“When you look at the difference in the innovation, in regards to encrypting and keeping the format the same, versus bloating it into a 256-bit string, that impact is minimal. We’ve been deployed with two of the biggest card brands in the world, with every single card transaction related to them. The ability to be in every single transaction means it has to meet requirements in performance and scale. " itself cannot be monetised. The ability to leverage the format preserving encryption and format preserving tokenisation, that we bring to the market, enables them to protect the data at capture and keep it protected throughout its lifecycle. There’s no longer a need to decrypt it to determine where it goes next. It ends up staying in it's protected state. GDPR will greatly impact how companies will deal with data, going beyond just fines and protecting personal information, but opening avenues to a world of lawsuits and empowering the individual to take action. Up to four percent of a company’s annual turnover (Article 83, GDPR) is potentially at risk, so the stakes are tremendously high. Tammy explained, “There are specific aspects within GDPR that deal with data protection, and I am talking about pseudonymization. If you leverage this, to a great extent, it is almost the “get out of jail free” card.” Tammy said, “If you are taking this personally identifiable information as defined by GDPR, and you’re leveraging a data protection solution such as HPE SecureData, you’re keeping all the benefits of the data but you’re leveraging pseudonymization. Such that, should something happen to the data, and it is lost or stolen, the data is useless to the attackers, and is therefore a non-event and that is the ideal scenario.”
BIG DATA INNOVATIONS One of the big innovations is around data itself. Tammy notes, “If you go back just a few years, the amount of data that we could consume and do real-time analytics on pales in comparison to what we can do today. There is so much value in being able to take not only the data a company has, but bringing in data from other sources. Working with some of the car manufacturers and their belief there should never be a recall on a car again, because these cars are so instrumented and with so much data coming out of them, they should get ahead of any problem that would come up. But it wasn’t until ‘big data’ that they could see the patterns light-up in real time, in order to determine where they needed to make adjustments. Once they figured out with these innovations in technology, there was a major inhibitor standing in their way – and that was security.” “The proposition was there, but how could you take so much sensitive data about just one person? Their personally
68 | Australian Cyber Security Magazine
identifiable information, the vehicles’s identification number or VIN, where they’re going, GPS data, how fast they’re driving, you name it. How many times are they are hitting the breaks, and to put that essentially into a huge soup pot that’s based on Hadoop, innately probably the most insecure platform on the planet right now. The risk was too high.” “What we’ve been able to do with the SecureData technology is apply it into the world of big data analytics. For example, with the car manufacturers, that ability to protect the data in a way that the format is preserved, the logic is preserved, and most importantly the relationships. It is not important to know all the individual pieces of information and details. What is important is ability to detect the patterns. There is so much data there, the problem really isn’t an ability to associate with one particular person, but the ability to see those patterns.”
WAVES STARTING TO HIT: ACCESS TO THE CLOUD & INTERNET OF THINGS Tammy highlights, “One of the key aspects that is shining a light on this technology’s evolution is access to the cloud. The ability to embrace public cloud can save companies a tremendous amount of money by giving them access to things that they didn’t have access to before.” Referring to a large car brand as a customer, Tammy said, “they discovered they can save 40 per cent, per application, per year, if they moved their .NET applications to Microsoft Azure. This value proposition is potentially tens of millions, if not hundreds of millions of dollars in some cases, over a five-year period. When this was realised in one of the business units, the CEO was naturally very excited with such an innovative, cost-saving measure. Before proceeding, Security asked one simple question—is there any sensitive data, including PAN data, involved? The answer was, ‘yes’. Yet before objecting to the project, someone on the CISO’s team had recalled our ability to secure the data and preserve the format. Without creating a bigger processing footprint in putting this data into the cloud, in these .NET applications, the concerns the customer had around the data were addressed. The applications did not have to change their data model. With the data format and data relationship integrity staying intact, there was no need for any rule changes.” “We match the elasticity model in the underlying platform,” Tammy continued, “so most of our customers decide they want this data-centric protection model across their entire organisation. They don’t want to have to decide if it will only be in the Hadoop environment, or only in their mainframe, or .NET, or J2EE (Java Platform Enterprise Edition) applications, or open system applications. What we do is match to the acuity model of that environment. Such as in Hadoop, that is a node-based environment and we can sell our product based on the node count; for a smaller organisation with 10-20 nodes, through to some of the largest customers in the world, with tens of thousands of nodes, we have a model that can be adapted for all.” IoT is an exciting paradigm and the wave is just starting to hit. However, Tammy asserts, “there is so much data and this can be used very maliciously. Be it a driverless