Profile

Cover photo
Ulf Mattsson
Works at Protegrity
Attended Chalmers University of Technology
Lives in Connecticut, USA
89 followers|4,757 views
AboutPostsPhotosVideos

Stream

Ulf Mattsson

Shared publicly  - 
 
I agree that "New innovations in card security, like tokenization, are part of a broader push by banks to improve security for the electronic payments system. While tokenization provides greater security for online and mobile payments, other technologies will provide more secure transactions at physical stores," but PII should also be protected by tokenization.
The Information Source for Payments and Bank Channel Professionals… Focused Content, Expert Insights, Timely News powered by Mercator Advisory Group
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
We know that we have an industry-wide shortage in big data skills and data security personnel. This will not change any time soon.

My view is to reach the goal of securing the data while preserving its value for analytics, the data itself must be protected at as fine-grained a level as possible.

Securing individual fields allows for the greatest flexibility in protecting sensitive identifying fields while allowing nonidentifying information to remain in the clear. The Hortonworks Hadoop distribution is a leader in this area.

By protecting data at a very fine-grained level—fields or even part(s) of a field—we can continue to reap the benefits of data monetization while putting forth a significant barrier to data theft. I talk more about this issue here (http://www.sramanamitra.com/2014/10/03/thought-leaders-in-big-data-ulf-mattsson-cto-of-protegrity-part-1/).
MONTREAL – Edzard Overbeek, the senior vice president of Cisco Services, was relatively unknown until the company put forth his name as a
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I can understand that "consumers increasingly worry about the security of their personal information and if their right to data privacy has become non-existent," since "90% of the data in the world today has been created in the last two years alone," according to IBM. And EMC Corporation forecasts the digital universe of Internet of Things has doubled every two years and may be increased 10-fold between 2013 and 2020 from 4.4 trillion to 44 trillion gigabytes. According to forecasts by Gartner, by 2020 there will be in circulation of more than 26 billion connected devices. I think that it is unrealistic to believe that billions of existing devices connected to the internet can be adequately protected at the device level. Likewise, we cannot wait for a new generation of secure devices to be developed. Instead, it’s incumbent upon the companies that send and collect sensitive information about the users of these devices to be better custodians of that data. That will require implementing robust and layered risk management controls as well as encrypting or tokenizing that data while it’s stored on the company'€™s servers, being used for analytics in Big Data environments, or shared with other cloud-based services.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 

I can understand that “69 percent of respondents' CEOs or boards of directors had queried their security teams regarding specific security policies in the wake of recent high-profile breaches.” Ponemon Institute published an interesting survey related to the recent spate of high-profile cyber attacks. According to the survey database security was recommended by 49% of respondents, but the study found that organizations continue to allocate the bulk of their budget (40%) to network security and only 19% to database security. Ponemon concluded that “This is often because organizations have traditionally spent money on network security and so it is earmarked in the budget and requires no further justification.” We are seeing a number of common issues across recent data breaches, stealing our most sensitive data, and I think it is time to re-think our security approach and be more data-centric. It is critical to protect sensitive data wherever it is stored, including the enterprise and the cloud.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I find it very interesting that "More recently the technology has enabled dynamic data masking, which masks data on the fly,” and I
think that the sensitive data need to be masked across the entire life cycle of test, analytics and production systems, including big data, cloud. All systems are under attack.

I agree that “Watch for the ability to mask across big data platforms,” and I found great advice in a new Gartner report, “Protecting
Big Data in Hadoop”.

I agree that modern Data masking is "An essential tool to counter the threat of insider data theft.”

Ulf Mattsson, CTO Protegrity
There are a number of technologies infosec pros have at hand for protecting sensitive data, but the most common is encryption. However,
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I think of "Big Data Governance" and the goals of "Decreasing the risk of regulatory fines" and "Improving data security" as another important challenge. There is an industry-wide shortage in big data skills and data security personnel.

