SlideShare ist ein Scribd-Unternehmen logo

How to Add Security in DataOps and DevOps

Als PPTX, PDF herunterladen
Ulf Mattsson
Ulf Mattsson

The emerging DataOps is not Just DevOps for Data. According to Gartner, DataOps is a collaborative data management practice focused on improving the communication, integration and automation of data flows between data managers and consumers across an organization. The goal of DataOps is to create predictable delivery and change management of data, data models and related artifacts. DataOps uses technology to automate data delivery with the appropriate levels of security, quality and metadata to improve the use and value of data in a dynamic environment. This session will discuss how to add Security in DataOps and DevOps.

Technologie
1 von 61
1 Ulf Mattsson www.TokenEx.com How to add Security in DataOps and DevOps Forrester, tdwi
2 Ulf Mattsson www.TokenEx.com How to add Security in DataOps and DevOps Forrester, tdwi
3 Ulf Mattsson • Head of Innovation at TokenEx • Chief Technology Officer at Protegrity • Chief Technology Officer at Atlantic BT Security Solutions • Chief Technology Officer at Compliance Engineering • Developer at IBM Research and Development • Inventor of 70+ issued US patents • Provided products and services for • Data Encryption and Tokenization, • Data Discovery, • Robotics, ERP, CRM in Manufacturing, • Cloud Application Security Broker (CASB), • Web Application Firewall (WAF), • Managed Security Services, • Security Operation Center (SOC), • Benchmarking/Gap-analysis
4 Agenda 1. Business Goals 2. DevOps & DataOps 3. Compliance & Security 4. Cloud Aspects
5 The privacy breach trend is alarming The US FEDERAL TRADE COMMISSION (FTC) reported that credit card fraud tops the list of identity theft reports in 2018. FTC received nearly three million complaints from consumers in 2018. The FTC received more than 167,000 reports from people who said their information was misused on an existing account or to open a new credit card account Source: Redhat / IBM
6 DevOps
7 Security in DevOps Source: Securosis
8 What is DevOps? Source: Redhat / IBM
9 Getting Started with DevOps? Source: Redhat / IBM
10 What is Your Value Stream? Source: IBM DevOps
11 DevOps Architecture & Tools
12 What makes up the pipeline? Source: IBM DevOps
13 Are IBM mainframes still used? • 70 percent of all enterprise data globally, resides on a mainframe • Visa, for example, uses the mainframe to secure billions of credit and debit card payments every year. In fact, mainframes process about $7 trillion in Visa payments annually, roughly equal to the annual GDP of Japan, the world’s third largest economy • 71 percent of all Fortune 500 companies have their core businesses located on a mainframe • 96 of the world’s largest 100 banks • 23 of the world’s top 25 retailers use the mainframe to make sure they can provide their customers with customized service. • All Top 10 insurers use the cloud on the mainframe to save money for their consumers Source: Forbes
14 Typical Mainframe CI / CD Pipeline Source: IBM, HCL SOFTWARE
15
16 Deployment Overview Source: IBM, HCL SOFTWARE
17 Software Developer Challenges Source: OVHcloud 1. Pace of change in the software development industry. 2. With the move to modern software development on web, mobile and cloud, new languages, frameworks, plug-ins, modules and components appear almost weekly. 3. How can developers keep on top of all the options available and how can developers ensure the choices made of which to use, are the right ones in the long- term? 4. Building a new generation of modern applications may require significant reskilling of the development team. 5. For maintaining existing applications, there may be little opportunity for developers to add new skills. 6. Some developers will embrace the change, whilst others will prefer to stick with what they know.
18 Low-code development Source: Gartner, OVHCloud Enterprise low-code application platforms offer compelling productivity gains. • By 2024, three-quarters of large enterprises will be using at least four low-code development tools for both IT application development and citizen development initiatives. • By 2024, low-code application development will be responsible for more than 65% of application development activity.
19 Low-code development platforms Source: OVHcloud Faster development • Writing less code means more apps can be built faster than ever before. Digital transformation • Transformation of manual and paper-based processes into cloud, desktop, web and mobile applications for better efficiency, productivity, data accuracy and customer service. Reducing the maintenance burden • By simplifying application maintenance as well as development, overall life-cycle costs can be reduced, and resources freed up to build new applications. Move to mobile • Satisfy the increasing demand for mobile applications across the business. Cloud computing • Improve availability while cutting operational costs by quickly moving applications, or parts of applications to the cloud for better agility and elasticity. Skills management • Eliminate pockets of expertise and specialized skills. Allow any developers to work on any part of an application. Eliminate resource shortages and conflicts. Combating Shadow IT • Accelerate the deployment of applications so that business users don’t feel they need to take matters into their own hands. Deliver apps in days or weeks instead of months or years.
20 DataOps
21Source: 451 Research Automation in Data Management A Self-driving Database
22 DataOps (Gartner) Definition: • DataOps is a collaborative data management practice focused on improving the communication, integration and automation of data flows between data managers and consumers across an organization. • The goal of DataOps is to create predictable delivery and change management of data, data models and related artifacts. • DataOps uses technology to automate data delivery with the appropriate levels of security, quality and metadata to improve the use and value of data in a dynamic environment. Position and Adoption Speed Justification: • Currently, there are no standards or known frameworks for DataOps. • Today's loose interpretation makes it difficult to know where to begin, what success looks like, or if organizations are even "doing DataOps" at all. User Advice: • As a new practice, DataOps will be most successful on projects targeting a small scope with some level of executive sponsorship, primarily from the CDO or other top data and analytics leader. • Executive sponsorship will be key as DataOps represents a new way of delivering data to consumers. • Practitioners will have to overcome the resistance to change existing practices as they introduce this concept.
23 DataOps is NOT Just DevOps for Data • One common misconception about DataOps is that it is just DevOps applied to data analytics. • While a little semantically misleading, the name “DataOps” has one positive attribute. • It communicates that data analytics can achieve what software development attained with DevOps. • DataOps can yield an order of magnitude improvement in quality and cycle time when data teams utilize new tools and methodologies. • The specific ways that DataOps achieves these gains reflect the unique people, processes and tools characteristic of data teams (versus software development teams using DevOps). Source: datakitchen
24Source: datakitchen DataOps Tools isolated in a Sandbox
