Profile

Cover photo
Ulf Mattsson
Works at Protegrity
Attended Chalmers University of Technology
Lives in Connecticut, USA
97 followers|6,032 views
AboutPostsPhotosVideos

Stream

Ulf Mattsson

Shared publicly  - 
 
I agree that “Data residency is a key concern, and many countries’ regulations do not allow exporting of personal data or its storage to another country. Knowing where your data resides requires transparency from your provider.”

I found interesting projects that addressed this challenge and one project included incoming source data from various European banking entities, and existing data within those systems, which would be consolidated in another country.

One project achieved compliance with the strict EU Cross Border Data Security laws, Datenschutzgesetz 2000 - DSG 2000 in Austria, and Bundesdatenschutzgesetz in Germany by using a data tokenization approach, protecting the data before sending and storing it in the cloud.

This new technology development makes it easy to store data outside the domestic borders and at the same time be compliance to regulations and also ensure that the data remains secure and private.

Ulf Mattsson, CTO Protegrity
The benefits of cloud are vast and significant. Cloud enables rapid deployment, provisioning, and scaling of IT resources and data. It also shortens development time, reduces waste, and lowers costs. But despite increasing cloud adoption rates, some companies still do not rush to move its workloads and applications to the cloud due to some common myths and delusions that are more fluff than fact.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I can understand that “just7% of experts said anti-virus software was one of their top three precautions,fully 42% of non-experts rated it that highly.”

We know that malware tries to hide from its victims. For example, it may delete its icon so that it won’t be noticed. Even if the malware is detected it could be hard to notice in the noise from state of the art malware detection systems. The Target data breach had this type of situation. I think that we should expect that we are breached and already have malware in our systems. McAfee Labs researchers recently reported a steady growth in malware. 

I suggest that all sensitive data should be protected when flowing through our computer systems. Data tokenization proved to be a cost effective approach to secure the sensitive data itself across the entire data flow. Recent studies reported that data tokenization can cut security incidents by 50 % compared to alternative data protection methods.

Ulf Mattsson, CTO Protegrity
Google researchers say that experts and non-experts go about protecting their digital privacy in very different ways, according to survey results they plan to present at the upcoming Symposium on Usable Privacy and Security.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 

I agree that “Encryption Isn't Enough.” We are seeing a number of common issues across recent data breaches, stealing our most sensitive data, and I think it is time to re-think our security approach and be more data-centric. The large credit card breaches at Target, Home Depot, etc. - would not have amounted to anything if the data had been tokenized or encrypted. I think that we urgently need data neutralized to reduce its value to hackers.

Aberdeen Group reported in a very interesting study with the title “Tokenization Gets Traction” that tokenization users had 50% fewer security-related incidents than non-users and 47% of respondents are using tokenization for something other than cardholder data. Aberdeen also has seen a steady increase in enterprise use of tokenization as an alternative to encryption for protecting sensitive data.

Tokenization and improved authentication can be the game changers we urgently need in fighting data breaches. The payment industry is now adopting tokenization as a way to limit fraud.

Ulf Mattsson, CTO Protegrity
Companies need to focus on developing secure coding practices and security education.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree that “To prevent users from taking advantage of their privileges, it is essential to enable continuous monitoring.”
 
Usage patterns of sensitive data need to be monitored and the data itself need to be “neutralized” by encryption or tokenization. I think that a layered approach to security can be very powerful.

We are seeing a number of common issues across recent data breaches, stealing our most sensitive data, and I think it is time to re-think our security approach and be more data-centric.

Ulf Mattsson, CTO Protegrity
While it is impossible to prevent all data breaches, digital watermarking of sensitive data can let organizations know immediately not only if it has been stolen, but where and how it is being accessed. That's a lot better than the average seven months it takes to discover a breach.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree that “businesses need more insights to understand location, type and risk of data, and to protect the most critical," and "de-identify/de-sensitise private and confidential data."

I recently read the Gartner Report "Big Data Needs a Data-Centric Security Focus" concluding "In order to avoid security chaos, Chief Information Security Officers (CISOs) need to  approach big data through a data-centric approach.

The report suggests that new data-centric audit and protection solutions and management approaches are required.

Ulf Mattsson, CTO Protegrity
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree - "Protect your data," and "ensuring that you are not vulnerable to hacking attempts and data breaches." I think that the amount of sensitive data collected will become increasingly difficult and important to protect from manipulation and theft.

We are seeing a number of common issues across recent data breaches, stealing our most sensitive data, and I think it is time to re-think our security approach and be more data-centric.

