WEBVTT

1
00:00:00.120 --> 00:00:01.470
In this lesson,

2
00:00:01.470 --> 00:00:04.170
we will learn about data protection.

3
00:00:04.170 --> 00:00:06.029
Data protection utilizes methods

4
00:00:06.029 --> 00:00:09.715
to safeguard data from unauthorized access,

5
00:00:09.715 --> 00:00:13.545
alteration, or loss, ensuring its confidentiality,

6
00:00:13.545 --> 00:00:17.070
integrity, and availability.

7
00:00:17.070 --> 00:00:20.340
Data protection concepts include techniques

8
00:00:20.340 --> 00:00:25.215
such as tokenization, cryptographic erase, obfuscation,

9
00:00:25.215 --> 00:00:29.340
cryptographic obfuscation, and serialization.

10
00:00:29.340 --> 00:00:32.947
The process of Tokenization replaces sensitive data

11
00:00:32.947 --> 00:00:36.015
with unique identifiers or tokens.

12
00:00:36.015 --> 00:00:40.110
Cryptographic Erase is the secure deletion of data

13
00:00:40.110 --> 00:00:43.230
through encryption and subsequent destruction

14
00:00:43.230 --> 00:00:47.010
of encryption keys, making the data irrecoverable.

15
00:00:47.010 --> 00:00:50.760
Obfuscation on its own may involve encoding

16
00:00:50.760 --> 00:00:52.631
to change the format of data,

17
00:00:52.631 --> 00:00:56.820
but it does not utilize cryptographic algorithms.

18
00:00:56.820 --> 00:00:59.910
Cryptographic Obfuscation, on the other hand,

19
00:00:59.910 --> 00:01:02.950
transforms data into an unreadable format

20
00:01:02.950 --> 00:01:05.820
using encryption algorithms.

21
00:01:05.820 --> 00:01:08.948
Finally, Serialization is used to convert data

22
00:01:08.948 --> 00:01:13.650
into a format suitable for storage or transmission,

23
00:01:13.650 --> 00:01:15.300
while preserving its ability

24
00:01:15.300 --> 00:01:19.020
to be accurately reconstructed at a later time.

25
00:01:19.020 --> 00:01:22.059
Let's learn more about data protection concepts

26
00:01:22.059 --> 00:01:25.050
and techniques like Tokenization,

27
00:01:25.050 --> 00:01:27.646
Cryptographic Erase, Obfuscation,

28
00:01:27.646 --> 00:01:31.920
Cryptographic Obfuscation, and Serialization.

29
00:01:31.920 --> 00:01:34.442
First, we have Tokenization.

30
00:01:34.442 --> 00:01:37.218
Tokenization replaces sensitive data

31
00:01:37.218 --> 00:01:42.030
with unique nonsensitive identifiers known as tokens.

32
00:01:42.030 --> 00:01:45.330
These tokens serve as placeholders in data

33
00:01:45.330 --> 00:01:48.787
and cannot be used to reveal the original data

34
00:01:48.787 --> 00:01:51.199
without access to a secure system

35
00:01:51.199 --> 00:01:55.980
that manages the original data-to-token mapping.

36
00:01:55.980 --> 00:01:59.601
This makes Tokenization effectively non-reversible

37
00:01:59.601 --> 00:02:02.211
outside of its secure environment.

38
00:02:02.211 --> 00:02:05.176
This means that even if tokens are intercepted

39
00:02:05.176 --> 00:02:08.550
or accessed by unauthorized users,

40
00:02:08.550 --> 00:02:10.828
they cannot be used to reconstruct

41
00:02:10.828 --> 00:02:14.070
the original sensitive information.

42
00:02:14.070 --> 00:02:17.070
For example, near-field communication

43
00:02:17.070 --> 00:02:21.449
or NFC payment systems like Apple Pay, Google Pay,

44
00:02:21.449 --> 00:02:23.877
or Samsung Pay use tokenization

45
00:02:23.877 --> 00:02:27.030
to secure their transactions,

46
00:02:27.030 --> 00:02:29.640
so when a user adds their credit card

47
00:02:29.640 --> 00:02:33.210
to an NFC-enabled mobile wallet,

48
00:02:33.210 --> 00:02:36.600
the card details are not stored on the device.

