Open the gate a little: strategies to protect and share data

Transcript

1. @FerPer a lesM #r a ilsconf2022 Open the gate a

   little: strategies to protect and share data Fern a ndo Per a les

2. @FerPer a lesM #r a ilsconf2022 <me>

3. @FerPer a lesM #r a ilsconf2022 Hi! 👋 • Fernando

   (Fer) Perales • Perales is Spanish for Pear Trees (🍐🌳🌳🌳) • I don’t like pears 🤷 • From Guadalajara, Mexico 🇲🇽 • 8 years doing RoR consulting • Developer @ thoughtbot #boost • Host Ruby MX community • 5th RailsConf, 1st as speaker 🥳 Illustration by instagram.com/@layered_space

4. @FerPer a lesM #r a ilsconf2022 </me>

5. @FerPer a lesM #r a ilsconf2022 Some warm up questions

6. @FerPer a lesM #r a ilsconf2022 Raise your hand if…

7. @FerPer a lesM #r a ilsconf2022 You have access to

   a production server or database

8. @FerPer a lesM #r a ilsconf2022 You would feel more

   comfortable *not* having access to a production server or database

9. @FerPer a lesM #r a ilsconf2022 You are comfortable with

   the security measurements your organization takes

10. @FerPer a lesM #r a ilsconf2022 Regardless of your answers,

    this may *not* the talk for you

11. @FerPer a lesM #r a ilsconf2022 However…

12. @FerPer a lesM #r a ilsconf2022 Raise your hand if…

13. @FerPer a lesM #r a ilsconf2022 You have had a

    copy of production data in your machine

14. @FerPer a lesM #r a ilsconf2022 Someone from your organization

    has asked you for a copy of production data

15. @FerPer a lesM #r a ilsconf2022 You have provided a

    copy of production data to someone in your organization

16. @FerPer a lesM #r a ilsconf2022 You are concerned about

    copies of production data being in someone’s hands

17. @FerPer a lesM #r a ilsconf2022 If you answer yes

    to at least one, this is the talk for you

18. @FerPer a lesM #r a ilsconf2022 Some cases

19. @FerPer a lesM #r a ilsconf2022 HIPAA

20. @FerPer a lesM #r a ilsconf2022 Health Insurance Portability and

    Accountability Act of 1996

21. @FerPer a lesM #r a ilsconf2022 PHI Protected Health Information

22. @FerPer a lesM #r a ilsconf2022 What is considered PHI?

    • Name • Address (anything smaller than a state) • Dates (except years) related to an individual -- birthdate, admission date, etc. • Phone number • Fax number • Email address • Social Security Number • Medical record number • Health plan bene fi ciary number • Account number • Certi fi cate or license number • Vehicle identi fi ers, such as serial numbers, license plate numbers • Device identi fi ers and serial numbers • web URL • Internet Protocol (IP) address • Biometric IDs, such as a fi ngerprint or voice print • Full-face photographs and other photos of identifying characteristics • Any other unique identifying characteristic.

23. @FerPer a lesM #r a ilsconf2022 https://www.healthcareitnews.com/news/unencrypted-stolen-laptop-costs-lifespan-more-1-million

24. @FerPer a lesM #r a ilsconf2022 Unencrypted

25. @FerPer a lesM #r a ilsconf2022 If the device contained

    PHI, and you cannot document that the device was encrypted, you will need to follow the requirements of the HIPAA Breach

26. @FerPer a lesM #r a ilsconf2022 Am I safe If

    my app is not health-related?

27. @FerPer a lesM #r a ilsconf2022 Well…

28. @FerPer a lesM #r a ilsconf2022 Nice thing of consulting

    is that you may work with clients from outside USA

29. @FerPer a lesM #r a ilsconf2022 = You have to

    worry about local legislation

30. @FerPer a lesM #r a ilsconf2022 🇲🇽

31. @FerPer a lesM #r a ilsconf2022 LFPDPPP

32. @FerPer a lesM #r a ilsconf2022 Federal Law on Protection

    of Personal Data Held by Individual

33. @FerPer a lesM #r a ilsconf2022 Another case

34. @FerPer a lesM #r a ilsconf2022 https://www.databreaches.net/personal-info-of-93-4-million-mexicans-exposed-on-amazon/

35. @FerPer a lesM #r a ilsconf2022 How did that happen?

