#backend #devops #data

Sensitive data active catalog. How to control sensitive data in real time

How to control data-related information security risks in a company with a micro-service architecture? First of all, it is necessary to understand the classification of sensitive data and understand what risks each type of data carries.

We will discuss current issues in the organisation related to the use of sensitive data in the company's systems and their storage for use. We will discuss tools and approaches that can help with the organisation of processes for working with sensitive and non-sensitive data.

In conclusion, we will analyse an approach of creating a real-time data monitoring service. This service will help in keeping up-to-date documentation on dataflow, data producers, their quality and their security. Using the example of an abstract company, we will understand the methodology of implementing approaches and tools that we will discuss earlier.

Key takeaways:
  • Knowledge about the classification of critical data.
  • Information about current data-related issues.
  • Ensuring critical data security in the fast-growing micro-service architecture of the company.
  • A method for the real-time detection of critical data within the infrastructure and the assessment of their feasibility for use in a specific system.
  • Using machine learning to solve the problem of identifying customers' personal data.
  • A methodology for constructing a system to monitor interactions with critical data.
  • Difficulty Intermediate
  • Speech type Standard 40min

Aleksandr Sungurov
Security Architect in Infrastructure Security at Exness
Information security specialist. Information security is his job and hobby. Since his school years he has been interested in programming, searching for vulnerabilities. He knows C/C++ and Python programming languages, containerization, network security, monitoring systems, docker orchestration, incident response and threat detection. Also interested in implementing SOAR/SIEM systems. Not raw deployment. Creating an environment that includes enrichment, incident response services, and workspace for security analysts. Always looking for opportunities to work with interesting technologies, either independently or as part of a team. Currently focused on building security for a bank using cloud-based platforms.
Participation is necessary
But closed. Sold out already. See you next year.

Speakers / Agenda

The program is full of amazing talks about people, code, trends, and people again. All talks undergo a сareful selection process by our program committee. We don't accept marketing talks and don’t sell slots to sponsors. Only meaningful content, only hardcore.