Applying Auto-Data Classification Techniques for Large Data Sets
1 like833 views
The document discusses the implementation of auto-data classification techniques at Cisco to manage growing volumes of structured and unstructured data, which is projected to increase significantly in the coming years. It emphasizes the need for automated classification capabilities to enhance data governance, control, and security while streamlining user decision-making processes. Additionally, it details a structured data case study examining different approaches to data protection and the economic implications of manual versus automated classification methods.
Applying Auto-Data Classification Techniques for Large Data Sets
- 1. SESSION ID: #RSAC Anchit AroraApplying Auto-Data Classification Techniques for Large Data Sets Program Manager InfoSec, Cisco PDAC-W02
- 2. #RSAC • Complex work models: always accessible, remote & mobile workers • Definition of perimeter: Cloud, Customer & partners • Users choose devices (BYOD) The proliferation of data and increase in complexity 1995 2006 2014 9 to 5 in the office Emergence of Internet & mobility The Human Network 2020 The Internet of Everything BYOD & Externalization Pace • Enterprise data collection to increase 40 to 60 % per year* • Experts predict the amount of data generated annually to increase 4300% by 2020 * Complexity • Big data architectures, low storage cost, Increase of data retention • 80% of data generated today is unstructured • Data generated worldwide will reach 44 zettabytes by 2020* Volume * Numbers and statistics from Gartner, Gigaom Research, CSC, Seagate
- 3. #RSAC Auto-classification: The why and what 3 Desired business outcome: At Cisco we want to provide additional sensitivity context to structured and unstructured data, to be able to apply controls more effectively Scope: Our aim is to have an automated classification capability for all structured data systems, and provide capability to better govern/control generation of unstructured data which is created as a result of export from structured data systems using label/field association to each record set
- 4. #RSAC Use-case: From structured to unstructured 4 SoR SoE Structured data system (SoR) Classification Engine algorithms and dictionaries IndexerAPI Classification Index all existing and newly written data is indexed and classified based on algorithm and dictionary defined for the SoR Provide classification information to the user – or access policy based on class to the application UI Export (E) & tag
- 5. #RSAC 5 Box.com is an external cloud platform used by Cisco for collaboration and storage of data Security questions to ask: What is this data? What’s the source of the data? Who owns this data? What’s the sensitivity of the data? Is all data equally sensitive (this is the essence for optimal security)? What’s the level of security required? An unstructured data use-case: box.com
- 6. #RSAC Should we ask the user to govern security? 6 Can we expect the user to make the right security decision with all this complexity involved in decision making? The user needs to be very knowledgable to make the right decision The answer is No: But however many systems are designed to have users govern security - Recognize data categories in systems with unstructured data Classify data in any data system Set data securitypolicy Securely export data out of the system Making the shift from user governed to data owner governed
- 7. #RSAC Data Management Policy Enforcement Governance of Data by Data Owner Data Protection capabilities Data Intelligence & monitoring capabilities Governance of Data by End User How to make the shift to a data owner model? Classify Sensitivity Data Taxonomy Recognize Data Type Tag Across various data types: Engineering, Customer, Finance, HR
- 8. #RSAC Conceptual approach 8 Discover Recognize Classify Find data objects Identified Data Sensitivity1 Large unstructured generic data repositories Classification mostly unknown Data Sensitivity2 Data Sensitivity3 Data Sensitivity4 Structured data systems (SoR)
- 9. #RSAC Structured data case study: Engineering & Customer data protection in context of bug Information
- 10. #RSAC A case study: Bug information 10 Millions of bugs + product bugs, 3 approaches available to protect: 1. Treat all bugs equally, and apply ‘very strict’ controls on all bugs • In heterogenic data models , most data is ‘Over’-protected • Limits business ability and User experience 2. Treat all bugs equally, and apply ‘loose’ controls on all bugs • Results in ‘Under’-protected data 3. Apply the right amount of protection on a bug, based on sensitivity • Balanced security and cost applied – just the right amount of security!
- 11. #RSAC Setting the foundation for auto-class 11 Category: Is a bug Product development lifecycle: Sustaining Severity: Sev1, Status: Open Found by Customer Customer network topology Belongs to hardware A Sensitive software bug in CDETSInventory Process Identify • Identify the most sensitive IP and IP’s appropriate owner(s) Define • Define data use and access rules for the most sensitive IP Translate • Translate rules into IT enforceable policies The inventory process engages the business to build out the data taxonomy and a model of the sensitivity
- 12. #RSAC The proof is in the numbers!! 12 Parameter Value Average time to classify a single bug 5 minutes Total number of bugs 7 Million Time to classify 35 Million minutes Cost/min of SME analyst $ 0.83/Min Cost to classify $ 29 Million Additional costs to consider for manual: Training: For consistent user behavior Change to business: Cleaning legacy Change to applications and Infrastructure Parameter Value Average time to classify a single bug* 0.002 minutes Total number of bugs 7 Million Time to classify 14,000 Minutes Estimated cost for Infrastructure and resources required to classify $ 0.25 Million Auto-Classification approach Manual approach Accuracy Results 83%
- 13. #RSAC The most sensitive data is just a small portion 13 < 1% Restricted 2.5% Highly Confidential
- 14. #RSAC How did we execute the methodology? 14 AS-IS: New SoR integration for Auto-Class # Phase Scope 1 Engage Identify SoR and engage stakeholders to communicate expectations, R&R, Identify data workflow (user stories) and data categories. Plan and establish scope and planning of the SoR integration 2 Attribute Analysis of data, database fields, record and build a data sensitivity model / algorithm to be able to classify the data 3 Develop Development of attribution and scoring algorithm into the classification engine and perform indexing of datasets 4 Validate Validation and tuning of classification results of the classification engine to ensure accuracy of the output 5 Integrate Integration of classification data with the source system 6 Protect Planning and implementation of protective measures in the source system for sensitive data classes Engage Attribute Develop Validate Integrate Protect A 6 step workflow, for structured data (SoR)
- 15. #RSAC Building an attribution model 15 Attribute A, Attribute B, Attribute C ……………………. Attribute L, Attribute M, Attribute N…………… Attribute X, Attribute Y, Attribute Z…… All available source system built-in attributes Selected attributes and values Extracted entities from free-text fields and attachments: Attribution model Weights Scoring equation Values and scores Classification rules Data freshness Contextual information Extracted entities
- 16. #RSAC How to create a similar solution for your organization? 16 Engage •System Identification •Stakeholder identification •Source system data fields •Field analysis •Field type analysis •Data record analysis •Define Dictionary •Candidate fields •Feasibility •Socialization Attribute •Field value assignment •Field correlation •Weight scoring •Sensitivity scoring Develop •Classification engine Infrastructure Setup •Classification engine configuration •Coding of classification algorithm Validate •Sample size scoping •Sample size indexing •Validation of sample set •Statistical validation of sample set •Tune •Result socialization Integrate •Design •User stories •Source system tagging (application tagging) •Stakeholder Socialization Protect •Access control •Behavior monitoring •Source System Secure design •Source System compliance •Export control •Import control •Data Loss
- 17. #RSAC Now what? - Prevent, Detect and Educate 17 Data Visibility Prevent DetectEducate • Restrict access to the application and through search • Fine grain access based on data classification • Tag source systems and docs w/ classification metadata • Focus on most sensitive data • Integration with DLP solutions • Data science Policy Driven, Context-Based Access Control Access Visibility Control Restricted Why • Bug Status: Open • Bug Severity: Critical • Keywords: Customer:
- 18. #RSAC Q&A 18 Anchit Arora Program Manager InfoSec, Data Security Analytics Team [email protected]