49
00:02:36.600 --> 00:02:40.020
Instead, the mobile wallet generates a token

50
00:02:40.020 --> 00:02:42.960
that represents the actual card number.

51
00:02:42.960 --> 00:02:46.410
When the user taps their device at a payment terminal,

52
00:02:46.410 --> 00:02:49.980
the NFC technology transmits the token,

53
00:02:49.980 --> 00:02:52.703
not the actual payment card information.

54
00:02:52.703 --> 00:02:56.370
The token is transmitted to the merchant's payment system

55
00:02:56.370 --> 00:02:59.160
and is used to complete the transaction.

56
00:02:59.160 --> 00:03:02.241
Actual card details remain securely stored

57
00:03:02.241 --> 00:03:05.927
on the payment provider's backend system.

58
00:03:05.927 --> 00:03:08.612
Only the secure tokenization service

59
00:03:08.612 --> 00:03:11.430
can map the token that's presented

60
00:03:11.430 --> 00:03:13.415
back to the original card data,

61
00:03:13.415 --> 00:03:17.160
which is needed for the transaction authorization.

62
00:03:17.160 --> 00:03:19.494
This process significantly reduces

63
00:03:19.494 --> 00:03:21.900
the risk of data breaches,

64
00:03:21.900 --> 00:03:25.064
as the token cannot be reverse-engineered,

65
00:03:25.064 --> 00:03:27.269
or used anywhere else.

66
00:03:27.269 --> 00:03:31.402
If it's intercepted, the token is meaningless without access

67
00:03:31.402 --> 00:03:33.961
to the secure system that manages

68
00:03:33.961 --> 00:03:37.170
the token-to-card number mapping.

69
00:03:37.170 --> 00:03:42.061
Tools like Thales CipherTrust and TokenEx are commonly used

70
00:03:42.061 --> 00:03:45.360
to manage tokenization security.

71
00:03:45.360 --> 00:03:49.429
These systems enforce strict controls over token mapping,

72
00:03:49.429 --> 00:03:52.171
further enhancing security and privacy

73
00:03:52.171 --> 00:03:56.130
for both consumers and businesses.

74
00:03:56.130 --> 00:03:59.670
Second, we have Cryptographic Erase.

75
00:03:59.670 --> 00:04:03.750
Cryptographic Erase is a secure data deletion method

76
00:04:03.750 --> 00:04:05.910
that involves encrypting data

77
00:04:05.910 --> 00:04:08.700
and then destroying the encryption keys,

78
00:04:08.700 --> 00:04:12.210
making the data completely irrecoverable.

79
00:04:12.210 --> 00:04:14.639
This process is particularly effective

80
00:04:14.639 --> 00:04:17.759
for quickly and securely removing data,

81
00:04:17.759 --> 00:04:21.990
as it renders the data useless without the keys,

82
00:04:21.990 --> 00:04:24.030
rather than needing to overwrite

83
00:04:24.030 --> 00:04:26.970
the entire contents of a drive.

84
00:04:26.970 --> 00:04:29.266
Cryptographic erase is commonly used

85
00:04:29.266 --> 00:04:33.153
when decommissioning hardware, repurposing drives,

86
00:04:33.153 --> 00:04:37.201
or ensuring compliance with data protection regulations.

87
00:04:37.201 --> 00:04:40.410
After the cryptographic erase process,

88
00:04:40.410 --> 00:04:45.410
the drive itself remains fully functional and can be reused.

89
00:04:45.510 --> 00:04:48.548
Since the process only removes the encryption keys

90
00:04:48.548 --> 00:04:51.350
and not the drive's operational firmware,

91
00:04:51.350 --> 00:04:54.489
the drive can be re-encrypt with new keys

92
00:04:54.489 --> 00:04:57.720
and repurposed for new data storage.

93
00:04:57.720 --> 00:05:00.911
This re-usability is a significant advantage,

94
00:05:00.911 --> 00:05:05.610
especially in enterprise settings where hardware costs

95
00:05:05.610 --> 00:05:10.200
and resource management are important considerations.

96
00:05:10.200 --> 00:05:15.039
Modern drives, especially enterprise-grade Hard Disk Drives

97
00:05:15.039 --> 00:05:16.878
and Solid State Drives

98
00:05:16.878 --> 00:05:21.570
come with built-in cryptographic erase capabilities.