25 Source: datakitchen DataOps Brings 3 Cycles of Innovation between Production, Central Data and Self-service Teams
26 Source: datakitchen DataOps Data Analytics Development Lifecycle and Tools
27 Application Security
28 Micro trends in Cloud security
29 Virtualization vs Containers
30 Flexibility with Containers
31 Portable Applications for Hybrid Cloud
32 A Framework for Hybrid Cloud Source: Tagore
33 Container management with all types of Kubernetes Source: Rancher Kubernetes will enable a new era of application portability
34 Integration Via APIs
35 Importance of API for Supporting Data and the Integrated Needs of Digital Business Source: Gartner
36 Security for APIs and Microservices Source: Gartner Source: Gartner
37 Products Delivering API Security Source: Gartner
38 Source: Microsoft Microservices is a natural evolution from SOA
39 Security Tools for DevOps Dynamic Application Security Testing (DAST) dynamically 'crawls' through an application's interface, testing how it reacts to various inputs Manual reviews often catch obvious stuff that tests miss, and developers can miss Source: Securosis
40 Security Tools for DevOps Static Application Security Testing (SAST) examines all code — or runtime binaries (less effective for Micro Services) Fuzz testing is essentially throwing lots of random garbage at applications, seeing whether any particular (type of) garbage causes errors Vulnerability Analysis including platform configuration, patch levels or application composition to detect known vulnerabilities Runtime Application Self Protection (RASP) provides execution path scanning, monitoring and embedded application white listing (effective for Micro Services) Interactive Application Self- Testing (IAST) provides execution path scanning, monitoring and embedded application white listing (emerging) Source: Securosis, Webomates Regression testing enhances the visibility on your build quality before putting it in production. Examples: Full Regressions, Overnight Targeted Checks and Smoke Checks executed with manual, automation, crowdsourcing and artificial intelligence and allows a software development team to quickly validate their UI and API as well as load test it.
41 DevOps - Security for APIs and Microservices Source: Securosis Trend: Test/scan API flows, context, parameter input/output. DAST works better. Old: Larger monolithic apps that contain more context. SAST works well. Shift right Trend: IAST is emerging
42Source: Veracode Flaws categories discovered by Static Analysis
43Source: Veracode Flaws categories discovered by Dynamic Analysis
44
45
46 OWASP API Security Top 10 2019 The Ten Most Critical API Security Risks Source: OWASP
47 Compliance
48 Global Map Of Privacy Rights And Regulations
49 A Framework can help organizations prepare for GDPR IBM Framework Helps Clients Prepare for the EU's General Data Protection Regulation
50 Data sources Data Warehouse In Italy Complete policy- enforced de- identification of sensitive data across all bank entities Tokenization for Cross Border Data-centric Security (EU GDPR) • Protecting Personally Identifiable Information (PII), including names, addresses, phone, email, policy and account numbers • Compliance with EU Cross Border Data Protection Laws • Utilizing Data Tokenization, and centralized policy, key management, auditing, and reporting
51 Data-centric Security
52 • Privacy enhancing data de-identification terminology and classification of techniques Source: INTERNATIONAL STANDARD ISO/IEC 20889 Encrypted data has the same format Server model Local model Differential Privacy (DP) Formal privacy measurement models (PMM) De-identification techniques (DT) Cryptographic tools (CT) Format Preserving Encryption (FPE) Homomorphic Encryption (HE) Two values encrypted can be combined* K-anonymity model Responses to queries are only able to be obtained through a software component or “middleware”, known as the “curator** The entity receiving the data is looking to reduce risk Ensures that for each identifier there is a corresponding equivalence class containing at least K records *: Multi Party Computation (MPC) **: Example Apple and Google ISO Standard for Encryption and Privacy Models
53 User Payment Application Payment Network Payment Data Tokenization (VBT), encryption and keys User CASB User Call Center Application Format Preserving Encryption (FPE) PII Data Vault-based tokenization (VBT) Data Protection Use Cases – Tokenization and FPE User Data Warehouse PII Data Vault-less tokenization (VLT) Salesforce
54 Data Warehouse Centralized Distributed On- premises Public Cloud Private Cloud Vault-based tokenization y y Vault-less tokenization y y y y y y Format preserving encryption y y y y y Homomorphic encryption y y Masking y y y y y y Hashing y y y y y y Server model y y y y y y Local model y y y y y y L-diversity y y y y y y T-closeness y y y y y y Formal privacy measurement models Differential Privacy K-anonymity model Privacy enhancing data de-identification terminology and classification of techniques De- identification techniques Tokenization Cryptographic tools Suppression techniques Example of mapping of data security and privacy techniques (ISO) to different deployment models
55 Risk reduction and truthfulness of some de-identification techniques and models Singling out Linking Inference Deterministic encryption Yes All attributes No Partially No Order-preserving encryption Yes All attributes No Partially No Homomorphic encryption Yes All attributes No No No Masking Yes Local identifiers Yes Partially No Local suppression Yes Identifying attributes Partially Partially Partially Record suppression Yes Sampling Yes N/A Partially Partially Partially Pseudonymization Yes Direct identifiers No Partially No Generalization Yes Identifying attributes Rounding Yes Identifying attributes No Partially Partially Top/bottom coding Yes Identifying attributes No Partially Partially Noise addition No Identifying attributes Partially Partially Partially Cryptographic tools Suppression Generalization Technique name Data truthfulness at record level Applicable to types of attributes Reduces the risk of Source: INTERNATIONAL STANDARD ISO/IEC 20889
56 Type of Data Use Case I Structured How Should I Secure Different Types of Data? I Un-structured Simple – Complex – PCI PHI PII Encryption of Files Card Holder Data Tokenization of Fields Protected Health Information Personally Identifiable Information
57 On Premise tokenization • Limited PCI DSS scope reduction - must still maintain a CDE with PCI data • Higher risk – sensitive data still resident in environment • Associated personnel and hardware costs Cloud-Based tokenization • Significant reduction in PCI DSS scope • Reduced risk – sensitive data removed from the environment • Platform-focused security • Lower associated costs – cyber insurance, PCI audit, maintenance Total Cost and Risk of Tokenization Example: 50% Lower Total Cost
58 Cloud transformations are accelerating Risk Elasticity Out-sourcedIn-house On-premises system On-premises Private Cloud Hosted Private Cloud Public Cloud Low - High - Compute Cost - High - Low Risk Adjusted Computation
59 Which of the following most closely describes what ‘hybrid cloud’ means in your organization? Source: Forrester
60 For each of the following data center and IT infrastructure components, how much outsourcing and managed services does your firm use for IT operation? (excluding systems integrators for project implementation) Source: Forrester
61 Thank You! Ulf Mattsson, TokenEx www.TokenEx.com

