Profile

Cover photo
Ulf Mattsson
Works at Protegrity
Attended Chalmers University of Technology
Lives in Connecticut, USA
97 followers|5,775 views
AboutPostsPhotosVideos

Stream

Ulf Mattsson

Shared publicly  - 
 
I’m concerned about “the gigantic breach at the Office of Personnel Management this summer” and that “Some service providers have access to information so sensitive that its compromise could cripple your organization. “ I think that all organisations should ask, 'Are we at risk?', 'What are we doing to prevent this from happening to us?' and 'How are we doing relative to others?'
I think that benchmarking can be very effective when answering those questions. Proactive organizations across different industries addressed similar security issues as early as 2005. For example, beverage brands and publishing companies started to encrypt sensitive database information to prevent unauthorized access by administrators and other power users.
Ponemon Institute published an interesting survey related to the recent spate of high-profile cyber attacks. According to the survey database security was recommended by 49% of respondents, but the study found that organizations continue to allocate the bulk of their budget (40%) to network security and only 19% to database security. I think that the sensitive data itself need to be selectively protected across all data silos.
I also found great advice in a Gartner report, covering enterprise and cloud, analyzed solutions for Data Protection and Data Access Governance and the title of the report is "Market Guide for Data–Centric Audit and Protection.” The report concluded that "Organizations that have not developed data-centric security policies to coordinate management processes and security controls across data silos need to act."
The attackers are stealing our sensitive data so we urgently need to secure the sensitive data itself.
Ulf Mattsson, CTO Protegrity
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree that “Businesses after all are placing potentially sensitive information into the hands of a third party. While it’s true that cloud security has made significant progress in just the past few years, having some other entity in charge of protecting valuable data strikes many as adopting too large of a risk.”
Gartner recently reviewed new and interesting cloud security approaches that can help organizations with additional flexibility for cloud deployments.
The first report is from June 2015 with the title “Simplify Operations and Compliance in the Cloud by Protecting Sensitive Data. Another Gartner report concluded that “Cloud Data Protection Gateways” provides a “High Benefit Rating” and “offer a way to secure sensitive enterprise data and files stored in SaaS applications”.
Ulf Mattsson, CTO Protegrity
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree “Conventional network security solutions are failing to protect cloud computing environments.”

This is not just a cloud problem. We are seeing a number of common issues across recent data breaches, stealing our most sensitive data, and I think it is time to re-think our security approach and be more data-centric.

Ponemon Institute published an interesting survey related to the recent spate of high-profile cyber attacks. According to the survey database security was recommended by 49% of respondents, but the study found that organizations continue to allocate the bulk of their budget (40%) to network security and only 19% to database security.

Ponemon concluded that “This is often because organizations have traditionally spent money on network security and so it is earmarked in the budget and requires no further justification.”

Ulf Mattsson, CTO Protegrity
Slow deployment of new security solutions are leaving organisations vulnerable.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree that "Just as security mechanisms become more sophisticated, so do the tactics deployed by malicious attackers. Without a robust multifaceted security system in place, even the most protected data will be vulnerable to the attempts of hackers."

I think that a multilayered security approach is needed. The last defense should be data centric security.

Ulf Mattsson, CTO Protegrity
We delve deeper into how information security professionals are moving toward practices that secure the data itself rather than securing the device. What are these practices and what are their strengths and pitfalls?
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree with "MYTH #5: “I CAN ACHIEVE 100 PERCENT SECURITY.” We know that the JP Morgan Chase massive data breach took 90 days to detect and Ponemon Institute reported in the study "The Post Breach Boom" that malicious data breaches were discovered on average after 80 days.

Unfortunately, most of our current detection products can't tell you what normal looks like in your own systems. We know that less than 14% of breaches are detected by internal security tools according to the annual international breach investigations report by Verizon. Detection by external third party entities unfortunately increased from approximately 10% to 25% during the last three years.

We cannot wait for better detection systems and we also have a general shortage of skilled security people. So we need to be proactive and protect the sensitive data itself.