99
00:05:21.570 --> 00:05:23.730
These features are often part

100
00:05:23.730 --> 00:05:26.011
of the drive's native technology,

101
00:05:26.011 --> 00:05:29.850
particularly in Self-Encrypting Drives.

102
00:05:29.850 --> 00:05:32.970
Self-Encrypting Drives are specifically designed

103
00:05:32.970 --> 00:05:35.209
to encrypt data automatically

104
00:05:35.209 --> 00:05:38.670
using a processor on the drive itself,

105
00:05:38.670 --> 00:05:42.420
not the operating system or CPU.

106
00:05:42.420 --> 00:05:46.800
Cryptographic erase works for both hard disk drives

107
00:05:46.800 --> 00:05:48.498
and solid state drives,

108
00:05:48.498 --> 00:05:52.500
but is particularly preferred for solid state drives,

109
00:05:52.500 --> 00:05:55.917
and this is because traditional methods of data erasure,

110
00:05:55.917 --> 00:06:00.360
such as overriding data locations multiple times

111
00:06:00.360 --> 00:06:02.832
are less effective on Solid State Drives

112
00:06:02.832 --> 00:06:07.320
due to the way data is stored across memory cells.

113
00:06:07.320 --> 00:06:09.105
Cryptographic erase, however,

114
00:06:09.105 --> 00:06:13.440
does not rely on the physical overriding of data,

115
00:06:13.440 --> 00:06:15.876
so it's effective for Solid State Drives,

116
00:06:15.876 --> 00:06:19.145
where traditional eraser methods like overriding

117
00:06:19.145 --> 00:06:22.530
would fail to remove all data remnants.

118
00:06:22.530 --> 00:06:24.922
Major manufacturers like Seagate,

119
00:06:24.922 --> 00:06:27.600
Western Digital and Samsung

120
00:06:27.600 --> 00:06:30.000
offer drives with hardware encryption

121
00:06:30.000 --> 00:06:33.120
and integrated cryptographic erase functions,

122
00:06:33.120 --> 00:06:38.040
providing a fast and efficient way to securely erase data.

123
00:06:38.040 --> 00:06:41.580
Additionally, third-party tools like Secure Erase Software

124
00:06:41.580 --> 00:06:44.837
can be used to perform cryptographic erase

125
00:06:44.837 --> 00:06:47.845
on drives that may not have native support

126
00:06:47.845 --> 00:06:49.830
for this function.

127
00:06:49.830 --> 00:06:52.284
Third, we have Obfuscation.

128
00:06:52.284 --> 00:06:55.440
Obfuscation is a technique used to hide

129
00:06:55.440 --> 00:06:57.738
the original meaning of data,

130
00:06:57.738 --> 00:07:00.759
making it difficult for unauthorized users

131
00:07:00.759 --> 00:07:04.080
to understand or analyze it.

132
00:07:04.080 --> 00:07:07.231
Unlike Encryption, Obfuscation does not involve

133
00:07:07.231 --> 00:07:10.599
complex cryptographic algorithms,

134
00:07:10.599 --> 00:07:12.907
but instead relies on encoding

135
00:07:12.907 --> 00:07:15.472
or scrambling data into a format

136
00:07:15.472 --> 00:07:18.060
that is not easily readable.

137
00:07:18.060 --> 00:07:20.520
A common example is masking parts

138
00:07:20.520 --> 00:07:22.200
of personal information,

139
00:07:22.200 --> 00:07:24.779
such as displaying only the last four digits

140
00:07:24.779 --> 00:07:27.450
of a Social Security Number.

141
00:07:27.450 --> 00:07:30.375
This approach protects data in scenarios

142
00:07:30.375 --> 00:07:35.045
where full encryption may be unnecessary or impractical.

143
00:07:35.045 --> 00:07:39.874
Masking is generally designed to be a non-reversible process

144
00:07:39.874 --> 00:07:41.916
because it aims to hide data

145
00:07:41.916 --> 00:07:46.916
rather than to transform it in a way that can be reversed.

146
00:07:47.130 --> 00:07:49.978
So, unlike encryption, which can be reversed

147
00:07:49.978 --> 00:07:53.520
with the correct encryption and decryption key,

148
00:07:53.520 --> 00:07:57.317
masked data cannot be reverted back to its original form

149
00:07:57.317 --> 00:08:00.640
without access to the full and original data

150
00:08:00.640 --> 00:08:03.630
stored securely somewhere else.