Ponemon Institute published an interesting survey related to the recent spate of high-profile cyber attacks. According to the survey database security was recommended by 49% of respondents, but the study found that organizations continue to allocate the bulk of their budget (40%) to network security and only 19% to database security. Ponemon concluded that “This is often because organizations have traditionally spent money on network security and so it is earmarked in the budget and requires no further justification.”

It’s incumbent upon the companies that collect sensitive information about the users of these devices to be good custodians of that data.

That will require implementing robust and layered risk management controls as well as encrypting that data while it’s stored on the company’s servers, being used for analytics in Big Data environments, or shared with cloud-based services.

Ulf Mattsson, CTO Protegrity
To realize the full potential of the IoT, businesses need these capabilities to support the capture and analysis of data and to take immediate action.
1
Add a comment...
Have him in circles
97 people
kousik chinna's profile photo
Joel Kutner's profile photo
birthdayparty Planner's profile photo
Paul Dunay's profile photo
BlogIn Tech's profile photo
Jyotiprasad (JP) Bhatt's profile photo
Al Puzyreff's profile photo
Thue Tau Du Lich's profile photo
Rathnadeep Kanaparthi's profile photo

Communities

Ulf Mattsson

Shared publicly  - 
 
I agree that "even after your preventive controls are perfect, some trusted people will still need access to data. And organizations need to watch and analyze how they use it," and "Encryption alone won’t help." I think a retrieval limit can be effective and minimize data loss.

I think that we urgently need to neutralize sensitive data to reduce its value to hackers. Aberdeen Group reported in a very interesting study with the title “Tokenization Gets Traction” that tokenization users had 50% fewer security-related incidents than non-users and 47% of respondents are using tokenization for something other than cardholder data.

Aberdeen also has seen a steady increase in enterprise use of tokenization as an alternative to encryption for protecting sensitive data.

Ulf Mattsson, CTO Protegrity
 
The Office of Personnel Management and UCLA Health have both been under fire in the media this summer for failing at one of the most universal standards for data security: encryption #infosec   #encryption
The Office of Personnel Management and UCLA Health have both been under fire in the media this summer for failing at one of the most universal standards for data security: encryption.  The security industry is in dismay that these sophisticated government and healthcare organizations overlooked the importance of encrypting sensitive patient and employee information.  Why doesn’t everyone just encrypt everything? Wouldn't that stop all these bre...
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree that "The other huge area is data privacy." The collected data can be a slow brew of gathering risk without sufficient safeguards.

To reach the goal of securing the data while preserving its value, the data itself must be protected at as fine-grained a level as possible. Securing individual fields allows for the greatest flexibility in protecting sensitive identifying fields while allowing nonidentifying information to remain in the clear.

Anonymizing privacy data completely may not be feasible in a monetizing scenario, but deidentifying the most sensitive information, e.g., names, social security numbers, birth dates, is vital to protecting the privacy of individuals.

Using data protection methods such as tokenization can also allow businesses to preserve the type and length of the data, as well as deidentifying only part of the data fields, while leaving the relevant parts in the clear, such as exposing a birth year rather than the entire date. This will keep the data usable for third parties to analyze, while helping to protect the privacy of the individuals who make up the data.

We may not be able to completely prevent hackers from stealing data, but we can make it far more difficult for them to cause significant damage with it. By protecting data at a very fine-grained level—fields or even part(s) of a field—we can continue to reap the benefits of data monetization while putting forth a significant barrier to identity theft.

Ulf Mattsson, CTO Protegrity
From big data discovery to multipolar analytics, here is insight on some of the latest big data trend questions.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree that “To prevent users from taking advantage of their privileges, it is essential to enable continuous monitoring.”
 
Usage patterns of sensitive data need to be monitored and the data itself need to be “neutralized” by encryption or tokenization. I think that a layered approach to security can be very powerful.

We are seeing a number of common issues across recent data breaches, stealing our most sensitive data, and I think it is time to re-think our security approach and be more data-centric.

Ulf Mattsson, CTO Protegrity
While it is impossible to prevent all data breaches, digital watermarking of sensitive data can let organizations know immediately not only if it has been stolen, but where and how it is being accessed. That's a lot better than the average seven months it takes to discover a breach.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree that “Governance standards can be established based upon big data business use cases. Who should have access to the data, and how much access should various individuals have? Are there data privacy issues involved?"

I recently read the Gartner Report "Big Data Needs a Data-Centric Security Focus" concluding "In order to avoid security chaos, Chief Information Security Officers (CISOs) need to approach big data through a data-centric approach. The report suggests that new data-centric audit and protection solutions and management approaches are required.