36. @FerPer a lesM #r a ilsconf2022 #upsi

37. @FerPer a lesM #r a ilsconf2022 First lesson: don’t give

    production copies to anyone

38. @FerPer a lesM #r a ilsconf2022 Thanks!

39. @FerPer a lesM #r a ilsconf2022 …

40. @FerPer a lesM #r a ilsconf2022 What if…

41. @FerPer a lesM #r a ilsconf2022 You can provided only

    what is needed

42. @FerPer a lesM #r a ilsconf2022 Anonymization

43. @FerPer a lesM #r a ilsconf2022

44. @FerPer a lesM #r a ilsconf2022 FerPerales/anon_app

45. @FerPer a lesM #r a ilsconf2022

46. @FerPer a lesM #r a ilsconf2022 Install extension

47. @FerPer a lesM #r a ilsconf2022 Enable extension in our

    db

48. @FerPer a lesM #r a ilsconf2022 What can we do

    now?

49. @FerPer a lesM #r a ilsconf2022 Static Masking*

50. @FerPer a lesM #r a ilsconf2022 Static Masking* *Don’t run

    this in production!

51. @FerPer a lesM #r a ilsconf2022 Applying masking rules Shu

    ffl ing a column Adding noise to a column

52. @FerPer a lesM #r a ilsconf2022 ➡ Applying masking rules

    Shu ffl ing a column Adding noise to a column

53. @FerPer a lesM #r a ilsconf2022 Connect to our db

54. @FerPer a lesM #r a ilsconf2022 Init extension

55. @FerPer a lesM #r a ilsconf2022 De fi ne some

    rules

56. @FerPer a lesM #r a ilsconf2022 SECURITY LABEL

57. @FerPer a lesM #r a ilsconf2022 De fi ne some

    rules

58. @FerPer a lesM #r a ilsconf2022 De fi ne some

    rules

59. @FerPer a lesM #r a ilsconf2022 De fi ne some

    rules

60. @FerPer a lesM #r a ilsconf2022 De fi ne some

    rules

61. @FerPer a lesM #r a ilsconf2022 De fi ne some

    rules

62. @FerPer a lesM #r a ilsconf2022 Apply rules statically*

63. @FerPer a lesM #r a ilsconf2022 Result

64. @FerPer a lesM #r a ilsconf2022

65. @FerPer a lesM #r a ilsconf2022 Applying masking rules ➡

    Shu ff l ing a column Adding noise to a column

66. @FerPer a lesM #r a ilsconf2022 Shu ffl ing columns

67. @FerPer a lesM #r a ilsconf2022 Result

68. @FerPer a lesM #r a ilsconf2022

69. @FerPer a lesM #r a ilsconf2022 Applying masking rules Shu

    ffl ing a column ➡ Adding noise to a column

70. @FerPer a lesM #r a ilsconf2022 Adding noise

71. @FerPer a lesM #r a ilsconf2022 Result

72. @FerPer a lesM #r a ilsconf2022

73. @FerPer a lesM #r a ilsconf2022 Dynamic Masking

74. @FerPer a lesM #r a ilsconf2022 Dynamic masking

75. @FerPer a lesM #r a ilsconf2022 Anonymous dumps

76. @FerPer a lesM #r a ilsconf2022 Anonymous dumps

77. @FerPer a lesM #r a ilsconf2022 Data generalization

78. @FerPer a lesM #r a ilsconf2022 Data generalization

79. @FerPer a lesM #r a ilsconf2022 Data generalization

80. @FerPer a lesM #r a ilsconf2022 Data generalization

81. @FerPer a lesM #r a ilsconf2022 dalibo/postgresql_anonymizer

82. @FerPer a lesM #r a ilsconf2022 Takeaways

83. @FerPer a lesM #r a ilsconf2022 Understand the reasons why

    someone needs data before saying yes or not

84. @FerPer a lesM #r a ilsconf2022 If justi fi ed,

    provide only what is needed without risking your users information

85. @FerPer a lesM #r a ilsconf2022 Regardless of the tool,

    be careful with the data you have: once our of the server, it’s hard to protect

86. @FerPer a lesM #r a ilsconf2022 Thanks! 🤖 P.S. We

    are hiring in Americas, Europe, Middle East and Africa 🤖 thoughtbot.com/jobs @FerPeralesM [email protected]