Studies have shown that users of data tokenization experience up to 50 % fewer security-related incidents (e.g. unauthorized access, data loss, or data exposure) compared to users of other approaches, including encryption.

Ulf Mattsson, CTO Protegrity
One of the greatest challenges for organizations attempting to address cybersecurity risks is the number of fundamental security myths that cause organizations to incorrectly assess threats.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I'm surprised that "86% of respondents saying that they could detect a breach in less than one week." We know that the JP Morgan Chase massive data breach took 90 days to detect and Ponemon Institute reported in the study "The Post Breach Boom" that malicious data breaches were discovered on average after 80 days.

Unfortunately, most of our current detection products can't tell you what normal looks like in your own systems. We know that less than 14% of breaches are detected by internal security tools according to the annual international breach investigations report by Verizon. Detection by external third party entities unfortunately increased from approximately 10% to 25% during the last three years.

We cannot wait for better detection systems and we also have a general shortage of skilled security people. So we need to be proactive and protect the sensitive data itself.

Studies have shown that users of data tokenization experience up to 50 % fewer security-related incidents (e.g. unauthorized access, data loss, or data exposure) compared to users of other approaches, including encryption.

Ulf Mattsson, CTO Protegrity
94% of executives said their organisation is a target for cyber criminals.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
KeyPoint Government Solutions' parent company, Veritas Capital, is no stranger to government contracting scandals.
1
Add a comment...
Have him in circles
97 people
Bhaskardeb Maitra's profile photo
Jyotiprasad (JP) Bhatt's profile photo
Theme Partyplanners's profile photo
Vinod Duggirala Naga's profile photo
eLearnSecurity's profile photo
Michael Helman's profile photo
고민준's profile photo
kousik chinna's profile photo
madhav singh's profile photo

Communities

Ulf Mattsson

Shared publicly  - 
 
I agree that “Cloud technology may make life easier for mobile workers but it’s certainly not without its risks; it really should only be used to store encrypted, non-sensitive information.”
Gartner recently reviewed new and interesting cloud security approaches that can help organizations with additional flexibility for cloud deployments.
The first report is from June 2015 with the title “Simplify Operations and Compliance in the Cloud by Protecting Sensitive Data. Another Gartner report concluded that “Cloud Data Protection Gateways” provides a “High Benefit Rating” and “offer a way to secure sensitive enterprise data and files stored in SaaS applications”.
Ulf Mattsson, CTO Protegrity
Less than one in three delegates polled at the Infosec 2015 event in London believe the cloud is a safe storage solution for corporate data.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree that “tokens have proven to be quite resilient against various forms of attacks, making them a very secure element in the growing mobile commerce space.”
I that tokenization is the single biggest change in payments and I think that data tokenization in general is bigger than that.
Tokens should also be used as the new approach for securing all sensitive identifying personal data.
We know that highly sophisticated malware was used in many recent attacks. McAfee Labs researchers have analyzed threats and seen a steady growth in malware. Sophisticated malware can be difficult to detect and poses as approved legitimate software so we need to protect the data itself, against the new memory scraping malware, in transit, at rest and even in use in computer memory.
Recent studies reported that data tokenization can cut security incidents by 50 %. I think it is time to secure the sensitive data in the entire data flow with modern approaches.
Ulf Mattsson, CTO Protegrity
mobile commerce space Tokenization is becoming a very important concept in the mobile commerce space.As this sector continues to grow, it is becoming a more
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I found interesting projects that addressed this challenge and one project included incoming source data from various European banking entities, and existing data within those systems, which would be consolidated in one European country.

One project achieved compliance with the strict EU Cross Border Data Security laws, Datenschutzgesetz 2000 - DSG 2000 in Austria, and Bundesdatenschutzgesetz in Germany by using a data tokenization approach, protecting the data before sending and storing it in the cloud.

This new approach to data privacy is described in a report from the Aberdeen Group that revealed that "tokenization users had 50% fewer security-related incidents (e.g., unauthorized access, data loss or data exposure than tokenization non-users". Nearly half of the respondents (47%) are currently using tokenization for something other than cardholder data.

