 31

  32. (c) InfoAdvisors, all rights reserved, 2024 32

  33. Security – Row Level Security Filtering result sets (predicate-based access)

    Predicates applied when reading data May be used to block write access Lots of options (c) InfoAdvisors, all rights reserved, 2024 33

  34. Row Level Security - Vote How should Data Pros be

    involved? 1. Requirements and Design 2. 3. 4. Not really at all

  35. Why would a Data Designer love it? Allows a designer

    to do this sort of data protection IN THE DATABASE, not just rely on code. Many, many pieces of code Applies across applications (c) InfoAdvisors, all rights reserved, 2024 35

  36. © 2007 InfoAdvisors, Inc. AI applied to Data New services/features

    Other vendors are embracing this Could be Skynet, could be the best thing ever!

  37. AI for Data - Vote What, today, would you use

    AI for in Data programs? 1. Everything I can 2. 3. 4. Almost nothing

  38. AI as a Steward - Vote Do you think we

    will see AI Security Stewards? 1. Soon, if not earlier 2. 3. 4. Maybe, but I’ll be long gone by then

  39. What roles/titles are responsible for determining security and privacy needs?

    Who designs them? Who monitors them? But really, who? (c) InfoAdvisors, all rights reserved, 2024

  40. Who is responsible for Security -Vote What best describes your

    belief? 1. The CEO/CIO/CDO/CTO…. 2. 3. 4. The developers

  41. Data Inventories and Categorizations Syntax Data Profiling Standard lists Custom

    Cross-column Manual Validation/Curation (c) InfoAdvisors, all rights reserved, 2024 41

  42. Who is responsible for Data Inventory -Vote What best describes

    your belief? 1. Data Governance/Management group 2. 3. 4. The developers

  43. Vote: IT Role in Compliance 1. Finally, a reason for

    the Execs to support us… 2. 3. 4. Hey! I don’t even have time write good definitions…

  44. What Are Your Issues?

  45. What did we learn?

  46. Near-religious discussions and debates People rarely change their minds based

    on this discussion The best way to convince someone is with measureable facts There is no one “right” solution for all situations The most successful discussions are ones where both sides learn something new about the other viewpoint.

  47. Contentious Issues & Collaboration …and that we have a long

    way to go….

  48. Contentious Issues & Collaboration If we can’t collaborate well with

    other DAs, we don’t stand a chance of collaborating well with Project Managers, DBAs, Developers, Testers – or users. (c) InfoAdvisors, all rights reserved, 2024 48

  49. Thank You @DataChick [email protected] https://www.slideshare.net/KarenLopez51 (c) InfoAdvisors, all rights reserved,

    2024 49