151
00:08:03.630 --> 00:08:06.557
However, if masking is poorly implemented

152
00:08:06.557 --> 00:08:09.923
or if the original data is still accessible,

153
00:08:09.923 --> 00:08:12.959
there is a risk that the obfuscated parts

154
00:08:12.959 --> 00:08:16.140
could be inferred or exposed.

155
00:08:16.140 --> 00:08:18.639
Proper masking ensures that sensitive data

156
00:08:18.639 --> 00:08:20.804
is obscured from view,

157
00:08:20.804 --> 00:08:24.675
keeping it protected while still allowing limited use.

158
00:08:24.675 --> 00:08:27.885
Obfuscation tools include techniques

159
00:08:27.885 --> 00:08:31.148
built into programming languages like JavaScript,

160
00:08:31.148 --> 00:08:34.855
where code can be transformed to hide its original intent

161
00:08:34.855 --> 00:08:39.120
while still maintaining the original functionality.

162
00:08:39.120 --> 00:08:42.870
Fourth, we have Cryptographic Obfuscation.

163
00:08:42.870 --> 00:08:45.870
Cryptographic Obfuscation takes the concept

164
00:08:45.870 --> 00:08:50.398
of obfuscation further by using encryption algorithms

165
00:08:50.398 --> 00:08:54.145
to transform data into an unreadable format.

166
00:08:54.145 --> 00:08:58.463
This makes it significantly harder for unauthorized parties

167
00:08:58.463 --> 00:09:00.919
to access or misuse the data,

168
00:09:00.919 --> 00:09:03.079
as the obfuscation is backed

169
00:09:03.079 --> 00:09:06.480
by cryptographic security measures.

170
00:09:06.480 --> 00:09:10.536
For example, organizations may use cryptographic obfuscation

171
00:09:10.536 --> 00:09:13.082
to protect software code,

172
00:09:13.082 --> 00:09:16.500
ensuring that even if the code is accessed,

173
00:09:16.500 --> 00:09:20.565
it cannot be easily reverse-engineered or understood.

174
00:09:20.565 --> 00:09:24.165
Tools like VeraCrypt for file-level obfuscation

175
00:09:24.165 --> 00:09:26.597
and Obfuscating Compilers

176
00:09:26.597 --> 00:09:29.578
in software development environments

177
00:09:29.578 --> 00:09:33.105
provide enhanced protection for data and code,

178
00:09:33.105 --> 00:09:35.033
making unauthorized access

179
00:09:35.033 --> 00:09:38.730
and interpretation extremely difficult.

180
00:09:38.730 --> 00:09:42.570
Fifth and last, we have Serialization.

181
00:09:42.570 --> 00:09:45.626
Serialization is the process of converting data

182
00:09:45.626 --> 00:09:47.625
into a structured format

183
00:09:47.625 --> 00:09:50.590
that can be easily stored or transmitted

184
00:09:50.590 --> 00:09:54.420
and then accurately reconstructed later.

185
00:09:54.420 --> 00:09:57.544
Serialization allows complex data structures,

186
00:09:57.544 --> 00:10:00.180
such as objects, arrays,

187
00:10:00.180 --> 00:10:03.065
or data models to be transformed into a format

188
00:10:03.065 --> 00:10:07.080
that can be saved to disk, sent over a network,

189
00:10:07.080 --> 00:10:10.445
or passed between different components of an application.

190
00:10:10.445 --> 00:10:13.386
Common serialization formats include

191
00:10:13.386 --> 00:10:17.190
JavaScript Object Notation or JSON,

192
00:10:17.190 --> 00:10:20.190
Extensible Markup Language or XML,

193
00:10:20.190 --> 00:10:21.793
and binary formats,

194
00:10:21.793 --> 00:10:25.530
each serving different needs depending upon the use case.

195
00:10:25.530 --> 00:10:29.185
JSON and XML are human-readable

196
00:10:29.185 --> 00:10:31.980
and widely used for web services,

197
00:10:31.980 --> 00:10:35.040
while binary formats are often used

198
00:10:35.040 --> 00:10:37.050
when speed and efficiency,

199
00:10:37.050 --> 00:10:40.470
rather than human readability are required.