Empfohlen

Update Me FAQ | LinkedIn Recruiter
Update Me FAQ | LinkedIn RecruiterUpdate Me FAQ | LinkedIn Recruiter
Update Me FAQ | LinkedIn RecruiterLinkedIn Talent Solutions
 
Multi-cloud integration architecture
Multi-cloud integration architectureMulti-cloud integration architecture
Multi-cloud integration architectureKim Clark
 
Integration: The $100 Billion Opportunity No One Wants to Talk About
Integration: The $100 Billion Opportunity No One Wants to Talk AboutIntegration: The $100 Billion Opportunity No One Wants to Talk About
Integration: The $100 Billion Opportunity No One Wants to Talk AboutBramh Gupta
 
Successfully Responding to RFPs with RFP Response Software
Successfully Responding to RFPs with RFP Response SoftwareSuccessfully Responding to RFPs with RFP Response Software
Successfully Responding to RFPs with RFP Response SoftwareLoopio RFP Software
 
Workflow Automation with Logic Apps
Workflow Automation with Logic AppsWorkflow Automation with Logic Apps
Workflow Automation with Logic AppsBizTalk360
 
Introduction to appDynamics
Introduction to appDynamics Introduction to appDynamics
Introduction to appDynamics Siddhanta Rath
 
Deloitte & Mulesoft : The Right Mix
Deloitte & Mulesoft : The Right MixDeloitte & Mulesoft : The Right Mix
Deloitte & Mulesoft : The Right MixDavid Graham
 
Cloud Migration Workshop
Cloud Migration WorkshopCloud Migration Workshop
Cloud Migration WorkshopAmazon Web Services
 

Empfohlen

Update Me FAQ | LinkedIn Recruiter
Update Me FAQ | LinkedIn RecruiterUpdate Me FAQ | LinkedIn Recruiter
Update Me FAQ | LinkedIn RecruiterLinkedIn Talent Solutions
 
Multi-cloud integration architecture
Multi-cloud integration architectureMulti-cloud integration architecture
Multi-cloud integration architectureKim Clark
 
Integration: The $100 Billion Opportunity No One Wants to Talk About
Integration: The $100 Billion Opportunity No One Wants to Talk AboutIntegration: The $100 Billion Opportunity No One Wants to Talk About
Integration: The $100 Billion Opportunity No One Wants to Talk AboutBramh Gupta
 
Successfully Responding to RFPs with RFP Response Software
Successfully Responding to RFPs with RFP Response SoftwareSuccessfully Responding to RFPs with RFP Response Software
Successfully Responding to RFPs with RFP Response SoftwareLoopio RFP Software
 
Workflow Automation with Logic Apps
Workflow Automation with Logic AppsWorkflow Automation with Logic Apps
Workflow Automation with Logic AppsBizTalk360
 
Introduction to appDynamics
Introduction to appDynamics Introduction to appDynamics
Introduction to appDynamics Siddhanta Rath
 
Deloitte & Mulesoft : The Right Mix
Deloitte & Mulesoft : The Right MixDeloitte & Mulesoft : The Right Mix
Deloitte & Mulesoft : The Right MixDavid Graham
 
Cloud Migration Workshop
Cloud Migration WorkshopCloud Migration Workshop
Cloud Migration WorkshopAmazon Web Services
 
Introduction to AWS Cloud Computing
Introduction to AWS Cloud ComputingIntroduction to AWS Cloud Computing
Introduction to AWS Cloud ComputingAmazon Web Services
 
IoT Edge Processing with Apache NiFi and MiniFi and Apache MXNet for IoT NY 2018
IoT Edge Processing with Apache NiFi and MiniFi and Apache MXNet for IoT NY 2018IoT Edge Processing with Apache NiFi and MiniFi and Apache MXNet for IoT NY 2018
IoT Edge Processing with Apache NiFi and MiniFi and Apache MXNet for IoT NY 2018Timothy Spann
 
Commercial code
Commercial codeCommercial code
Commercial codeAshenafi Berhanu
 
Boost Customer Experience with UiPath & AWS Contact Center Automation
Boost Customer Experience with UiPath & AWS Contact Center AutomationBoost Customer Experience with UiPath & AWS Contact Center Automation
Boost Customer Experience with UiPath & AWS Contact Center AutomationDiana Gray, MBA
 
FinOps for private cloud
FinOps for private cloudFinOps for private cloud
FinOps for private cloudAlexander Tokarev
 
AWS Smart Cities Webinar - April 2018
AWS Smart Cities Webinar - April 2018AWS Smart Cities Webinar - April 2018
AWS Smart Cities Webinar - April 2018Amazon Web Services
 
Be ready for hyperautomation with the UiPath RPA Platform
Be ready for hyperautomation with the UiPath RPA PlatformBe ready for hyperautomation with the UiPath RPA Platform
Be ready for hyperautomation with the UiPath RPA PlatformUiPath
 
The OpenText OEM Product Guide
The OpenText OEM Product GuideThe OpenText OEM Product Guide
The OpenText OEM Product GuideOpenText
 
Building Ethereum Dapp using Solidity | Ethereum Dapp Tutorial | Ethereum Dev...
Building Ethereum Dapp using Solidity | Ethereum Dapp Tutorial | Ethereum Dev...Building Ethereum Dapp using Solidity | Ethereum Dapp Tutorial | Ethereum Dev...
Building Ethereum Dapp using Solidity | Ethereum Dapp Tutorial | Ethereum Dev...Edureka!
 
