gdpr ist da und jetzt? - magellan netzwerke gmbh · 2018-06-21 · let splunk professionals get you...
TRANSCRIPT
© 2017 SPLUNK INC.© 2017 SPLUNK INC.
GDPR ist da – Und jetzt?
Niko Kourtidis, Sales [email protected]
Juni 2018
Wie Maschinen Daten helfen Comliance zu schaffen
© 2017 SPLUNK INC.
GDPR/DSGVO im Netz
© 2017 SPLUNK INC.
GDPR/DSGVO im Netz
Google Suchen zum Thema
• “GDPR”: Ungefähr 123.000.000 Ergebnisse
• “DSGVO”: Ungefähr 21.700.000 Ergebnisse
• “DSGVO Abmahnung”: Ungefähr 618.000 Ergebnisse
GDPR
DSGVO
© 2017 SPLUNK INC.© 2017 SPLUNK INC.
Not GDPR compliant GDPR compliant With Splunk support
© 2017 SPLUNK INC.
Warum Maschinen Daten?
Die Artikel:
• 15 - Auskunftsrecht der betroffenen Person
• 17 - Recht auf Löschung („Recht auf Vergessenwerden“)
• 18 - Recht auf Einschränkung der Verarbeitung
• 21 - Widerspruchsrecht
• 22 - Automatisierte Entscheidungen im Einzelfall einschließlich Profiling
• 28 - Auftragsverarbeiter
• 30 - Verzeichnis von Verarbeitungstätigkeiten
• 32 - Sicherheit der Verarbeitung
• 33 - Meldung von Verletzungen … an die Aufsichtsbehörde
• 34 - Benachrichtigung der Verletzung des Schutzes an betroffenen Person
• 58 - Befugnisse (Überprüfung durch Aufsichtsbehörde)
• 82 - Haftung und Recht auf Schadenersatz
© 2017 SPLUNK INC.
Auskunftsrecht der betroffenenPerson
Überprüfung durch Aufsichtsbehörde
Sicherheit der Verarbeitung
3 Beispiele
© 2017 SPLUNK INC.
Auskunftsrecht der betroffenen Person
Ein Kunde (Person oder Firma) möchte Auskunft darüber erhalten, ….
….. Wie auf die Daten zugegriffen wurde
….. Von wem die Daten verarbeitet wurden
….. Ob die Daten gelöscht wurden
Maschinen Daten?
• Dateizugriffe
• Datenbank
• Applikation
• Web
© 2017 SPLUNK INC.
Überprüfung durch Aufsichtsbehörde
Die zuständige Aufsichtsbehörde führt ein Audit durch, ….
….. Um nach einem Vorfall zu prüfen
….. Um Compliance nachzuweisen
….. „State of the Art“ vorgehen zu prüfen
Maschinen Daten?
• Änderungen von Zugriffsrechten
• Firewall Änderungen
• Patchlevel auf Servern und Clients
• Gruppenrichtlinien überwachen
• Ergebnisse von Security Scans
© 2017 SPLUNK INC.
Sicherheit der Verarbeitung
Es ist zu einem Daten „Leck“ gekommen!
….. Wie ist es dazu gekommen?
….. Wer ist betroffen?
….. Hatte ich alles getan?
Maschinen Daten?
• SIEM Informationen
• Zugangsüberwachung
• Forensik über alle Datengrenzen hinweg
• Keine Daten gelöscht oder aggregiert
• Die Nadel im Nadelhaufen finden
© 2017 SPLUNK INC.© 2017 SPLUNK INC.
Turning Machine Data Into Business Value
Index Untapped Data: Any Source, Type, Volume Ask Any Question
Application Delivery
Security, Compliance and Fraud
IT Operations
Business Analytics
Industrial Data andthe Internet of Things
On-Premises
Private Cloud
Public
Cloud
Storage
Online
Shopping Cart
Telecoms
Desktops
Security
Web
Services
Networks
Containers
Web
Clickstreams
RFID
Smartphones
and Devices
Servers
Messaging
GPS
Location
Packaged
Applications
Custom
Applications
Online
Services
DatabasesCall Detail
Records
Energy MetersFirewall
Intrusion
Prevention
© 2017 SPLUNK INC.© 2017 SPLUNK INC.
Industry Leading Platform For Machine Data
Custom dashboards
Report and analyze
Monitor and alert
DeveloperPlatform
Ad hoc search
On-Premises
Private Cloud
Public
Cloud
Storage
Online
Shopping Cart
Telecoms
Desktops
Security
Web
Services
Networks
Containers
Web
Clickstreams
RFID
Smartphones
and Devices
Servers
Messaging
GPS
Location
Packaged
Applications
Custom
Applications
Online
Services
DatabasesCall Detail
Records
Energy MetersFirewall
Intrusion
Prevention
Platform Support (Apps / API / SDKs)
Enterprise Scalability
Universal Indexing
Machine Data: Any Location, Type, Volume Answer Any Question
Any Amount, Any Location, Any Source
Schema on-the-fly
Universal indexing
No back-end RDBMS
No need to filter data
© 2017 SPLUNK INC.
