1 / 41

Privacy Enforcement for IT Governance in Enterprises: Doing it for Real

This presentation explores privacy enforcement for IT governance in enterprises, focusing on important aspects such as privacy policy enforcement and the HP Identity Management Portfolio.

cyeager
Télécharger la présentation

Privacy Enforcement for IT Governance in Enterprises: Doing it for Real

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy Enforcement for IT Governance in Enterprises: Doing it for Real Marco Casassa Mont marco_casassa-mont@hp.com Trusted Systems Lab, HP Labs, Bristol, UK

  2. Presentation Outline • Privacy for Identity Management: Setting the Context • Important Privacy Aspects to be Addressed: • Privacy Policy Enforcement • HP Identity Management Portfolio • HP Labs Privacy Management work: • Privacy Policy Enforcement for HP Select Access • Conclusions

  3. Presentation Outline • Privacy for Identity Management: Setting the Context • Important Privacy Aspects to be Addressed: • Privacy Policy Enforcement • HP Identity Management Portfolio • HP Labs Privacy Management work: • Privacy Policy Enforcement for HP Select Access • Conclusions

  4. PRIVACY Privacy: An Important Aspect of Regulatory Compliance Regulatory Compliance (Example of Process) Regulations (incomplete list …)

  5. Privacy Legislation (EU Laws, HIPAA, COPPA, SOX, GLB, Safe Harbour, …) Internal Guidelines Customers’ Expectations Applications & Services Personal Data PEOPLE ENTERPRISE Positive Impact on Reputation, Brand, Customer Retention Customers’ Satisfaction Regulatory Compliance Impact on Enterprises and Opportunities

  6. Data Governance and Policy Management (Including Privacy Policies) Policy Development and Modelling Monitoring, Audit, Reporting and Policy Management Data Inventory People/Roles Systems/Applications/Services Gap and Risk Analysis Policy Enforcement Confidential/Personal Data Policy Deployment

  7. Purpose Specification Consent Privacy Permissions Limited Collection Privacy Obligations Privacy Rights Limited Use Limited Disclosure Limited Retention Privacy For Personal Data: Core Principles Privacy Policies

  8. Presentation Outline • Privacy for Identity Management: Setting the Context • Important Privacy Aspects to be Addressed: • Privacy Policy Enforcement • HP Identity Management Portfolio • HP Labs Privacy Management work: • Privacy Policy Enforcement for HP Select Access • Conclusions

  9. Request for DATA + INTENT Data Subject Data Requestors to access personal data they need to express their INTENT i.e. how they intend to use these data P.S.: INTENT could be hard coded in applications or part of role definitions Personal DATA + CONSENT CONSENT is given by data subjects for the usage of their Personal Data (PII) for predefined PURPOSES Terminology: Consent, Intent, Data Purpose, Privacy Policy Applications & Services Personal Data (PII) + Consent Privacy Office & Privacy Admins PRIVACY POLICIES: How data must be managed. What can be accessed by requestors, given their INTENT, the PURPOSE of Collecting the Data and CONSENT given by data subjects Definition of the PURPOSES data are collected for ENTERPRISE

  10. Request for DATA + INTENT Privacy Policy Enforcement Data Requestors Actual Accessed Data Terminology: Privacy Policy Privacy Policies Personal DATA + CONSENT Check Requirements (Intent against data Purposes and Consent, etc.) Failure (no access) Data Subject Actions Personal Data and Consent • - Audit • Notification • … Success Dictate Access Constraints • Partial Data Access • (filter Data) • Data Transformation/Encryption • Data Subject’s Constraints • … Actions • - Audit • Notification … ENTERPRISE

  11. Purpose Specification Consent Limited Collection Privacy Enforcement: Access Control Implications Limited Use Limited Disclosure Limited Retention Privacy Policies Privacy Enforcement for Personal Data: Principles and Implications

  12. Rights Actions Requestor Rights Actions Requestor Purpose Requestor’s Intent Access Control Owner’s Consent Access Control Other… Privacy Extension Constraints Personal Data It is not just a matter of traditional access control: need to include data purpose, intent and user’s consent Moving Towards a “Privacy-Aware” Access Control … Personal Data Privacy-Aware Access Control Traditional Access Control Privacy Enforcement on Data: Access Control + “Intent, Purpose, Consent, …”

  13. Consent Marketing Research uid Name Condition Diagnosis x 1 1 Alice Alcoholic Cirrhosis x x 2 2 Rob Drug Addicted HIV 3 3 Julie Contagious Illness Hepatitis Privacy Policy Enforcement Enforcement: Filter data Access Table T1 (SELECT * FROM T1) Intent = “Marketing” uid Name Condition Diagnosis Filtered data 1 - Alcoholism Cirrhosis 2 - - - 3 - Contagious Illness Hepatitis Example: Privacy-aware Access Control Consent, Purpose and Intent Mgmt Table T1 with PII Data and Customers’ Consent Enterprise Privacy Policies & Customers’ Consent T1 If role==“empl.” andintent == “Marketing” Then Allow Access (T1.Condition,T1.Diagnosis) & Enforce (Consent) Else If intent == “Research” Then Allow Access (T1.Diagnosis) & Enforce (Consent) Else Deny Access T2 SELECT “-”,Condition, Diagnosis FROM T1, T2 WHERE T1.uid=T2.Consent AND T2.Marketing=“YES”