IBM Robotic Process Automation Fundamentals
IBM Robotic Process Automation FundamentalsIBM Robotic Process Automation Fundamentals
IBM Robotic Process Automation FundamentalsWinton Winton
 
Robotic process automation Introduction
Robotic process automation IntroductionRobotic process automation Introduction
Robotic process automation IntroductionPriyab Satoshi
 
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...Amazon Web Services
 
A Series of Fortunate Events: Building an Operator in Java
A Series of Fortunate Events: Building an Operator in JavaA Series of Fortunate Events: Building an Operator in Java
A Series of Fortunate Events: Building an Operator in JavaVMware Tanzu
 
Connecting Salesforce CRM to OpenText Exstream
Connecting Salesforce CRM to OpenText ExstreamConnecting Salesforce CRM to OpenText Exstream
Connecting Salesforce CRM to OpenText ExstreamOpenText
 
Technology Trend Roadmap.pdf
Technology Trend Roadmap.pdfTechnology Trend Roadmap.pdf
Technology Trend Roadmap.pdfssuser4522cc
 
AWS Cloud Assessment
AWS Cloud AssessmentAWS Cloud Assessment
AWS Cloud AssessmentMichael Cronan
 
API Strategy Presentation
API Strategy PresentationAPI Strategy Presentation
API Strategy PresentationLawrence Coburn
 
AI & Robotic Process Automation (RPA) to Digitally Transform Your Environment
AI & Robotic Process Automation (RPA) to Digitally Transform Your EnvironmentAI & Robotic Process Automation (RPA) to Digitally Transform Your Environment
AI & Robotic Process Automation (RPA) to Digitally Transform Your EnvironmentCprime
 
On the Application of AI for Failure Management: Problems, Solutions and Algo...
On the Application of AI for Failure Management: Problems, Solutions and Algo...On the Application of AI for Failure Management: Problems, Solutions and Algo...
On the Application of AI for Failure Management: Problems, Solutions and Algo...Jorge Cardoso
 
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...apidays
 
IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer IBM
 
Troux Presentation Austin Texas
Troux Presentation Austin TexasTroux Presentation Austin Texas
Troux Presentation Austin TexasJoeFaghani
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introduction to AWS Cloud Computing
Introduction to AWS Cloud ComputingIntroduction to AWS Cloud Computing
Introduction to AWS Cloud ComputingAmazon Web Services
 
IoT Edge Processing with Apache NiFi and MiniFi and Apache MXNet for IoT NY 2018
IoT Edge Processing with Apache NiFi and MiniFi and Apache MXNet for IoT NY 2018IoT Edge Processing with Apache NiFi and MiniFi and Apache MXNet for IoT NY 2018
IoT Edge Processing with Apache NiFi and MiniFi and Apache MXNet for IoT NY 2018Timothy Spann
 
Boost Customer Experience with UiPath & AWS Contact Center Automation
Boost Customer Experience with UiPath & AWS Contact Center AutomationBoost Customer Experience with UiPath & AWS Contact Center Automation
Boost Customer Experience with UiPath & AWS Contact Center AutomationDiana Gray, MBA
 
AWS Smart Cities Webinar - April 2018
AWS Smart Cities Webinar - April 2018AWS Smart Cities Webinar - April 2018
AWS Smart Cities Webinar - April 2018Amazon Web Services
 
Be ready for hyperautomation with the UiPath RPA Platform
Be ready for hyperautomation with the UiPath RPA PlatformBe ready for hyperautomation with the UiPath RPA Platform
Be ready for hyperautomation with the UiPath RPA PlatformUiPath
 
The OpenText OEM Product Guide
The OpenText OEM Product GuideThe OpenText OEM Product Guide
The OpenText OEM Product GuideOpenText
 
Building Ethereum Dapp using Solidity | Ethereum Dapp Tutorial | Ethereum Dev...
Building Ethereum Dapp using Solidity | Ethereum Dapp Tutorial | Ethereum Dev...Building Ethereum Dapp using Solidity | Ethereum Dapp Tutorial | Ethereum Dev...
Building Ethereum Dapp using Solidity | Ethereum Dapp Tutorial | Ethereum Dev...Edureka!
 
IBM Robotic Process Automation Fundamentals
IBM Robotic Process Automation FundamentalsIBM Robotic Process Automation Fundamentals
IBM Robotic Process Automation FundamentalsWinton Winton
 
Robotic process automation Introduction
Robotic process automation IntroductionRobotic process automation Introduction
Robotic process automation IntroductionPriyab Satoshi
 
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...Amazon Web Services
 
A Series of Fortunate Events: Building an Operator in Java
A Series of Fortunate Events: Building an Operator in JavaA Series of Fortunate Events: Building an Operator in Java
A Series of Fortunate Events: Building an Operator in JavaVMware Tanzu
 
Connecting Salesforce CRM to OpenText Exstream
Connecting Salesforce CRM to OpenText ExstreamConnecting Salesforce CRM to OpenText Exstream
Connecting Salesforce CRM to OpenText ExstreamOpenText
 
Technology Trend Roadmap.pdf
Technology Trend Roadmap.pdfTechnology Trend Roadmap.pdf
Technology Trend Roadmap.pdfssuser4522cc
 
API Strategy Presentation
API Strategy PresentationAPI Strategy Presentation
API Strategy PresentationLawrence Coburn
 
AI & Robotic Process Automation (RPA) to Digitally Transform Your Environment
AI & Robotic Process Automation (RPA) to Digitally Transform Your EnvironmentAI & Robotic Process Automation (RPA) to Digitally Transform Your Environment
AI & Robotic Process Automation (RPA) to Digitally Transform Your EnvironmentCprime
 
On the Application of AI for Failure Management: Problems, Solutions and Algo...
On the Application of AI for Failure Management: Problems, Solutions and Algo...On the Application of AI for Failure Management: Problems, Solutions and Algo...
On the Application of AI for Failure Management: Problems, Solutions and Algo...Jorge Cardoso
 
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...apidays
 

Was ist angesagt? (20)

Introduction to AWS Cloud Computing
Introduction to AWS Cloud ComputingIntroduction to AWS Cloud Computing
Introduction to AWS Cloud Computing
 
IoT Edge Processing with Apache NiFi and MiniFi and Apache MXNet for IoT NY 2018
IoT Edge Processing with Apache NiFi and MiniFi and Apache MXNet for IoT NY 2018IoT Edge Processing with Apache NiFi and MiniFi and Apache MXNet for IoT NY 2018
IoT Edge Processing with Apache NiFi and MiniFi and Apache MXNet for IoT NY 2018
 
Commercial code
Commercial codeCommercial code
Commercial code
 
Boost Customer Experience with UiPath & AWS Contact Center Automation
Boost Customer Experience with UiPath & AWS Contact Center AutomationBoost Customer Experience with UiPath & AWS Contact Center Automation
Boost Customer Experience with UiPath & AWS Contact Center Automation
 
FinOps for private cloud
FinOps for private cloudFinOps for private cloud
FinOps for private cloud
 
AWS Smart Cities Webinar - April 2018
AWS Smart Cities Webinar - April 2018AWS Smart Cities Webinar - April 2018
AWS Smart Cities Webinar - April 2018
 
Be ready for hyperautomation with the UiPath RPA Platform
Be ready for hyperautomation with the UiPath RPA PlatformBe ready for hyperautomation with the UiPath RPA Platform
Be ready for hyperautomation with the UiPath RPA Platform
 
The OpenText OEM Product Guide
The OpenText OEM Product GuideThe OpenText OEM Product Guide
The OpenText OEM Product Guide
 
Building Ethereum Dapp using Solidity | Ethereum Dapp Tutorial | Ethereum Dev...
Building Ethereum Dapp using Solidity | Ethereum Dapp Tutorial | Ethereum Dev...Building Ethereum Dapp using Solidity | Ethereum Dapp Tutorial | Ethereum Dev...
Building Ethereum Dapp using Solidity | Ethereum Dapp Tutorial | Ethereum Dev...
 
