Profile

Cover photo
Ulf Mattsson
Works at Protegrity
Attended Chalmers University of Technology
Lives in Connecticut, USA
76 followers|3,976 views
AboutPostsPhotosVideos

Stream

Ulf Mattsson

Shared publicly  - 
 
I agree that "Security of cloud services remains a top priority," and security is rapidly improving for public cloud applications. A recent report "Data Breach: The Cloud Multiplier Effect" by the Ponemon Institute reveals that 66 percent of respondents say their organization's use of cloud resources diminishes its ability to protect confidential or sensitive information and 64 percent believe it makes it difficult to secure business-critical applications.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree that “A common weakness among retailers that were hacked, for example, was a failure to implement two-factor authentication.” But not even the largest banks, like JP Morgan Chase, could avoid simple configuration errors.

I think that we need to rethink our layers of security to prepare for future attacks. There are so many different ways savvy hackers can attack our data flow.
The nature of cybersecurity threats continued to evolve in 2014, with attackers using an array of tricks to evade detection, according to FireEye's latest "M-Trends" report. Released Tuesday, the annual report details the cyber · Relevant Products/Services -threats uncovered over the past year ...
1
Add a comment...
 
I think that current Healthcare Regulatory Mandates are “Harming the Industry,“ and my view is different. Anthem lost the Social Security numbers of 80 million customers and stored the information without encryption. HIPAA does not require encrypted databases.
I think that data should be neutralized to reduce its value to hackers.
1
Add a comment...
 
I agree that “Just because you can collect data doesn’t mean you should.” But how can you know the answer to the question “do we need this?” We know that information will increasingly give you a competitive advantage.
I suggest that we keep the information and put it in a secure place.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree that “When pooling all of the data in one place, CIOs need to keep in mind that applications and users will require different access to the same data sets, which means incorporating tools such as data-masking capabilities.” I recently read the Gartner Report "Big Data Needs a Data-Centric Security Focus" concluding "In order to avoid security chaos, Chief Information Security Officers (CISOs) need to approach big data through a data-centric approach. The report suggests that new data-centric audit and protection solutions and management approaches are required.
1
Add a comment...
 
I agree that “Hortonworks is a leading contributor to Apache’s Hadoop,” and also a leader in security for big data. Hortonworks Hadoop distribution for big data, includes Avatar, with the features that Gartner is recommending below, including data tokenization, advanced HDFS encryption, key management and auditing.

The Gartner report "Big Data Needs a Data-Centric Security Focus" concluding "In order to avoid security chaos, chief information security officers (CISOs) need to approach big data through a data-centric approach."

The report suggests that new data-centric audit and protection solutions and management approaches are required. Companies are now starting to follow these guidelines.
Hortonworks just inked a deal with Hitachi Data Systems Corp. (HDS) to jointly promote and support Apache Hadoop. The agreement paves the way for HDS to deliver Hortonworks Data Platform to Hitachi enterprise · Relevant Products/Services customers. Hortonworks is a leading contributor to ...
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree that “IoT is not just a new insecure space,” and "it's a Frankenbeast of technology that links network, application, mobile, and cloud technologies together into a single ecosystem, and it unfortunately seems to be taking on the worst security characteristics of each." This potentially sensitive data quickly piles up in large database in cloud and big data environments, creating issues with privacy, compliance, data breaches and data ownership.

Securing data in cloud and big data is still evolving and must balance security and data utility in a new way that will allow these architectures to still perform and scale.

I've seen two interesting approaches to address basic privacy and security issues.
Summary:Before the Internet of Things becomes a reality, we must tackle all of its inherent security issues, says HP.
1
Add a comment...
Have him in circles
76 people
Igor Edelman's profile photo
Paul Dunay's profile photo
Vic Levy's profile photo
Phan Thanh Tùng's profile photo
Girish Misal's profile photo
Paul Giardina's profile photo
Agustin Gonzalez's profile photo
ajm azaam's profile photo
jomes meki's profile photo

Communities

Ulf Mattsson

Shared publicly  - 
 

You are asking relevant and critical questions by saying “Is there a way for the app industries to have a common agreement about what can be shared,what is a reasonable life expectancy for personal data, how and to what extent personal data can be actually anonymized, and how data destruction can be audited to even a private detective's satisfaction?” I've seen two very interesting approaches to address basic privacy and security issues.
The ability to access Dropcam video footage in the cloud is indicative of a broader trend in cloud computing that is eating away at privacy.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 

I think it is very concerning that even if malware is detected it could be hard to notice in all the noise from different detection systems. This picture is not improving according to the two most recent Verizon reports. Analytics based on data lakes may not help any time soon.
It can take up to six months for antivirus software vendors to catch a zero-day exploit, letting malware slip by en masse.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree that "You need to do a good job of following through on all the blips that come through in the night.” Some people think that it was likely that the Target security team received a large volume of security alerts on a daily basis, which would have made it tough to have singled out that threat as being particularly malicious.