My view is to reach the goal of securing the data while preserving its value for analytics, the data itself must be protected at as fine-grained a level as possible. Securing individual fields allows for the greatest flexibility in protecting sensitive identifying fields while allowing nonidentifying information to remain in the clear.

By protecting data at a very fine-grained level—fields or even part(s) of a field—we can continue to reap the benefits of data monetization while putting forth a significant barrier to data theft. I talk more about this issue here (http://www.sramanamitra.com/2014/10/03/thought-leaders-in-big-data-ulf-mattsson-cto-of-protegrity-part-1/ ).
...complicating Big Data Governance and Big Data Quality. Some of the more prominent ways in which Big Data does so include:
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree that "the bigger issue is how you safeguard your data when it’s in the hands of a third party that may not follow good security practices" and "When you give a company your personal or financial data, you aren’t just giving it to that company, you’re giving it to every company that company works with."

I think that the sensitive data itself need to be selectively protected across the entire life cycle of the data.

I found great advice in a Gartner report, covering enterprise and cloud, analyzed solutions for Data Protection and Data Access Governance and the title of the report is "Market Guide for Data–Centric Audit and Protection.” The report concluded that "Organizations that have not developed data-centric security policies to coordinate management processes and security controls across data silos need to act."

Aberdeen Group reported in a very interesting study with the title “Tokenization Gets Traction” that tokenization users had 50% fewer security-related incidents than non-users and 47% of respondents are using tokenization for something other than cardholder data. Aberdeen also has seen a steady increase in enterprise use of tokenization as an alternative to encryption for protecting sensitive data.
Muddu Sudhakar is a seasoned and successful entrepreneur with more than 20 years experience working with Silicon Valley companies. He co-founded and is currently CEO of Caspida, a cybersecurity company based in Palo Alto, Calif. that detects unknown and hidden threats without rules, signatures, sandboxing or human analysis. Caspida uses [...]
1
Add a comment...
Have him in circles
89 people
Vic Levy's profile photo
Daniel O'Connell's profile photo
Eddie Adams's profile photo
고민준's profile photo
John Bingham's profile photo
ajm azaam's profile photo
Qing “Matt” Zhang's profile photo
Theme Partyplanners's profile photo
Agustin Gonzalez's profile photo

Communities

Ulf Mattsson

Shared publicly  - 
 
It sounds very promising that "OpenStack is going to solve this and now we can have full data and full security."
MONTREAL – Edzard Overbeek, the senior vice president of Cisco Services, was relatively unknown until the company put forth his name as a
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree that “With recent breaches, including Target, Sony, and JP Morgan, it is understandable that organizations are hesitant about putting their data into the cloud.”
Strong authentication is always important for cloud applications.
I found some good news in a report about cloud security from Gartner. The report concluded that “Cloud Data Protection Gateways” provides a “High Benefit Rating” and “offer a way to secure sensitive enterprise data and files stored in SaaS applications”.
This approach can be very effective in addressing attacks against data in cloud environments and compliance with stringent regulations.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I can understand that " Security professionals and others are concerned about the risk of unauthorised access to data as a new breed of internet-connected devices collect and combine data in an unprecedented way." This is a growing problem and "90% of the data in the world today has been created in the last two years alone," according to IBM.

And EMC Corporation forecasts the digital universe of Internet of Things has doubled every two years and may be increased 10-fold between 2013 and 2020 from 4.4 trillion to 44 trillion gigabytes.

According to forecasts by Gartner, by 2020 there will be in circulation of more than 26 billion connected devices.

I think that it’s unrealistic to believe that billions of existing devices connected to the internet can be adequately protected at the device level. Likewise, we cannot wait for a new generation of secure devices to be developed. Instead, it’s incumbent upon the companies that send and collect sensitive information about the users of these devices to be better custodians of that data.

