How is your enterprise software company handling sensitive data? IronCore CEO Patrick Walsh's presentation, which you can watch here (https://www.youtube.com/watch?v=LNAC2R39HFA), challenges common assumptions about the traditional perimeter and proposes a new data privacy mindset and solution.
28. @zmre
Name Account Balance
1 John Smith $5,000
2 Pam Jones $123,000
3 Jeff Bezos $126,000,000,000
4 Alice Walker $1,201,532
Removed
to isolated
lookup
table
But can you guess which one is Bezos?
Separate Out Names
1/4
30. @zmre
k-anonymize
Name Account Balance
1 * $0 - $150,000
2 * $0 - $150,000
3 * $1,000,000 - ∞
4 * $1,000,000 - ∞
3/4
Make sure at least k people have identical rows.
Typically done with bucketing.
But be careful this doesn’t join to other data…
Name Account Balance
1 John Smith $5,000
2 Pam Jones $123,000
3 Jeff Bezos $126,000,000,000
4 Alice Walker $1,201,532
2-anonymity
31. @zmre
Differential Privacy
App1 App2 App3
1 1 1 0
2 0 1 1
3 0 0 0
4 0 1 0
4/4
Random values mixed in
Aggregate values are approximately correct.
Hard to say for sure if any one person has App2.
37. @zmre
Encryption Proxy
2/4
Client CASB App DB
Client App DB Proxy DB
• CASB pattern puts the
customer in control, but can
be terrible for functionality
breaking.
• DB Proxy pattern makes life
slightly more annoying for
hackers, if they somehow
hacked the DB but not the
app.
CASB
In-house