200
00:10:40.470 --> 00:10:44.970
Serialization is the process of converting an object's data,

201
00:10:44.970 --> 00:10:46.860
such as variables, arrays,

202
00:10:46.860 --> 00:10:49.805
and their values into a format like a string

203
00:10:49.805 --> 00:10:54.060
or bytes that can be stored or sent easily.

204
00:10:54.060 --> 00:10:58.165
In Python, the pickle module can serialize an object

205
00:10:58.165 --> 00:11:02.247
into a binary format, which can then be saved to a file

206
00:11:02.247 --> 00:11:04.550
or transmitted over a network.

207
00:11:04.550 --> 00:11:06.668
When you need to see the data again,

208
00:11:06.668 --> 00:11:09.933
Deserialization reverses the process,

209
00:11:09.933 --> 00:11:14.605
converting the binary data back into the original object

210
00:11:14.605 --> 00:11:17.880
with its complete structure and values.

211
00:11:17.880 --> 00:11:21.000
In Java, the Serializable interface

212
00:11:21.000 --> 00:11:25.020
marks objects that can be serialized and deserialized,

213
00:11:25.020 --> 00:11:27.873
which is useful for tasks like storing user sessions

214
00:11:27.873 --> 00:11:31.860
or sending objects between distributed systems.

215
00:11:31.860 --> 00:11:36.532
In .NET, the JsonSerializer class converts complex objects

216
00:11:36.532 --> 00:11:39.560
into JSON strings and back,

217
00:11:39.560 --> 00:11:41.834
making it easier to exchange data

218
00:11:41.834 --> 00:11:45.333
through web application programming interfaces.

219
00:11:45.333 --> 00:11:48.757
Overall, serialization ensures that data integrity

220
00:11:48.757 --> 00:11:51.240
is maintained during transmission

221
00:11:51.240 --> 00:11:54.097
across different and platforms,

222
00:11:54.097 --> 00:11:56.999
as all the necessary details are preserved

223
00:11:56.999 --> 00:12:00.540
in a structured and standardized way.

224
00:12:00.540 --> 00:12:04.830
So, remember, data protection uses methods

225
00:12:04.830 --> 00:12:08.250
to keep data safe from unauthorized access,

226
00:12:08.250 --> 00:12:11.431
changes or loss, ensuring it remains secure,

227
00:12:11.431 --> 00:12:14.310
accurate, and available.

228
00:12:14.310 --> 00:12:16.680
Techniques like tokenization,

229
00:12:16.680 --> 00:12:19.530
cryptographic erase, obfuscation,

230
00:12:19.530 --> 00:12:22.486
cryptographic obfuscation and serialization

231
00:12:22.486 --> 00:12:24.750
help to achieve these goals.

232
00:12:24.750 --> 00:12:27.575
Tokenization replaces sensitive data

233
00:12:27.575 --> 00:12:30.196
with tokens that cannot be reversed

234
00:12:30.196 --> 00:12:33.594
without access to a secure mapping system.

235
00:12:33.594 --> 00:12:37.119
Cryptographic Erase securely deletes data

236
00:12:37.119 --> 00:12:39.750
by destroying encryption keys,

237
00:12:39.750 --> 00:12:42.103
making the data completely irrecoverable,

238
00:12:42.103 --> 00:12:45.300
while keeping the drive reusable.

239
00:12:45.300 --> 00:12:48.795
Obfuscation hides data by changing its appearance,

240
00:12:48.795 --> 00:12:52.436
often using masking to obscure sensitive information

241
00:12:52.436 --> 00:12:55.725
in a way that is generally non-reversible.

242
00:12:55.725 --> 00:12:59.223
Cryptographic Obfuscation goes a step further

243
00:12:59.223 --> 00:13:02.585
by using encryption to protect data or code,

244
00:13:02.585 --> 00:13:06.660
making it unreadable to unauthorized users.

245
00:13:06.660 --> 00:13:09.824
And finally, Serialization converts data

246
00:13:09.824 --> 00:13:13.131
into formats like JSON or XML,

247
00:13:13.131 --> 00:13:17.077
allowing it to be easily stored or sent over networks,

248
00:13:17.077 --> 00:13:20.310
while preserving its structure and integrity

249
00:13:20.310 --> 00:13:22.863
for accurate reconstruction later.