To reach the goal of securing the data while preserving its value, the data itself must be protected at as fine-grained a level as possible. Securing individual fields allows for the greatest flexibility in protecting sensitive identifying fields while allowing nonidentifying information to remain in the clear. 

Anonymizing privacy data completely may not be feasible in a monetizing scenario, but deidentifying the most sensitive information, e.g., names, social security numbers, birth dates, is vital to protecting the privacy of individuals.

Using data protection methods such as tokenization can also allow businesses to preserve the type and length of the data, as well as deidentifying only part of the data fields, while leaving the relevant parts in the clear, such as exposing a birth year rather than the entire date. This will keep the data usable for third parties to analyze, while helping to protect the privacy of the individuals who make up the data.

We may not be able to completely prevent hackers from stealing data, but we can make it far more difficult for them to cause significant damage with it. By protecting data at a very fine-grained level—fields or even part(s) of a field—we can continue to reap the benefits of data monetization while putting forth a significant barrier to identity theft.

Ulf Mattsson, CTO Protegrity
Get expert advice about managing data quality, public clouds, governance standards, and much more in your big data projects.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree that “For years, cloud computing progressed at a faster rate than cloud security could protect it. Starting in 2015 and beyond, that gap looks to be closing.”

Gartner released the report “Simplify Operations and Compliance in the Cloud by Protecting Sensitive Data” in June 2015 that highlighted key challenges as “cloud increases the risks of noncompliance through unapproved access and data breach.”

The report recommended CIOs and CISOs to address data residency and compliance issues by “applying encryption or tokenization,” and to also “understand when data appears in clear text, where keys are made available and stored, and who has access to the keys.”

Another recent Gartner report concluded that “Cloud Data Protection Gateways” provides a “High Benefit Rating” and “offer a way to secure sensitive enterprise data and files stored in SaaS applications”.

Ulf Mattsson, CTO Protegrity
Cloud computing has developed a bad reputation for security, but it will soon provide tighter security than traditional on-premises IT. Here's why.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
Presentation by Ulf Mattsson - "Where Data Security and Value of Data Meet in the Cloud" at ISSA Phoenix Chapter on Jul 14 2015
1
Add a comment...
People
Have him in circles
97 people
kousik chinna's profile photo
Joel Kutner's profile photo
birthdayparty Planner's profile photo
Paul Dunay's profile photo
BlogIn Tech's profile photo
Jyotiprasad (JP) Bhatt's profile photo
Al Puzyreff's profile photo
Thue Tau Du Lich's profile photo
Rathnadeep Kanaparthi's profile photo
Communities
Education
  • Chalmers University of Technology
  • IBM Management School
  • Stockholm University
  • Polhem Institute of Technology
  • Kungsladugardsskolan
  • Skytteskolan
Basic Information
Gender
Male
Story
Introduction
I created vault-less data tokenization and the architecture of Protegrity's data centric security technology. Prior to joining Protegrity, I worked 20 years at IBM in software development and as a consulting resource to IBM's Research organization, specialized in the areas of IT Architecture and IT Security. I received my US Green Card of class 'EB 11 - Individual of Extraordinary Ability' after endorsement by IBM Research in 2004.
I am the inventor of more than 20 patents in the areas of Encryption Key Management, Policy Driven Data Encryption, Internal Threat Protection, Data Usage Control and Intrusion Prevention. One line of my research during the last 15 years is in the area of managing and enforcing policies (security, encryption, audit) for databases, including more than 10 joint projects with research and development teams at IBM, Microsoft, Hewlett-Packard, Oracle, Sybase, Informix, Teradata, and RSA.
I am a research member of the International Federation for Information Processing (IFIP) WG 11.3 Data and Application Security, ANSI X9 and IEEE. Leading journals and professions magazines, including IEEE Xplore and IBM Journals, have published more than 100 of my in-depth professional articles and papers.
I received Industry's 2008 Most Valuable Performers (MVP) award together with technology leaders from IBM, Cisco Systems., Ingres, Google and other leading companies. I have given a series of presentations at leading security and database conferences in US, Europe and ASIA, and frequent tutorials at the Information Systems Security Association (ISSA) and Information Systems Audit and Control Association (ISACA). I received a master's degree in physics in 1979 from Chalmers University of Technology in Sweden, and degrees in electrical engineering and finance.
Bragging rights
Invented vault-less data tokenization
Work
Occupation
Chief Technology Officer
Employment
  • Protegrity
    Chief Technology Officer, present
  • IBM
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Connecticut, USA
Previously
Sweden - Stockholm, Gothenburg
Contact Information
Home
Email
Work
Email