馃攳
Protecting Your Sensitive Data - YouTube
Channel: Google Cloud Tech
[2]
[Music]
[4]
hi I'm here with Chris law to learn more
[8]
about how to protect highly sensitive
[11]
data for being exfiltrated how do you
[14]
think happy to be here so I've seen a
[16]
lot of headlines over the last year
[18]
about big data breaches and they seem to
[21]
be getting bigger and bigger what's
[22]
going on yes
[24]
any company storing sensitive data needs
[26]
to be ready to protect against data
[27]
breaches and so when you say highly
[30]
sensitive data what do you mean exactly
[32]
highly sensitive data can be things like
[34]
social security numbers credit card
[36]
numbers or patient data this includes
[39]
things like PII that's personally
[41]
identifiable information financial
[43]
information or pH I and that's protected
[45]
health information but high sensitive
[48]
data could really be any data that your
[49]
company deems to be sensitive but the
[51]
good news is Google cloud can help
[53]
protect this data I'll show you how so
[55]
let's say you're building your finance
[57]
app and your partner is sending you a
[58]
bunch of data the partner we're sending
[60]
you both sensitive data in red here and
[63]
non sensitive data in green got it so I
[67]
really want to keep that red golf-ball
[69]
secure exactly now the easiest way to
[72]
get this data from the partner is to
[73]
create a public bucket in Google Cloud
[75]
and give them access to it so now as you
[77]
can see the partner is setting the
[78]
sensitive data and non sensitive data
[80]
all into this one bucket but there's a
[83]
problem with that setup and it's that
[85]
unauthorized parties can get access to
[86]
these public buckets and can accelerate
[88]
the data and any exposure of say social
[91]
security numbers or credit card
[92]
information put you and your company in
[95]
the headlines but the good news is
[96]
developers like yourself can use Google
[98]
clouds I did an access management system
[100]
or I am to restrict access to the bucket
[104]
that stores this sensitive data so how
[106]
does I am work with I am as a developer
[110]
you can control exactly which users have
[112]
access to the new restricted bucket and
[114]
each user will have to securely
[116]
authenticate in order to get any access
[118]
to data right so as a developer I can
[120]
just lock this bucket down so only a few
[123]
people can access it exactly anyone
[126]
trying to get access to data in your
[128]
restricted bucket needs to be authorized
[130]
before they can get access to any
[131]
sensitive data so I have this new
[134]
restricted bucket with limited access
[136]
how do I get the social security number
[139]
data into that bucket great question
[141]
well let's take a look at how you can do
[143]
it one way you can sort this social
[145]
security number data into this
[146]
restricted bucket is to do it manually
[150]
the problem with this approach is that
[152]
it might make a mistake and categorize
[153]
the data wrong so in this example I
[155]
might accidentally miss categorize the
[158]
social security number data and put it
[159]
into the public bucket exposing it to
[161]
the wrong people God for highly
[164]
sensitive data like this it makes sense
[166]
to automate this sensitive data
[168]
classification process as much as
[169]
possible and that's what developers use
[171]
Google clouds data loss prevention or
[173]
DLP API for DLP can identify over 90
[178]
plus different types of common sensitive
[180]
data types like Social Security numbers
[182]
and credit card numbers so with DLP
[185]
enabled now when the partner sends you
[187]
data DLP you will automatically identify
[189]
the social security numbers and
[191]
automatically put that data into the
[193]
restricted bucket amazing pretty cool
[195]
yeah so now that we've automated this
[197]
process we've got the sensitive data all
[199]
going into the restricted bucket and
[200]
only a few select users have access to
[203]
it great so kind of launched my app now
[206]
not just yet
[207]
this set up works fine as long as the
[209]
partner sends the data into the right
[211]
API but let's say they accidentally
[213]
email through a bunch of sensitive
[215]
social security number data so over here
[219]
we have a bunch of emails white golf
[221]
balls and emails with sensitive data
[223]
which are red golf balls anyone who
[226]
could receive this email can download
[227]
the social security number data to their
[229]
machine or forward it to a personal
[231]
drive and this makes it much more likely
[233]
to be exposed so how can we keep this
[235]
social security number data out of
[237]
inboxes to handle this problem you can
[239]
use Google clouds data loss prevention
[241]
technology in G suite so with G suite
[245]
DLP setup the social security number
[247]
data within the emails gets
[249]
automatically detected and moved into a
[251]
quarantine bucket and so now that social
[253]
security data doesn't have my inbox
[254]
exactly and once the data is moved into
[257]
the quarantine bucket admins can review
[259]
and handle it more securely
[261]
so we've got the social security number
[263]
data going securely into this restricted
[265]
bucket and now only a few select users
[269]
can access it but what's to stop one of
[272]
these legitimate users from just
[274]
stealing the data right great questions
[277]
insider attacks are also a threat so
[279]
even if you are putting the data in a
[281]
secure environment the user who is
[283]
granted access that data may have
[285]
malicious intent and might try to
[287]
exfiltrate the data leaks like this can
[289]
be contained and controlled using Google
[292]
clouds VPC service controls with VPC
[295]
service controls we can set up a secure
[297]
access zone that acts as a perimeter
[298]
around the sensitive data
[300]
so even insiders can't move the data out
[302]
so even a user I granted legitimate
[305]
access to would not be able to
[306]
exfiltrate that data that's right what
[309]
if an admin goes in and just changes
[311]
these settings with Google clouds for
[314]
SETI open source security tools you can
[316]
set up an alert so when an admin makes
[318]
any changes to sensitive data settings
[320]
an alert can be sent to cloud security
[322]
command center so that even admin access
[324]
can be monitored Wow
[326]
so are we ready to launch the app now
[328]
well let's take a look at your finance
[330]
app the partner is sending you social
[332]
security number data and it's all being
[334]
categorized in the right bucket there's
[337]
a secure access zone around the data and
[339]
even if the partner sends social
[341]
security number data via email that data
[344]
is automatically quarantined I think
[346]
you're ready to launch your app great
[348]
well Chris thanks for showing me how
[350]
developers and companies can protect
[353]
highly sensitive data like this with
[355]
Google cloud my pleasure
[362]
you
Most Recent Videos:
You can go back to the homepage right here: Homepage