IBM Robotic Process Automation Fundamentals
IBM Robotic Process Automation FundamentalsIBM Robotic Process Automation Fundamentals
IBM Robotic Process Automation Fundamentals
 
Robotic process automation Introduction
Robotic process automation IntroductionRobotic process automation Introduction
Robotic process automation Introduction
 
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
 
A Series of Fortunate Events: Building an Operator in Java
A Series of Fortunate Events: Building an Operator in JavaA Series of Fortunate Events: Building an Operator in Java
A Series of Fortunate Events: Building an Operator in Java
 
Connecting Salesforce CRM to OpenText Exstream
Connecting Salesforce CRM to OpenText ExstreamConnecting Salesforce CRM to OpenText Exstream
Connecting Salesforce CRM to OpenText Exstream
 
Technology Trend Roadmap.pdf
Technology Trend Roadmap.pdfTechnology Trend Roadmap.pdf
Technology Trend Roadmap.pdf
 
AWS Cloud Assessment
AWS Cloud AssessmentAWS Cloud Assessment
AWS Cloud Assessment
 
API Strategy Presentation
API Strategy PresentationAPI Strategy Presentation
API Strategy Presentation
 
AI & Robotic Process Automation (RPA) to Digitally Transform Your Environment
AI & Robotic Process Automation (RPA) to Digitally Transform Your EnvironmentAI & Robotic Process Automation (RPA) to Digitally Transform Your Environment
AI & Robotic Process Automation (RPA) to Digitally Transform Your Environment
 
On the Application of AI for Failure Management: Problems, Solutions and Algo...
On the Application of AI for Failure Management: Problems, Solutions and Algo...On the Application of AI for Failure Management: Problems, Solutions and Algo...
On the Application of AI for Failure Management: Problems, Solutions and Algo...
 
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...
 

Ähnlich wie How to Add Security in DataOps and DevOps

IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer IBM
 
Troux Presentation Austin Texas
Troux Presentation Austin TexasTroux Presentation Austin Texas
Troux Presentation Austin TexasJoeFaghani
 
How AI is transforming DevOps | Calidad Infotech
How AI is transforming DevOps | Calidad InfotechHow AI is transforming DevOps | Calidad Infotech
How AI is transforming DevOps | Calidad InfotechCalidad Infotech
 
Microservices and the Modern IT Stack: Trends of Tomorrow - AppSphere16
Microservices and the Modern IT Stack: Trends of Tomorrow - AppSphere16Microservices and the Modern IT Stack: Trends of Tomorrow - AppSphere16
Microservices and the Modern IT Stack: Trends of Tomorrow - AppSphere16AppDynamics
 
Future of Data Strategy (ASEAN)
Future of Data Strategy (ASEAN)Future of Data Strategy (ASEAN)
Future of Data Strategy (ASEAN)Denodo
 
#ATAGTR2020 Presentation - Microservices – Explored
#ATAGTR2020 Presentation - Microservices – Explored#ATAGTR2020 Presentation - Microservices – Explored
#ATAGTR2020 Presentation - Microservices – ExploredAgile Testing Alliance
 
AWS May Webinar Series - Industry Trends and Best Practices for Cloud Adoption
AWS May Webinar Series - Industry Trends and Best Practices for Cloud AdoptionAWS May Webinar Series - Industry Trends and Best Practices for Cloud Adoption
AWS May Webinar Series - Industry Trends and Best Practices for Cloud AdoptionAmazon Web Services
 
Boston Cloud Dinner/Discussion November 2010
Boston Cloud Dinner/Discussion November 2010Boston Cloud Dinner/Discussion November 2010
Boston Cloud Dinner/Discussion November 2010Ness Technologies
 
What is the future of data strategy?
What is the future of data strategy?What is the future of data strategy?
What is the future of data strategy?Denodo
 
Get ahead of the cloud or get left behind
Get ahead of the cloud or get left behindGet ahead of the cloud or get left behind
Get ahead of the cloud or get left behindMatt Mandich
 
whitepaper_workday_technology_platform_devt_process
whitepaper_workday_technology_platform_devt_processwhitepaper_workday_technology_platform_devt_process
whitepaper_workday_technology_platform_devt_processEric Saraceno
 
DevOps for Enterprise Systems : Innovate like a Startup
DevOps for Enterprise Systems : Innovate like a StartupDevOps for Enterprise Systems : Innovate like a Startup
DevOps for Enterprise Systems : Innovate like a StartupDevOps for Enterprise Systems
 
Application Modernization With Cloud Native Approach_ An in-depth Guide.pdf
Application Modernization With Cloud Native Approach_ An in-depth Guide.pdfApplication Modernization With Cloud Native Approach_ An in-depth Guide.pdf
Application Modernization With Cloud Native Approach_ An in-depth Guide.pdfbasilmph
 
A Study on the Application of Web-Scale IT in Enterprises in IoT Era
A Study on the Application of Web-Scale IT in Enterprises in IoT Era A Study on the Application of Web-Scale IT in Enterprises in IoT Era
A Study on the Application of Web-Scale IT in Enterprises in IoT Era Hassan Keshavarz
 
Unlock your core business assets for the hybrid cloud with addi webinar dec...
Unlock your core business assets for the hybrid cloud with addi webinar dec...Unlock your core business assets for the hybrid cloud with addi webinar dec...
Unlock your core business assets for the hybrid cloud with addi webinar dec...Sherri Hanna
 
