Hello everyone. Greetings to all the listeners joining me today. My name is Chen apa. Today I will be talking about securing PI data in cloud environments. Before we jump into the topic, let me quickly introduce myself. I'm a technical enthusiast with 20 years of experience in IT industry. I work with different companies in financial sector and health sector at tenure. So far, I played many roles as software engineer, full stack, job developer, data engineer, and data architect, and so on. And today's session is going to be recorded one, so feel free to reach out to me if you have any questions on my email address RA gmail.com. Let's move on to the first slide, securing PI data in cloud environment. Let's begin this with a simple question. What is data? Data is distinct pieces of information which are facts and statistics collected together for reference and for. Doing analysis. Every organization collects data from different individuals and firms whom they interact with. And these users can be clients, customers, vendors, and so on. And based on the kind of relationship they maintain with these users, they capture different sets of information and store it in their systems. Let's move on to the acronym. P-I-I-P-I-I stands for. Personally identifiable information that is the unique identifiers through which we can identify a person. And securing this PII information is very critical for any organization to be successful. And now the companies like, be it small, medium and large, all the companies are planning to move towards the cloud platform because of the advantages they provide, along with the advantages. There are challenges like protecting this PII data is more challenging in cloud environments. So in this session today, we'll be talking about core encryption strategies, data obfuscation techniques, advanced protection methods, and implementation frameworks. So in this slide, I will quickly give some examples of PI data and the different critical production factors and regulatory landscapes. So just before this slide, I gave the definition of PII data, and now I will give the few examples. Social security number, this is a, which I shortly call as SSN in us. This is a unique way to identify an individual and, if you talk about the other different identifiers, like credit cards. So credit cards of an individual are unique and they uniquely identify the person. Along with that, there are combination of fields like name, date of birth, and address. These fields are also uniquely identifier person and moving to the next, the critical production factors. The privacy preserving data mining techniques have become essential in protecting sensitive information while maintaining data utility. These PPTM techniques aim to extract valuable knowledge from data while safeguarding sensitive information focusing on a trade off between accuracy and privacy. There are different regulatory agencies like G-D-P-R-C-C-P-A-H-I-P-A-A. These establish baseline requirements, but most organizations go beyond these basic requirements and build and implement sophisticated privacy preservation techniques. Now let's talk about cloud computing, security challenges, multi-tenant environments. Now the cloud environments introduce additional complexity to PII production with key concerns including data privacy, integrity and availability, and shared infrastructures where multiple clients use the same resources. Technical challenges, organizations must address these challenges through comprehensive security architecture that incorporate both traditional security measures and advanced privacy preserving techniques specifically designed for cloud environments. And there are a few custom security approaches as well. Organizations will develop tailored approaches that consider both technical aspects of the cloud, security and the requirements of privacy, preserving data mining techniques, implementing appropriate encryption schemes, and securing key management systems. Now let's talk about core encryption strategies, and the first strategy is when the data is addressed production. Encryption at rest ensures data security through application level encryption volume and file level encryption and database encryption, transforming sensitive information into cipher text using cryptographic algorithms that make it unreadable, which are proper decryption keys. Next customer manager keys, the CMEK in a so cloud environment. Provide organizations with advanced control over their data security while maintaining compliance with data residency requirements. Bring your own key. This is another strategy, which gives the organizations control over encryption processes. Organizations can generate and store their keys in secure walls, maintaining sovereignty over their encryption materials while meeting strict data residency requirements. Encryption implementation considerations at application level encryption, that uses advanced encryption standard with a block size of 2 56 bids. This provides a security impact of direct protection of data at application layer, volume, and file level encryption. Implements full disc encryption with R-S-A-R-S-A provides, identity security solutions. They deliver automated identity intelligence, authentication access, governance, and lifecycle capabilities to defend, again, is the highest impact cybersecurity risks. And these provide complete production of stored data. For the components like database, we use the database encryption, which combines both symmetric and