380 likes | 729 Views
Database Security for Privacy. Sudha Iyer Principal Product Manager Oracle Corporation. Agenda. Business Drivers for Security/Privacy Privacy & Security Dynamics Role of Databases in Privacy Security Technologies for the Privacy Professional Privacy Compliance – An Example.
E N D
Database Security for Privacy Sudha Iyer Principal Product Manager Oracle Corporation
Agenda • Business Drivers for Security/Privacy • Privacy & Security Dynamics • Role of Databases in Privacy • Security Technologies for the Privacy Professional • Privacy Compliance – An Example
State of Security – United States • 90% of respondents* detected computer security breaches within the last twelve months. • 80% of respondents acknowledged financial losses due to computer breaches. • $455,848,000 in quantifiable losses • $170,827,000 theft of proprietary information • $115,753,000 in financial fraud • 74% cited their Internet connection as a frequent point of attack • 33% cited internal systems as a frequent point of attack * Source: 2002 CSI/FBI Computer Crime and Security Survey
Regulations Landscape • Finance • Gramm-Leach-Bliley, Sarbanes Oxley • Health • HIPAA • Pharmaceutical • FDA CFR Part 11 • All Industries • SB 1386, Basel II • Education and Children’s Protection • COPPA, FERPA
European Security Directives • Royal Decree 994/1999 (Spain) • Security regulation for files containing personal data • European Telecommunication Directive • Security of personally-identifiable information contains limitations on collection, use and access to data • Outside EU and US, • Australia, Hong Kong; New Zealand; Chile; Argentina; Canada, Taiwan;Korea;South Africa…
What is Privacy? • For the customer/employee/partner: • Right to exert control over collection and use of their personal data by others • Appropriate management and collection of information about any named individual • PII – personally-identifiable information • Depends on the business • Depends on the context
Common Myths about Privacy • Security violates individual’s Privacy • Airport security rummaging through your luggage • Adding security is a perfect recipe for Big Brother behavior • Anonymity is the best prescription for Privacy • E.g.., All the virus spreads through email address books • On the Web if you don’t login, they don’t know you …
Privacy: Lawmaker/Consumer View “The best thing about the Internet is they don’t know you’re a dog.” Tom Toles. Buffalo News, April 4, 2000.
Privacy: Headline/Direct Marketing View “You’re a four-year-old German Shephard-Schnauser mix, likes to shop for rawhide chews, 213 visits to Lassie website, chatroom conversation 8-29-99 said third Lassie was the hottest, downloaded photos of third Lassie 10-12-99, e-mailed them to five other dogs whose identities are…”
Who should have access? Retention time? Authorized Individuals only Do you need Security for Privacy? • For example- How do you want your Traffic Violations tracked? • The question is not whether or not it will be tracked.
Security The Privacy/Security Dynamic • Privacy and Security not mutually exclusive • Security is a Building Block for Privacy Privacy Provide Choice Grant Access Define Use, Retention & Disclosure Policies Provide Notice, Specify Usage Confidentiality Integrity Availability
Is there too much Security, ever? • Security of your enterprise is as good as your Weakest Link • Weak Password Policy • Open Firewall Ports • No Access Control policies • No system of Least Privileges • Social Engineering • Defense in Depth is a good strategy • Security is not a binary operator
Privacy Relevance for a Database • Database is simply, a Collection of information • For Many Businesses, • Network of collection of information • Data Warehousing • Data Mining • Applications from Sales Leads Tracking, Order Entry to Employee e-learning initiatives Financials HR WWW
Common Privacy Principles for database applications • Collected fairly and lawfully • Adequate, relevant and not excessive • Purpose limitation • Accurate and up-to-date • Not kept for longer than necessary • Not transferred to inappropriate people, organizations and locations • Secure – appropriate technical and organizational measures
Databases’ Role in Privacy • Can any Database make your business Privacy Compliant? • No, not alone You Must • Define privacy policies • Enforce Security • Audit for Compliance • Security is necessary, but alone not sufficient for privacy
Top Privacy Challenges for Database Applications • Unified Identity • Privacy Issues : • Does it have the capability to compartmentalize profiles? • Is there a choice to reveal certain profiles for intranet and internet Services? • Testing new applications with Real World Data • Developing test data is a tedious task. • Scramble production data for test use. • Instant Messenger Usage • How long are the records archived? • Everything you say is “on record”