Improve_Application_Availability_and_Performance_Sales_Crib_Sheet.pdf
Improve_Application_Availability_and_Performance_Sales_Crib_Sheet.pdfImprove_Application_Availability_and_Performance_Sales_Crib_Sheet.pdf
Improve_Application_Availability_and_Performance_Sales_Crib_Sheet.pdfمنیزہ ہاشمی
 
¿Cómo las manufacturas están evolucionando hacia la Industria 4.0 con la virt...
¿Cómo las manufacturas están evolucionando hacia la Industria 4.0 con la virt...¿Cómo las manufacturas están evolucionando hacia la Industria 4.0 con la virt...
¿Cómo las manufacturas están evolucionando hacia la Industria 4.0 con la virt...Denodo
 
Bridging the Gap: from Data Science to Production
Bridging the Gap: from Data Science to ProductionBridging the Gap: from Data Science to Production
Bridging the Gap: from Data Science to ProductionFlorian Wilhelm
 
Learn Best Practices of a True Hybrid IT Management Approach
Learn Best Practices of a True Hybrid IT Management ApproachLearn Best Practices of a True Hybrid IT Management Approach
Learn Best Practices of a True Hybrid IT Management ApproachEnterprise Management Associates
 

Ähnlich wie How to Add Security in DataOps and DevOps (20)

IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer
 
Troux Presentation Austin Texas
Troux Presentation Austin TexasTroux Presentation Austin Texas
Troux Presentation Austin Texas
 
How AI is transforming DevOps | Calidad Infotech
How AI is transforming DevOps | Calidad InfotechHow AI is transforming DevOps | Calidad Infotech
How AI is transforming DevOps | Calidad Infotech
 
DevOps for Enterprise Systems - Rosalind Radcliffe
DevOps for Enterprise Systems - Rosalind RadcliffeDevOps for Enterprise Systems - Rosalind Radcliffe
DevOps for Enterprise Systems - Rosalind Radcliffe
 
Microservices and the Modern IT Stack: Trends of Tomorrow - AppSphere16
Microservices and the Modern IT Stack: Trends of Tomorrow - AppSphere16Microservices and the Modern IT Stack: Trends of Tomorrow - AppSphere16
Microservices and the Modern IT Stack: Trends of Tomorrow - AppSphere16
 
Future of Data Strategy (ASEAN)
Future of Data Strategy (ASEAN)Future of Data Strategy (ASEAN)
Future of Data Strategy (ASEAN)
 
#ATAGTR2020 Presentation - Microservices – Explored
#ATAGTR2020 Presentation - Microservices – Explored#ATAGTR2020 Presentation - Microservices – Explored
#ATAGTR2020 Presentation - Microservices – Explored
 
AWS May Webinar Series - Industry Trends and Best Practices for Cloud Adoption
AWS May Webinar Series - Industry Trends and Best Practices for Cloud AdoptionAWS May Webinar Series - Industry Trends and Best Practices for Cloud Adoption
AWS May Webinar Series - Industry Trends and Best Practices for Cloud Adoption
 
Boston Cloud Dinner/Discussion November 2010
Boston Cloud Dinner/Discussion November 2010Boston Cloud Dinner/Discussion November 2010
Boston Cloud Dinner/Discussion November 2010
 
What is the future of data strategy?
What is the future of data strategy?What is the future of data strategy?
What is the future of data strategy?
 
Get ahead of the cloud or get left behind
Get ahead of the cloud or get left behindGet ahead of the cloud or get left behind
Get ahead of the cloud or get left behind
 
whitepaper_workday_technology_platform_devt_process
whitepaper_workday_technology_platform_devt_processwhitepaper_workday_technology_platform_devt_process
whitepaper_workday_technology_platform_devt_process
 
DevOps for Enterprise Systems : Innovate like a Startup
DevOps for Enterprise Systems : Innovate like a StartupDevOps for Enterprise Systems : Innovate like a Startup
DevOps for Enterprise Systems : Innovate like a Startup
 
Application Modernization With Cloud Native Approach_ An in-depth Guide.pdf
Application Modernization With Cloud Native Approach_ An in-depth Guide.pdfApplication Modernization With Cloud Native Approach_ An in-depth Guide.pdf
Application Modernization With Cloud Native Approach_ An in-depth Guide.pdf
 
A Study on the Application of Web-Scale IT in Enterprises in IoT Era
A Study on the Application of Web-Scale IT in Enterprises in IoT Era A Study on the Application of Web-Scale IT in Enterprises in IoT Era
A Study on the Application of Web-Scale IT in Enterprises in IoT Era
 
Unlock your core business assets for the hybrid cloud with addi webinar dec...
Unlock your core business assets for the hybrid cloud with addi webinar dec...Unlock your core business assets for the hybrid cloud with addi webinar dec...
Unlock your core business assets for the hybrid cloud with addi webinar dec...
 
Improve_Application_Availability_and_Performance_Sales_Crib_Sheet.pdf
Improve_Application_Availability_and_Performance_Sales_Crib_Sheet.pdfImprove_Application_Availability_and_Performance_Sales_Crib_Sheet.pdf
Improve_Application_Availability_and_Performance_Sales_Crib_Sheet.pdf
 
¿Cómo las manufacturas están evolucionando hacia la Industria 4.0 con la virt...
¿Cómo las manufacturas están evolucionando hacia la Industria 4.0 con la virt...¿Cómo las manufacturas están evolucionando hacia la Industria 4.0 con la virt...
¿Cómo las manufacturas están evolucionando hacia la Industria 4.0 con la virt...
 
Bridging the Gap: from Data Science to Production
Bridging the Gap: from Data Science to ProductionBridging the Gap: from Data Science to Production
Bridging the Gap: from Data Science to Production
 
Learn Best Practices of a True Hybrid IT Management Approach
Learn Best Practices of a True Hybrid IT Management ApproachLearn Best Practices of a True Hybrid IT Management Approach
Learn Best Practices of a True Hybrid IT Management Approach
 

Mehr von Ulf Mattsson

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Ulf Mattsson
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Ulf Mattsson
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...Ulf Mattsson
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021Ulf Mattsson
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesUlf Mattsson
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Ulf Mattsson
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeUlf Mattsson
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchainUlf Mattsson
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protectionUlf Mattsson
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsUlf Mattsson
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaUlf Mattsson
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningUlf Mattsson
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKUlf Mattsson
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonUlf Mattsson
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAUlf Mattsson
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?Ulf Mattsson
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bUlf Mattsson
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020Ulf Mattsson
 