That will require implementing robust and layered risk management controls as well as encrypting or tokenizing that data while it’s stored on the company’s servers, being used for analytics in Big Data environments, or shared with other cloud-based services.
It is possible to mitigate the privacy and security risks of the internet of things (IoT) without losing its benefits, according to an industry expert
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree “that it would be through tokenization and encryption that merchants could save money and protect against attacks.”
I’m even more concerned about identity theft and I think that all sensitive data should be protected across the entire data flow.
Unfortunately “The Payment Chain” does not care about security for our personal data. I think that we need effective enforcement of PII data security to improve this issue.
Aberdeen Group reported in a very interesting study with the title “Tokenization Gets Traction” that tokenization users had 50% fewer security-related incidents than non-users and 47% of respondents are using tokenization for something other than cardholder data.
Aberdeen also has seen a steady increase in enterprise use of tokenization as an alternative to encryption for protecting sensitive data.
It is time to secure all sensitive data across the entire data flow.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
Great if "HYPR may make tokenization an everywhere tech."

I have a concern is that the EMV Chip and PIN Cards does not protect against malware attacks like those we have been reading about in the news. Nor does it prevent card-not-present attacks and not against attacks beyond payment data, as seen in recent breaches.

I recommend a wider use of the promising tokenization technology that is effective to protect the entire data flow of sensitive data. This type of technology can also be used to mitigate the risks associated with other sensitive information, including personal information.

We urgently need the data tokenization approach to defend against the growing trend in data breaches. The hackers tend to be one step ahead of the good guys.
HYPR aims to do for everything else what ApplePay has done for payments
1
Add a comment...
People
Have him in circles
89 people
Vic Levy's profile photo
Daniel O'Connell's profile photo
Eddie Adams's profile photo
고민준's profile photo
John Bingham's profile photo
ajm azaam's profile photo
Qing “Matt” Zhang's profile photo
Theme Partyplanners's profile photo
Agustin Gonzalez's profile photo
Communities
Education
  • Chalmers University of Technology
  • IBM Management School
  • Stockholm University
  • Polhem Institute of Technology
  • Kungsladugardsskolan
  • Skytteskolan
Basic Information
Gender
Male
Story
Introduction
I created vault-less data tokenization and the architecture of Protegrity's data centric security technology. Prior to joining Protegrity, I worked 20 years at IBM in software development and as a consulting resource to IBM's Research organization, specialized in the areas of IT Architecture and IT Security. I received my US Green Card of class 'EB 11 - Individual of Extraordinary Ability' after endorsement by IBM Research in 2004.
I am the inventor of more than 20 patents in the areas of Encryption Key Management, Policy Driven Data Encryption, Internal Threat Protection, Data Usage Control and Intrusion Prevention. One line of my research during the last 15 years is in the area of managing and enforcing policies (security, encryption, audit) for databases, including more than 10 joint projects with research and development teams at IBM, Microsoft, Hewlett-Packard, Oracle, Sybase, Informix, Teradata, and RSA.
I am a research member of the International Federation for Information Processing (IFIP) WG 11.3 Data and Application Security, ANSI X9 and IEEE. Leading journals and professions magazines, including IEEE Xplore and IBM Journals, have published more than 100 of my in-depth professional articles and papers.
I received Industry's 2008 Most Valuable Performers (MVP) award together with technology leaders from IBM, Cisco Systems., Ingres, Google and other leading companies. I have given a series of presentations at leading security and database conferences in US, Europe and ASIA, and frequent tutorials at the Information Systems Security Association (ISSA) and Information Systems Audit and Control Association (ISACA). I received a master's degree in physics in 1979 from Chalmers University of Technology in Sweden, and degrees in electrical engineering and finance.
Bragging rights
Invented vault-less data tokenization
Work
Occupation
Chief Technology Officer
Employment
  • Protegrity
    Chief Technology Officer, present
  • IBM
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Connecticut, USA
Previously
Sweden - Stockholm, Gothenburg
Contact Information
Home
Email
Work
Email