  14. Privacy Policy Definition and Enforcement Implicit • Embed privacy • policies within • applications, queries, • services/ad-hoc solutions • Simple Approach • It does not scale in terms • of policy management • It is not flexible and • adaptive to changes Implicit Approach to Enforce Privacy Policies: No Flexibility Applications & Services Business logic Privacy policies Personal Data

  15. Privacy Policy Definition and Enforcement Explicit • Fully deployed • Privacy Management • Frameworks • Explicit Management • of Privacy Policies • Might require major • changes to IT and data • infrastructure • Usage of Vertical • Solutions Explicit Approach to Enforce Privacy Policies: Vertical and Invasive IBM Privacy Manager IBM Hippocratic Databases

  16. HP Approach: Adaptive, Integrated and Flexible Enforcement of Privacy Policies Privacy Policy Definition and Enforcement Implicit Explicit • HP Approach • Single solution for • explicit management of • Privacy Policies • Privacy Enforcement by Leveraging • and Extending HP Select Access • Access Control Frameworkand • easy to use management UI • Does not require major changes • to Applications/Services or • Data Repositories

  17. Summary of Requirements • Modeling of Personal data • Explicit Definition, Authoring and Management • of privacy policies • Extensible Privacy Policies • Explicit Deployment and Enforcement of privacy policies • Integration with traditional Access Control Systems • Simplicity of usage • Support for Audit

  18. Presentation Outline • Privacy for Identity Management: Setting the Context • Important Privacy Aspects to be Addressed: • Privacy Policy Enforcement • HP Identity Management Portfolio • HP Labs Privacy Management work: • Privacy Policy Enforcement for HP Select Access • Conclusions

  19. Accounts & Policies HP OpenView Identity Management Solutions Registration/ Creation Propagation Compliance Privacy Authentication Authorization Federation Single Sign-On Maintenance/ Management Personalization Termination • HP Select Access • Authentication • Policy-based Access control • Single sign-on • Web Services Security &Access Mgmt • Personalization • HP Select Identity • Cross-enterprise user life-cycle management • Provisioning • Workflow • Password management • Self Service • Delegated administration • HP Select Federation • Open protocol federation • Automated inter-organizational user activation & provisioning • Privacy management • Federation auditing & governance

  20. HP Select Access HP Select Access • Access Control product • Policy Authoring • Policy Decisions • Policy Enforcement • Auditing

  21. HP Select Access Access Control System: Definition, Enforcement and Auditing of Access Control Policies

  22. Policy Builder: Authoring Access Control Constraints High-Level matrix-based UI to set-up access control constrains on resources given users/groups

  23. Rule Editor: Fine-grained Access Control Rules Rule editor for fine-grained definition of access control policies

  24. HPL Work HP IDM Solutions: HPL Privacy Extensions Federated Environments Federated Environments Federated Environments Supported Can Be Extended Not Relevant

  25. Presentation Outline • Privacy for Identity Management: Setting the Context • Important Privacy Aspects to be Addressed: • Privacy Policy Enforcement • HP Identity Management Portfolio • HP Labs Privacy Management work: • Privacy Policy Enforcement for HP Select Access • Conclusions

  26. Leverage HP Select Access: Privacy Policy Modelling and Enforcement Privacy Policy Development and Modelling Monitoring, Reporting and Policy Management Data Inventory People/Roles Systems/Applications/Services Gap and Risk Analysis Privacy Policy Enforcement Confidential/Personal Data Privacy Policy Deployment

  27. Privacy Policy Deployment & Decisions Access Request Web Services Validator (Policy Decision) Grant/Deny Applications, Services, … Requestor’s Intent+ Request to Access Data Policy Repository HPL Plug-ins Privacy- aware Access Request AccessControl Policies Data Access Privacy- aware Decision Enforcer HPL Data Enforcer Enforcer Enforcer Plug - in + Privacy Policies (intent, purpose, consent, constraints…) Plug - in Plug - in Privacy Policy Enforcement On Personal Data Data Modelling & Privacy Policy Authoring Privacy-aware Access to Data Policy Builder Audit HPL Plug-ins Personal Data + Owners’ Consent Privacy Enforcement in HP Select Access

  28. 1 Select Access: Privacy Extension [1/4] • Modelling Data Resources in SA Policy Builder: Data Resources Added to Policy Builder