asymmetric key algorithms and these secure structure data in our databases. The key exchange protocols, RSA based security key transmission, and this ensures security key distribution. And the other component is geographic boundary controls. Basically in cloud environments, we can use region specific key storage and operations, and with this we provide the main data solidarity. Now, let's know about data obfuscation techniques. These techniques talk about the transformation of data into an unreadable format using an algorithm and a key making it secure unless the key is obtained. There are three main approaches for data obfuscation. One is policy driven approach, second data masking, and third tokenization policy driven data. Obfuscation uses predefined rules and policies to automatically mask or transform sensitive data, protecting it from unauthorized access, while still allowing its use for legitimate purposes like testing and development. Organizations implementing policy-driven masking solutions, reduce data compliance violations by approximately 85% while maintaining data, referential integrity. Data masking. It is a irrevocable process that transforms the data into meaningless text. It operates through comprehensive policies that define how different types of sensitive data should be transformed. Next tokenization. Unlike masking, which typically alters data values, irreversibility tokenization preserves the ability to reverse the process while maintaining strong security controls. Generally, we apply tokenization onto data address and will de tokenize it while retrieving it. Recent implementation show that tokenization can reduce the scope of compliance audit. Up to 70%. Next, let's know about effectiveness of data production techniques. This chart illustrate the effectiveness of various data production techniques in enterprise environments. Automated discovery shows the highest effectiveness at 93%. Followed by policy driven approach at 80, 85%, organizations with well-defined governance structures achieve 78% higher success rate in their data production initiatives. Now let's talk about advanced data production methods. Anonymization involves irreversible modifying data to prevent identification, including removal of direct identifiers and processing of. CauseI identifiers that could lead to re-identification. Pseudonymization replaces identifiable data with artificial identifiers, allowing for potential re-identification with additional information. Risk assessment requires systematic evaluation of both the sensitivity of the data and the potential for re-identification before applying protection techniques. It involves combination of anonymization and pseudonymization. Differential privacy provides mathematical guarantees of privacy while maintaining significant analytical value, particularly beneficial for media companies and organizations handling large scale consumer data. Now let's talk about sector specific implementation requirements. Different sectors have different PII specific requirements. Healthcare research requires very high privacy standards with anonymization plus differential privacy techniques. HIPAA compliance is a key implementation factor while maintaining high data utility for research purposes, academic research. This also demands high privacy standards with differential privacy techniques. Research validating is a key implementation factor with high data utility requirements to support meaningful academic findings. Market analysis needs medium privacy production through pseudonymization with business intelligence as the king implementation factor, data utility priority is very high to ensure valuable insights can still be extracted. Financial services requires very high privacy protection through combined pseudonymization and encryption. Regulatory compliance is a key implementation factor with high data, utility needs for business operations. Next, let's talk about implementation guidelines. Effective governance structures can reduce security incidents by up to 60% through improved oversight and coordination. Organizations with mature change management process experience 50% fewer security related disruptions during implementation. While effective performance optimization can reduce system overhead from security measures by up to 40% while maintaining production levels. Next, now move on to the conclusion slide. Balancing security and utility successful PIA protection in cloud environments. Requires combining technical expertise with strong governance frameworks, integrating encryption strategies, obfuscation techniques, and advanced production methods. Policy driven security, implementing policy driven approaches is critical for maintaining consistent security controls while reducing operational overhead across complex cloud environments. Policy driven security approach automates the protection of sensitive data elements, ensuring consistent application of security controls across the enterprise. Continuous adaption organizations must maintain flexible, adaptable security architectures with continuous monitoring and regular updates to address emerging threats while ensuring operational efficiency balance of production. Effective PI security requires balancing data, utility with privacy requirements while maintaining compliance with regulatory frameworks like G-D-P-R-C-C-P-A and hipaa. And finally, thank you all for listening to me. If you have any questions on CPI data and how to secure them, please reach out to me.