The latest published Data Breach Investigations Report from Verizon reported that most breaches were detected by external parties with whom the victim has no business relationship specific to detection services. Only 13% of breaches where detected by internal means.

There is a lack of effective means of detecting a breach internally. This tells me that we need to proactively secure sensitive data itself and not rely on monitoring systems to catch an attacker. We know that “The Anthem attack targeted network administrators. They have more network rights and permissions than the typical worker. Sometimes they also have the ability to get through firewalls, data encryption or other embedded network protection.”

According to the survey database security was recommended by 49% of respondents, but the study found that organizations continue to allocate the bulk of their budget (40%) to network security and only 19% to database security. Ponemon concluded that “This is often because organizations have traditionally spent money on network security and so it is earmarked in the budget and requires no further justification.”
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
Ulf Mattsson, CTO at Protegrity, told me in an email that while “If published reports are accurate and Anthem did not encrypt or otherwise protect their customers’ data while stored in their internal systems, then their level of security was not appropriate for the potential risks of attack,” again, encryption is neither a black and white issue nor a magic pill.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree that "They need to have safeguards in place in case attackers can bypass perimeter defenses.” Ponemon Institute published an interesting survey related to the recent spate of high-profile cyber attacks.

According to the survey database security was recommended by 49% of respondents, but the study found that organizations continue to allocate the bulk of their budget (40%) to network security and only 19% to database security.

Ponemon concluded that “This is often because organizations have traditionally spent money on network security and so it is earmarked in the budget and requires no further justification.”

I agree that "even if Anthem had used encryption, the data could have still have been compromised.” Instead you need data neutralized to reduce its value to hackers. There are now data security approaches that are more effective than disk encryption and other forms of data encryption.
1
Add a comment...
People
Have him in circles
76 people
Igor Edelman's profile photo
Paul Dunay's profile photo
Vic Levy's profile photo
Phan Thanh Tùng's profile photo
Girish Misal's profile photo
Paul Giardina's profile photo
Agustin Gonzalez's profile photo
ajm azaam's profile photo
jomes meki's profile photo
Communities
Education
  • Chalmers University of Technology
  • IBM Management School
  • Stockholm University
  • Polhem Institute of Technology
  • Kungsladugardsskolan
  • Skytteskolan
Basic Information
Gender
Male
Story
Introduction
I created vault-less data tokenization and the architecture of Protegrity's data centric security technology. Prior to joining Protegrity, I worked 20 years at IBM in software development and as a consulting resource to IBM's Research organization, specialized in the areas of IT Architecture and IT Security. I received my US Green Card of class 'EB 11 - Individual of Extraordinary Ability' after endorsement by IBM Research in 2004.
I am the inventor of more than 20 patents in the areas of Encryption Key Management, Policy Driven Data Encryption, Internal Threat Protection, Data Usage Control and Intrusion Prevention. One line of my research during the last 15 years is in the area of managing and enforcing policies (security, encryption, audit) for databases, including more than 10 joint projects with research and development teams at IBM, Microsoft, Hewlett-Packard, Oracle, Sybase, Informix, Teradata, and RSA.
I am a research member of the International Federation for Information Processing (IFIP) WG 11.3 Data and Application Security, ANSI X9 and IEEE. Leading journals and professions magazines, including IEEE Xplore and IBM Journals, have published more than 100 of my in-depth professional articles and papers.
I received Industry's 2008 Most Valuable Performers (MVP) award together with technology leaders from IBM, Cisco Systems., Ingres, Google and other leading companies. I have given a series of presentations at leading security and database conferences in US, Europe and ASIA, and frequent tutorials at the Information Systems Security Association (ISSA) and Information Systems Audit and Control Association (ISACA). I received a master's degree in physics in 1979 from Chalmers University of Technology in Sweden, and degrees in electrical engineering and finance.
Bragging rights
Invented vault-less data tokenization
Work
Occupation
Chief Technology Officer
Employment
  • Protegrity
    Chief Technology Officer, present
  • IBM
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Connecticut, USA
Previously
Sweden - Stockholm, Gothenburg
Contact Information
Home
Email
Work
Email