  29. 2 Select Access: Privacy Extension [2/4] • Author Privacy Policies in SA Policy Builder via SA Plug-ins: • Add Privacy Constraints on “Data Resources”: • checking Intent vs. Purpose, Consent, etc. • Describe Policies the evaluation of which is: • “Allow Access to Data + Privacy Constraints to be Enforced” Rule Editor Purpose-based Decision plug-in Data Filtering plug-in Consent Management plug-in Data Expiration plug-in • Privacy Constraints: • - Filtering data • - Enforce Consent • - Obfuscating data • - Transformation of Data …

  30. 3 Select Access: Privacy Extension [3/4] • Privacy Decisions by SA Validator (PDP): • Validator Plug-in makes decisions based on • Privacy Policies • (1-1 correspondence with Policy Builder plug-in) • Decisions must support Privacy-oriented Constraints • (to be enforced): • “Allow Access to Data + Constraints to be Enforced” • (e.g. allow access to table “Patients Details”, but strip-out the • columns “Name, Surname, Address”) • The SA Validator is general purpose. It does not • examine Confidential Data for performance/logistic • reasons. Request: Data Resource + Intent+ (Parameters) SA Validator Plug-in • Decisions: • NO • YES • YES + Constraints

  31. 4 Select Access: Privacy Extension [4/4] Privacy Constraints enforced by a Data Enforcer … • The SA Web Enforcer focuses on Web Resources. • It does not explicitly deal with Data Resources… • Add a SA “Data Enforcer”: • located nearby the Data Repository (performance …) • knows how to access/handle Data and “Queries” • know how to enforce Privacy Constraints • can support “Query rewriting” (i.e. filtering, etc.) • The new SA “Data Enforcer” is designed to have: • A General Purpose Engine • (to interact with SA Validator) • Ad-hoc plug-ins for different Data Sources • to interpret and enforce privacy decisions • (e.g. RDBMS, • LDAP servers, • virtual directories, • meta-directories, …) Data allowed to access Access Request + Intent Enforcer API SA Data Enforcer (Data Proxy) Logic Validator Plug-in Constraint Enforcement Engine Constraint Enforcement Engine Constraint Enforcement Engine LDAP Server Meta Directory RDBMS

  32. Data Enforcer - Technical Details Application/Service Application/Service JDBC Requests JDBC Requests JDBC Proxy JDBC Proxy Client Enforcer API RMI SSL SA Validator JDBC Proxy Server Database SA Validator Database Enforcer API SSL com.hp.ov.selectaccess.enforcer Enforcer API • Work in Progress • Exploring similar approaches • for LDAP and Virtual Directories Java C++ COM • Enforcer() • XMLQueryInit() • XMLQuerySend()

  33. SQL Query Transformed by Data Enforcer (Pre-Processing): SELECT PatientRecords.NAME,PatientRecords.DoB,PatientRecords.GENDER,'-‘ AS SSN,PatientRecords.ADDRESS,PatientRecords.LOCATION,PatientRecords.EMAIL, PatientRecords.COMM,PatientRecords.LIFESTYLE,'-' AS GP,'-' AS HEALTH,'-' AS CONSULTATIONS,'-' AS HOSPITALISATIONS,'-' AS FAMILY,'-' AS Username FROM PatientRecords,PrivacyPreferences WHERE PatientRecords.Name=PrivacyPreferences.Name AND PrivacyPreferences.Marketing='Yes'; Data Enforcer SQL Query Transformation Original SQL Query: SELECT * FROM PatientRecords;

  34. Performance Based on Type of Queries

  35. Demo: HealthCare Scenario Web Services Accessing PII Data (SQL) SA Web Enforcer LDAP Directories JDBC Proxy Privacy Plug-ins User’s Web Browser Web Portal SA Validator + Privacy plug-ins SA Data Enforcer Privacy Plug-ins SA Policy Builder Personal Data Database

  36. Demo Snapshot

  37. Demo Snapshot Effect of applying the privacy policy (data filtering) Effect of enforcing customers’ consent

  38. Rationalization and Simplification of policy management and enforcement solutions Benefits • Integration of: • - Resource Management: data, IT resources, web resources, … • - Management of Access Control and Privacy Policies • - Policy Authoring and Administration GUI • - Policy Deployment and Enforcement Framework

  39. Next Steps • Planned HP Productisation of Privacy Enforcement for HP Select Access • HP Labs interested in “lighthouse” customers for collaborations and joint trials

  40. Presentation Outline • Privacy for Identity Management: Setting the Context • Important Privacy Aspects to be Addressed: • Privacy Policy Enforcement • HP Identity Management Portfolio • HP Labs Privacy Management work: • Privacy Policy Enforcement for HP Select Access • Conclusions

  41. Conclusions • Privacy Management: an Important Aspect of IT Governance and Regulatory Compliance • Addressed Problem: Privacy Policy Enforcement • Privacy Policy Enforcement: Privacy-aware Access Control including Intent, Purpose, Consent and Other Privacy Constraints • Our Work: Privacy Policy Enforcement for HP Select Access • Working Prototype and Demonstrator • To be Productised • HP Labs keen in Collaborations for further Requirements and Technology Trials in Real-world Contexts

More Related