CONSUMER AND RETAIL
Retailers of products and services — from technology and consumer packaged goods (CPG) to online social and marketplace platforms — continue to focus on the digital and mobile aspects of their businesses. By collecting, aggregating, and analyzing vast quantities of customer data, these retail and online companies are gaining efficiencies and improving performance while deepening connections with the customers they rely on to grow.
Meanwhile, the risk of exposing all of that sensitive customer information has never been greater. Third-party threats continue to mount. Criminals are gaining unauthorized access to retailer networks and point-of-sale systems through vendors, contractors, and other external partners. And as consumer companies adopt new technologies — from cloud computing to electronic payment systems — they aren’t taking the necessary steps to secure them from internal or external hazards. The Internet of Things (IoT) is heightening these risks as people are — willingly and unwittingly — sharing more of their personal information by connecting everyday devices to the Internet, all of which have unique identifiers that can be traced back to a person or a household.
Not surprisingly, consumers are voicing their dissatisfaction with companies that have not done enough to keep their personal information safe. In turn, companies are paying multi-million dollar fines as a result of data breaches and the disclosure of customer data in violation of privacy commitments.
There are over 1,200 laws in 47 U.S. states and 63 countries and regions governing consumer privacy online. DLA Piper, Data Protection Laws of the World, 2013
Only 52% of retailers and consumer platforms have a security strategy for cloud computing, and the same number that have a security strategy for mobile devices.
-PwC, The Global State of Information Security® Survey 2015
In 2014, there were over 5,000 breaches in the United States alone involving over 600 million personal records. -Identity Theft Resource Center, 2015
THE DATAGUISE SOLUTION:
To address retailers’ need to protect online privacy while meeting increased compliance and privacy regulations worldwide, DgSecure provides a comprehensive set of privacy policies that create fine-grained, precise controls so organizations can locate, detect, mask, and encrypt a vast array of PII, PCI, and PHI data.
Retailers and consumer-focused businesses benefit from the following DgSecure capabilities:
- Compliance audits (exportable as CSV and PDF) that can show the status and protective state of all personal privacy data to ensure retailers are complying with state, federal, and international privacy mandates and regulations
- Broad, international support for per-country specific identifiers for names, addresses, national IDs, and phone number formats
- For breach assessments, one centralized dashboard to determine all sensitive data entitlements for all directories and users of Hadoop.
- Reducing breach risk by using partial-field redaction to de-identify only “portions” of your sensitive data. For example, “**-***-4321” for call centers that only need the last four digits for Social Security or credit card numbers.
CASE STUDY: Samsung
Performing product analytics on millions of Samsung Galaxy Smartphone devices worldwide while ensuring personal private information stays protected.
THE DATAGUISE SOLUTION:
DgSecure for Hadoop automatically discovers consumer privacy data, device and encrypts it before hitting the cloud in 7 Amazon AWS clusters globally.
CASE STUDY HIGHLIGHTS:
- On-the-fly Flume protection
- Locking only names, Device Ids
- Non-blocking to analytics deployments
- Drop-in solution (no coding)
- Functions across AWS EMR, S3, Hortonworks, Pivotal HD, Files
- High availability (<1min recovery )
Global Leader in Product Analytics
Samsung has been analyzing and improving mobile and smart tv products through product analytics for decades. Through that period, a number of different tools, approaches, data repositories, data capture, and data storage locations have been employed. To improve product performance, reliability, feature adoption, ease of use, Samsung has captured realms of device-specific data, such as the location, hardware specifications, utilization rates, capacity and battery life, etc. Hadoop makes the processing, collection, analytics of this data faster and move cost effective for Samsung.
The Landscape Has Changed
As a global manufacturer with products in all markets and territories, Samsung also must adequately protect any sensitive data from device logs and data capture. Specifically, in Europe, new privacy policies defined in the European Union Privacy Directive require Samsung to protect any personal identifiable information specific to European citizens. Samsung still needed to collect device data for analytics, but was mindful of privacy laws, and privacy fines levied on competitors that did not fully comply with privacy mandates.
Big Data Protection Goals
Aggregate logging data (product, usage, user configuration) for all smartphones worldwide
De-identify personal user info to ensure privacy and compliance with European/US Privacy
Keep all sensitive data encrypted at-rest, and provide authorized access (decryption) of sensitive data on a case-by-case basis for analytics applications that require access to full, complete, plaintext data.
- Samsung utilizes Dataguise Flume agent to protect all sensitive data being written to Amazon S3
- Runs Dataguise in AWS, also utilizes Dataguise EMR security agents to selectively decrypt for authorized analytics in AWS
- Achieves On-demand Hadoop for product analytics, user behavior, supply chain optimization in high scale-out, high performance and high availability system
- 100% cloud based