Why Splunk?
SQL Search
Schema at Write Schema at Read
Traditional Splunk
ETL Universal Indexing
Volume Velocity Variety
UnstructuredStructured
RDBMS
© 2017 SPLUNK INC.
Ingests Data From Heterogeneous Data SourcesAgent-Less and Agent Approach for Flexibility and Optimization
Mounted File Systems\\hostname\mount
syslogTCP/UDP
Event Logs
Performance
Active
Directory
syslog hosts
and network devices
Unix, Linux and Windows hosts
Local File MonitoringSplunk Forwarder
virtual
host
Windows
Scripted or Modular Inputsshell scripts, API subscriptions
Mainframes*nix
Wire DataSplunk App for Stream
DevOps, IoT,
ContainersHTTP Event Collector
shell
API
perf
© 2017 SPLUNK INC.
Report on Data Processing
Search and Report
on Personal Data
Processing
Article 30 - Records of Processing Activity
Article 5, 15, 17, 18, 21, 22 and 28 - Data Subject Rights
Supply chain
Obligations
Right to be
Forgotten
Right of
rectificationRight of access
Right of data
portability…
Glass Tables
Key Security Indicators
Data Normalization
© 2017 SPLUNK INC.
© 2017 SPLUNK INC.
Build custom reports/dashboards
16
© 2017 SPLUNK INC.
Splunk invited Freddy Dezeure, former head of CERT-EU, to provide advice on how to operate your SIEM in compliance with the GDPR.
▶ The most relevant aspects to understand its impact to log management
▶ Understanding the risk of processing and storing log data in the context of GDPR
▶ Obligations and precautions to take to comply and maintain visibility
▶ Specific compliance guidance and use cases for network and information security logs
Whitepaper: A Layman’s Guide on How to Operate Your SIEM Under the GDPR
▶ https://www.splunk.com/en_us/form/how-to-operate-your-siem-under-the-gdpr.html
© 2017 SPLUNK INC.
GDPR Advice from the
information commisioner office
© 2017 SPLUNK INC.
What we seeThe challenge from legal interpretation to actual implementation
© 2017 SPLUNK INC.
How Splunk helps you with GDPR compliance
© 2017 SPLUNK INC.
▶ Recently in the news!
▶ Joint Webinar• https://www.brighttalk.com/webcas
t/15511/284271/ucas-protects-student-data-with-proactive-threat-detection
How Spunk helps UCAS
© 2017 SPLUNK INC.
Getting to know us a littleThe world’s only national centralised organisation processing applications to higher education.
Our customer(s)Circa 800,000 applicants, Circa 600,000 placed4 million applications, in over 6,000 registered centres, to 388universities & colleges & 1200 schools. This includes UK & international schools, agents and advisers from over 100 countries.
Our priorities in ITProtecting circa 800k Student Records (across multiple schemes) and ensuring availability of our services throughout the year including during our peak periods of activityData flows from applications to universities and backMaintaining service levels throughout the year but with specific focus during August
© 2017 SPLUNK INC.
National News at UCAS on results day
© 2017 SPLUNK INC.
Personal Data you collect, store and process
Database
•Security Controls
•Security Technology
Business Application(s)
•Security Controls
•Security Technology
Web service, Middleware, Server, Storage, Authentication
•Security Controls
•Security Technology
Network, Endpoints
•Security Controls
•Security Technology
Your processing stack might look like this
© 2017 SPLUNK INC.
How Spunk helps UCASCentralized Platform for all their machine data
© 2017 SPLUNK INC.
Let SplunkProfessionals get you to GDPR Visibility Faster
GDPR Implementation
Success Packages
Category Outcome Basic Standard Enhanced
Understanding and
Architecting
Workshop to determine success criteria, challenges,
opportunities, and customize implementation plan.✔ ✔ ✔
Install Best-Practice Splunk Architecture or
Splunk Brief Optimization Check Multi-Tier Redundant Redundant
Collect Data in to Splunk or
GDPR Data Identification/Optimization Workshop
Limited to
5 Data
Types
(prev.
page)
+ 1
Application'
s Data
+ 2
Applications'
Data
Workshop to identify GDPR Assets ✔ ✔ ✔
Install Splunk Enterprise Security or
Enterprise Security Brief Optimization Check✔ ✔ ✔
Security Visibility
Implementation of 12 GDPR Security Use Cases ✔ ✔ ✔
Tuning of 12 GDPR Security Use Cases ✔ ✔ ✔
Installation and testing of GDPR high-level dashboard
highlighting GDPR-related Use Case activation✔ ✔ ✔
Application Visibility
Application Data Collection via Databases ✔ ✔
Application Data Collection via Network Tap ✔
Logging Best Practices Workshop ✔
Application Data Identification Workshop 1 3
Application Data Normalization 1 3
Build and tune customized Glass Table for visualization 1 2
Optimization Check 6 Months After Engagement ✔