Mehr von Ulf Mattsson (20)

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
 
Book
BookBook
Book
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use cases
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicode
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchain
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protection
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA Atlanta
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UK
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS London
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACA
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020
 

Kürzlich hochgeladen

Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Kürzlich hochgeladen (20)

Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

How to Add Security in DataOps and DevOps

  • 1. 1 Ulf Mattsson www.TokenEx.com How to add Security in DataOps and DevOps Forrester, tdwi
  • 2. 2 Ulf Mattsson www.TokenEx.com How to add Security in DataOps and DevOps Forrester, tdwi
  • 3. 3 Ulf Mattsson • Head of Innovation at TokenEx • Chief Technology Officer at Protegrity • Chief Technology Officer at Atlantic BT Security Solutions • Chief Technology Officer at Compliance Engineering • Developer at IBM Research and Development • Inventor of 70+ issued US patents • Provided products and services for • Data Encryption and Tokenization, • Data Discovery, • Robotics, ERP, CRM in Manufacturing, • Cloud Application Security Broker (CASB), • Web Application Firewall (WAF), • Managed Security Services, • Security Operation Center (SOC), • Benchmarking/Gap-analysis
  • 4. 4 Agenda 1. Business Goals 2. DevOps & DataOps 3. Compliance & Security 4. Cloud Aspects
  • 5. 5 The privacy breach trend is alarming The US FEDERAL TRADE COMMISSION (FTC) reported that credit card fraud tops the list of identity theft reports in 2018. FTC received nearly three million complaints from consumers in 2018. The FTC received more than 167,000 reports from people who said their information was misused on an existing account or to open a new credit card account Source: Redhat / IBM
  • 9. 9 Getting Started with DevOps? Source: Redhat / IBM
  • 10. 10 What is Your Value Stream? Source: IBM DevOps
  • 12. 12 What makes up the pipeline? Source: IBM DevOps
  • 13. 13 Are IBM mainframes still used? • 70 percent of all enterprise data globally, resides on a mainframe • Visa, for example, uses the mainframe to secure billions of credit and debit card payments every year. In fact, mainframes process about $7 trillion in Visa payments annually, roughly equal to the annual GDP of Japan, the world’s third largest economy • 71 percent of all Fortune 500 companies have their core businesses located on a mainframe • 96 of the world’s largest 100 banks • 23 of the world’s top 25 retailers use the mainframe to make sure they can provide their customers with customized service. • All Top 10 insurers use the cloud on the mainframe to save money for their consumers Source: Forbes
  • 14. 14 Typical Mainframe CI / CD Pipeline Source: IBM, HCL SOFTWARE
  • 15. 15
  • 17. 17 Software Developer Challenges Source: OVHcloud 1. Pace of change in the software development industry. 2. With the move to modern software development on web, mobile and cloud, new languages, frameworks, plug-ins, modules and components appear almost weekly. 3. How can developers keep on top of all the options available and how can developers ensure the choices made of which to use, are the right ones in the long- term? 4. Building a new generation of modern applications may require significant reskilling of the development team. 5. For maintaining existing applications, there may be little opportunity for developers to add new skills. 6. Some developers will embrace the change, whilst others will prefer to stick with what they know.
  • 18. 18 Low-code development Source: Gartner, OVHCloud Enterprise low-code application platforms offer compelling productivity gains. • By 2024, three-quarters of large enterprises will be using at least four low-code development tools for both IT application development and citizen development initiatives. • By 2024, low-code application development will be responsible for more than 65% of application development activity.
  • 19. 19 Low-code development platforms Source: OVHcloud Faster development • Writing less code means more apps can be built faster than ever before. Digital transformation • Transformation of manual and paper-based processes into cloud, desktop, web and mobile applications for better efficiency, productivity, data accuracy and customer service. Reducing the maintenance burden • By simplifying application maintenance as well as development, overall life-cycle costs can be reduced, and resources freed up to build new applications. Move to mobile • Satisfy the increasing demand for mobile applications across the business. Cloud computing • Improve availability while cutting operational costs by quickly moving applications, or parts of applications to the cloud for better agility and elasticity. Skills management • Eliminate pockets of expertise and specialized skills. Allow any developers to work on any part of an application. Eliminate resource shortages and conflicts. Combating Shadow IT • Accelerate the deployment of applications so that business users don’t feel they need to take matters into their own hands. Deliver apps in days or weeks instead of months or years.
  • 21. 21Source: 451 Research Automation in Data Management A Self-driving Database
  • 22. 22 DataOps (Gartner) Definition: • DataOps is a collaborative data management practice focused on improving the communication, integration and automation of data flows between data managers and consumers across an organization. • The goal of DataOps is to create predictable delivery and change management of data, data models and related artifacts. • DataOps uses technology to automate data delivery with the appropriate levels of security, quality and metadata to improve the use and value of data in a dynamic environment. Position and Adoption Speed Justification: • Currently, there are no standards or known frameworks for DataOps. • Today's loose interpretation makes it difficult to know where to begin, what success looks like, or if organizations are even "doing DataOps" at all. User Advice: • As a new practice, DataOps will be most successful on projects targeting a small scope with some level of executive sponsorship, primarily from the CDO or other top data and analytics leader. • Executive sponsorship will be key as DataOps represents a new way of delivering data to consumers. • Practitioners will have to overcome the resistance to change existing practices as they introduce this concept.
  • 23. 23 DataOps is NOT Just DevOps for Data • One common misconception about DataOps is that it is just DevOps applied to data analytics. • While a little semantically misleading, the name “DataOps” has one positive attribute. • It communicates that data analytics can achieve what software development attained with DevOps. • DataOps can yield an order of magnitude improvement in quality and cycle time when data teams utilize new tools and methodologies. • The specific ways that DataOps achieves these gains reflect the unique people, processes and tools characteristic of data teams (versus software development teams using DevOps). Source: datakitchen
  • 24. 24Source: datakitchen DataOps Tools isolated in a Sandbox