This new technology development makes it easy to store data outside the domestic borders.
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree that “Depending on how sensitive the data, consider protecting it with masking, redaction or encryption.” My view is to reach the goal of securing the data while preserving its value for analytics, the data itself must be protected at as fine-grained a level as possible.

Securing individual fields allows for the greatest flexibility in protecting sensitive identifying fields while allowing nonidentifying information to remain in the clear.

By protecting data at a very fine-grained level—fields or even part(s) of a field—we can continue to reap the benefits of data monetization while putting forth a significant barrier to data theft.  I talk more about this issue here (http://www.sramanamitra.com/2014/10/03/thought-leaders-in-big-data-ulf-mattsson-cto-of-protegrity-part-1/ )

Ulf Mattsson, CTO Protegrity
1
Add a comment...

Ulf Mattsson

Shared publicly  - 
 
I agree that “Data security and compliance remain in the front of businesses’ minds when it comes to Big Data.”

My view is to reach the goal of securing the data while preserving its value for analytics, the data itself must be protected at as fine-grained a level as possible.

Securing individual fields allows for the greatest flexibility in protecting sensitive identifying fields while allowing nonidentifying information to remain in the clear.

By protecting data at a very fine-grained level—fields or even part(s) of a field—we can continue to reap the benefits of data monetization while putting forth a significant barrier to data theft. 

I talk more about this issue here (http://www.sramanamitra.com/2014/10/03/thought-leaders-in-big-data-ulf-mattsson-cto-of-protegrity-part-1/ )

Ulf Mattsson, CTO Protegrity
1
Add a comment...
People
Have him in circles
97 people
Bhaskardeb Maitra's profile photo
Jyotiprasad (JP) Bhatt's profile photo
Theme Partyplanners's profile photo
Vinod Duggirala Naga's profile photo
eLearnSecurity's profile photo
Michael Helman's profile photo
고민준's profile photo
kousik chinna's profile photo
madhav singh's profile photo
Communities
Education
  • Chalmers University of Technology
  • IBM Management School
  • Stockholm University
  • Polhem Institute of Technology
  • Kungsladugardsskolan
  • Skytteskolan
Basic Information
Gender
Male
Story
Introduction
I created vault-less data tokenization and the architecture of Protegrity's data centric security technology. Prior to joining Protegrity, I worked 20 years at IBM in software development and as a consulting resource to IBM's Research organization, specialized in the areas of IT Architecture and IT Security. I received my US Green Card of class 'EB 11 - Individual of Extraordinary Ability' after endorsement by IBM Research in 2004.
I am the inventor of more than 20 patents in the areas of Encryption Key Management, Policy Driven Data Encryption, Internal Threat Protection, Data Usage Control and Intrusion Prevention. One line of my research during the last 15 years is in the area of managing and enforcing policies (security, encryption, audit) for databases, including more than 10 joint projects with research and development teams at IBM, Microsoft, Hewlett-Packard, Oracle, Sybase, Informix, Teradata, and RSA.
I am a research member of the International Federation for Information Processing (IFIP) WG 11.3 Data and Application Security, ANSI X9 and IEEE. Leading journals and professions magazines, including IEEE Xplore and IBM Journals, have published more than 100 of my in-depth professional articles and papers.
I received Industry's 2008 Most Valuable Performers (MVP) award together with technology leaders from IBM, Cisco Systems., Ingres, Google and other leading companies. I have given a series of presentations at leading security and database conferences in US, Europe and ASIA, and frequent tutorials at the Information Systems Security Association (ISSA) and Information Systems Audit and Control Association (ISACA). I received a master's degree in physics in 1979 from Chalmers University of Technology in Sweden, and degrees in electrical engineering and finance.
Bragging rights
Invented vault-less data tokenization
Work
Occupation
Chief Technology Officer
Employment
  • Protegrity
    Chief Technology Officer, present
  • IBM
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Connecticut, USA
Previously
Sweden - Stockholm, Gothenburg
Contact Information
Home
Email
Work
Email