#1 : Secure By Design, Secure by Development • Home Grown Applications • Standardize User identification • Design an access control model that does not have a backdoor • Identify Normal and Abnormal activities • Define security policies for data retention, data sharing and privacy of PII • Audit for compliance • Rely on Standards as often as possible • For Commercial Off the Shelf Software • Demand Standards Compliance • Demand they comply with your security policies • Demand Secure by Default
#2: Secure Deployment • Communicate early and often with the IT staff • Harden your database • Secure by Default • Understand the competing issues • High availability, High Performance • Ease of Use concerns • Know your users …. • Well Formed Applications require authentication • Web Sites don’t – but, they can collect data automatically • Time of arrival, how long you stayed, Your IP Address, Domain, Pages visited etc.,
No Passwords? Yes #3: User Authentication • Strong Authentication Choices: • Token Cards • Pubic Key Infrastructure (SSL) • Kerberos Establish Strong Password Policies Communicate the Password Selection Criteria to users
#4: Access Control • Select, Insert, Update and Delete Primary Operations • Grant access based on user identity or user’s membership to a specific group • Example – Expense Reporting is by user, HR Manager View of your department is by membership to a group “HR Managers” • Provide only data that is needed. • Row Level Security
#5: Auditing • Goal must be compliance and Not Invasion of Privacy • This is not Spy ware • For example to establish the exposure to comply with CA Law - SB 1386 • Non-repudiation of a transaction • Audit Selectively • high valued data or transaction
#6 Centralized Administration • DBAs Manage Database Resources and Users • Central administration of users in a standard LDAP directory improves manageability • Questions to ask – • Access Control Policies on the Directory Entry (specifically the PII) • How do Applications preserve User Identity across tiers
#7: Encryption • California Senate Bill 1386 • Legislation on Identity Theft • Applies to all organizations with information about California residents • In effect since July 2003 • Notification of security breach of personal data • Protects combinations of Name and: • SSN • CCN with PIN • Driver’s License Number
California Senate Bill 1386 • Legislation on Identity Theft • Applies to all organizations with information about California residents • In effect since July 2003 • Notification of security breach of personal data • Protects combinations of Name and: • SSN • CCN with PIN • Driver’s License Number
Implications of CA SB 1386 • Notification • Organization must notify consumers if their PII has been compromised • No notification required if data is encrypted • Does not specify methods or implementations • Does not specify algorithms • Is a simple substitution cipher good enough? e.g., A=B, 1=2
Encryption Basics Jane Smith’s CCN is 4408 3380 7002 2652 Jane Smith’s CCN is 4408 3380 7002 2652 • Algorithms used to encrypt and decrypt data • Protects data by changing plaintext to a cipher • Strength of security system depends on key management Encrypt Decrypt ud5nh!ntD4go’bQa%tq
Encryption with Public Key Infrastructure (PKI) Mathematically linked Private key Public key • Two mathematically-related, yet separate keys • Your Private Key: secret, not shared, stored encrypted • Your Public Key: shared, “published” in a public location • A Certificate Authority issues you a certificate and Public key
Questions for Encryption Solution Providers • How will the technology support • Key Management • Key Recovery • Back Ups and Restore • Fail Over • Transparency (no disruption to existing operations) • Identity Spoofing
Encryption Solutions • Protect Data Integrity and Confidentiality • Over the Wire • Browser to Application Server • Client to Server ( Application Server to Database) • Stored Data Encryption • Credit Card Theft etc.
Business challenges - Area 1 • How can I consolidate multiple data sources in one same database? • How can I share the information in my data warehouse with partners and customers? • How can I ensure that my data warehouse obeys laws and regulations regarding data privacy? • Example, public access to aggregate census data is allowed, but accessing individual profiles isn’t • authorized access to a child’s education record • Technology can assist in : • Authentication, Authorization and Fine Grained Access Control
Business Challenges – Area 2 • Goal • Deliver research data in a hosted environment to subscribers in a timely, cost-effective manner • Security Technology can assist in privacy • Separate proprietary information between each company • Row Level Access • Within each company, users require different levels of access • Authorization
Q & Q U E S T I O N S A N S W E R S A