  • 25. 25 Source: datakitchen DataOps Brings 3 Cycles of Innovation between Production, Central Data and Self-service Teams
  • 26. 26 Source: datakitchen DataOps Data Analytics Development Lifecycle and Tools
  • 28. 28 Micro trends in Cloud security
  • 32. 32 A Framework for Hybrid Cloud Source: Tagore
  • 33. 33 Container management with all types of Kubernetes Source: Rancher Kubernetes will enable a new era of application portability
  • 35. 35 Importance of API for Supporting Data and the Integrated Needs of Digital Business Source: Gartner
  • 36. 36 Security for APIs and Microservices Source: Gartner Source: Gartner
  • 37. 37 Products Delivering API Security Source: Gartner
  • 38. 38 Source: Microsoft Microservices is a natural evolution from SOA
  • 39. 39 Security Tools for DevOps Dynamic Application Security Testing (DAST) dynamically 'crawls' through an application's interface, testing how it reacts to various inputs Manual reviews often catch obvious stuff that tests miss, and developers can miss Source: Securosis
  • 40. 40 Security Tools for DevOps Static Application Security Testing (SAST) examines all code — or runtime binaries (less effective for Micro Services) Fuzz testing is essentially throwing lots of random garbage at applications, seeing whether any particular (type of) garbage causes errors Vulnerability Analysis including platform configuration, patch levels or application composition to detect known vulnerabilities Runtime Application Self Protection (RASP) provides execution path scanning, monitoring and embedded application white listing (effective for Micro Services) Interactive Application Self- Testing (IAST) provides execution path scanning, monitoring and embedded application white listing (emerging) Source: Securosis, Webomates Regression testing enhances the visibility on your build quality before putting it in production. Examples: Full Regressions, Overnight Targeted Checks and Smoke Checks executed with manual, automation, crowdsourcing and artificial intelligence and allows a software development team to quickly validate their UI and API as well as load test it.
  • 41. 41 DevOps - Security for APIs and Microservices Source: Securosis Trend: Test/scan API flows, context, parameter input/output. DAST works better. Old: Larger monolithic apps that contain more context. SAST works well. Shift right Trend: IAST is emerging
  • 44. 44
  • 45. 45
  • 46. 46 OWASP API Security Top 10 2019 The Ten Most Critical API Security Risks Source: OWASP
  • 48. 48 Global Map Of Privacy Rights And Regulations
  • 49. 49 A Framework can help organizations prepare for GDPR IBM Framework Helps Clients Prepare for the EU's General Data Protection Regulation
  • 50. 50 Data sources Data Warehouse In Italy Complete policy- enforced de- identification of sensitive data across all bank entities Tokenization for Cross Border Data-centric Security (EU GDPR) • Protecting Personally Identifiable Information (PII), including names, addresses, phone, email, policy and account numbers • Compliance with EU Cross Border Data Protection Laws • Utilizing Data Tokenization, and centralized policy, key management, auditing, and reporting
  • 52. 52 • Privacy enhancing data de-identification terminology and classification of techniques Source: INTERNATIONAL STANDARD ISO/IEC 20889 Encrypted data has the same format Server model Local model Differential Privacy (DP) Formal privacy measurement models (PMM) De-identification techniques (DT) Cryptographic tools (CT) Format Preserving Encryption (FPE) Homomorphic Encryption (HE) Two values encrypted can be combined* K-anonymity model Responses to queries are only able to be obtained through a software component or “middleware”, known as the “curator** The entity receiving the data is looking to reduce risk Ensures that for each identifier there is a corresponding equivalence class containing at least K records *: Multi Party Computation (MPC) **: Example Apple and Google ISO Standard for Encryption and Privacy Models
  • 53. 53 User Payment Application Payment Network Payment Data Tokenization (VBT), encryption and keys User CASB User Call Center Application Format Preserving Encryption (FPE) PII Data Vault-based tokenization (VBT) Data Protection Use Cases – Tokenization and FPE User Data Warehouse PII Data Vault-less tokenization (VLT) Salesforce
  • 54. 54 Data Warehouse Centralized Distributed On- premises Public Cloud Private Cloud Vault-based tokenization y y Vault-less tokenization y y y y y y Format preserving encryption y y y y y Homomorphic encryption y y Masking y y y y y y Hashing y y y y y y Server model y y y y y y Local model y y y y y y L-diversity y y y y y y T-closeness y y y y y y Formal privacy measurement models Differential Privacy K-anonymity model Privacy enhancing data de-identification terminology and classification of techniques De- identification techniques Tokenization Cryptographic tools Suppression techniques Example of mapping of data security and privacy techniques (ISO) to different deployment models
  • 55. 55 Risk reduction and truthfulness of some de-identification techniques and models Singling out Linking Inference Deterministic encryption Yes All attributes No Partially No Order-preserving encryption Yes All attributes No Partially No Homomorphic encryption Yes All attributes No No No Masking Yes Local identifiers Yes Partially No Local suppression Yes Identifying attributes Partially Partially Partially Record suppression Yes Sampling Yes N/A Partially Partially Partially Pseudonymization Yes Direct identifiers No Partially No Generalization Yes Identifying attributes Rounding Yes Identifying attributes No Partially Partially Top/bottom coding Yes Identifying attributes No Partially Partially Noise addition No Identifying attributes Partially Partially Partially Cryptographic tools Suppression Generalization Technique name Data truthfulness at record level Applicable to types of attributes Reduces the risk of Source: INTERNATIONAL STANDARD ISO/IEC 20889
  • 56. 56 Type of Data Use Case I Structured How Should I Secure Different Types of Data? I Un-structured Simple – Complex – PCI PHI PII Encryption of Files Card Holder Data Tokenization of Fields Protected Health Information Personally Identifiable Information
  • 57. 57 On Premise tokenization • Limited PCI DSS scope reduction - must still maintain a CDE with PCI data • Higher risk – sensitive data still resident in environment • Associated personnel and hardware costs Cloud-Based tokenization • Significant reduction in PCI DSS scope • Reduced risk – sensitive data removed from the environment • Platform-focused security • Lower associated costs – cyber insurance, PCI audit, maintenance Total Cost and Risk of Tokenization Example: 50% Lower Total Cost
  • 58. 58 Cloud transformations are accelerating Risk Elasticity Out-sourcedIn-house On-premises system On-premises Private Cloud Hosted Private Cloud Public Cloud Low - High - Compute Cost - High - Low Risk Adjusted Computation
  • 59. 59 Which of the following most closely describes what ‘hybrid cloud’ means in your organization? Source: Forrester
  • 60. 60 For each of the following data center and IT infrastructure components, how much outsourcing and managed services does your firm use for IT operation? (excluding systems integrators for project implementation) Source: Forrester
  • 61. 61 Thank You! Ulf Mattsson, TokenEx www.TokenEx.com