Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Keeping Private Data Private


Published on

  • Hi there! Get Your Professional Job-Winning Resume Here - Check our website!
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Keeping Private Data Private

  1. 1. Keeping Private Data Private<br />Avoiding your 15 Minutes on CNN<br />Tony Cannizzo | PresidentSilos-Connect Technologies<br />
  2. 2. Identity Management<br />Authorization (Roles)<br />Authentication (Users)<br />Admin Control<br />Separation of Duties (SoD)<br />Configuration and Change Management<br />Auditing / Monitoring<br />Who is Accessing What, When, Where and How<br />Identify Unusual User Behaviors<br />Encryption<br />Protect Stored Data (Backups, Drives)<br />Protect Data in Transit (Network, Wireless)<br />Data Masking<br />Protect Test Data<br />Protect Production Data<br />Comprehensive Data Security<br />
  3. 3. Data Masking in Production<br />
  4. 4. 80% of high-cost security incidents occur when data from inside the organization gets out<br />Most data leakage occurs by accident or because of poor business processes<br />Whether accidental or malicious, security breaches from inside the company aren&apos;t addressed by the bulk of security dollars spent on technology that addresses the perimeter of the network. <br />Gartner:<br />
  5. 5. They don’t talk about the 3-foot thick granite wallsor the 22-ton blast-proof doors<br />They worry about who is watching the GOLD!<br />When they talk about Fort Knox<br />
  6. 6. Survival:Protect the Business <br />Legal: Required by law<br />Masking protects sensitive data while simultaneously enabling users to have the appropriate data access to complete business processes.<br />Why Mask Data?<br />
  7. 7. What Was the Original Purpose?<br />To give Dev/Test teams realistic test data to work with, and not expose Production data.<br />Concept came up in reaction to the limitations of other test data generation strategies:<br />Cloned Production Databases<br />Image Copies from Backup<br />Selective Subset<br />Random Test Data Generators<br />Iterative Executions of Applications<br />Keyed in from Scratch<br />
  8. 8. Testing with Production Data<br />BENEFITS<br />DOWNSIDE<br /><ul><li>Heavy on records - “Lite” on test cases
  9. 9. Too Large for Multiple Copies
  10. 10. Test executions take longer to run
  11. 11. Confidential & Sensitive data values in a Non-secured environment</li></ul>Readily available<br />RI is already established<br />Will eventually need to run volume test anyway<br />“If it runs against production . . .. . . it will run against anything”(Right?)<br />
  12. 12. How Real is THIS?<br />You better not do surgery on ME!<br />HA! My son is a SYSDBA.<br />
  13. 13. Encryption <br />Protects data at rest, or while in transit<br />Data must be Decrypted to be used<br />Does not prevent abuse at the final destination<br />Can often be identified because it is encrypted<br />Hackers will target encrypted or marked data as it says “I am valuable data”<br />Masked Data<br />Protects data in-motion and in-use<br />Never gets un-masked<br />If it can’t be seen, it can’t be abused<br />Same as Encryption?<br />
  14. 14. What Needs to be Masked: PCI DSS<br />Payment Card Information Data Security Standard<br />Cardholder Information<br />Primary Account Number (PAN)<br />Cardholder Name<br />Service Code<br />Expiration Date<br />Authentication Data <br />Full Magnetic Stripe Data<br />CAV2/CVC2/CVV2/CID <br />PIN/PIN Block No<br />IP address/Mac address<br />Application/Service<br />User accounts/groups<br />Ensure that each entity only has access to own cardholder data environment<br />
  15. 15. Names<br />Geo Subdivisions smaller than a State<br />Street Address<br />City<br />County<br />Precinct<br />Zip Code<br />Except the first 3 digits, if greater than 20,000 people<br />If less than 20,000 people change first three digits to ‘000’<br />All elements of date (except Year) directly related to an individual <br />Up to 89 years of age:<br />Date of Birth <br />Admission Date<br />Discharge Date<br />Date of Death<br />Over 89 years of age:<br />All elements of date INCLUDING Year indicative of such age<br />Such dates and elements may be aggregated into a single category of “90&Older”<br />What Needs to Be Masked: HIPAA<br /><ul><li>Telephone Numbers
  16. 16. Fax Numbers
  17. 17. Email addresses
  18. 18. Social Security Numbers (or other National or International Identifiers)
  19. 19. Medical Record Numbers
  20. 20. Health Plan Beneficiary Numbers
  21. 21. Account Numbers
  22. 22. Certificate/License Numbers
  23. 23. Vehicle Identification Numbers including Serial Numbers and License Plate Numbers
  24. 24. Device Identifiers and Serial Numbers
  25. 25. Web Universal Resource Locators (URL’s and IP Addresses)
  26. 26. Biometric Identifiers including Finger Prints and Voice Prints
  27. 27. Full-face photographic images and any comparable images
  28. 28. Any other unique identifying number, characteristic or code</li></li></ul><li>Data Masking<br />Available Methods<br />
  29. 29. Oracle Data Masking Pack<br />Clone<br />Import<br />Masking<br />Build Mapping Table<br />orig_value<br />mask_value<br />Disable Constraints<br />Rename Table<br />Recreate & Reload from renamed table and mapping table<br />Enable Constraints<br />Collect Statistics<br />Drop Renamed Table and Mapping Table<br />CloneClone Production Database to Staging Area<br />Export/Import<br />Export Masked Database<br />Import Database into Test<br />
  30. 30. Extract from Source<br />Subset with Selection Criteria <br />Optional but recommended<br />Mask Extracted Data<br />During Extract?<br />During Load?<br />Load to Target<br />Test, QA, Etc.<br />Load?<br />Insert/Updates?<br />ETL Solutions<br />Prod<br />Takes Longer to run<br />Masks Loadable File<br />Extract<br />Loadable<br />File<br />Exposes Loadable File<br />Easier to Refresh<br />Ins/Upd<br />Load<br />Test<br />Dev<br />
  31. 31. Data substitution <br />replacing a value in the column with fictionalized data<br />Truncating, hiding or nullifying<br />which replaces column values with NULL or ‘****”<br />Randomization <br />replacing the value with random data<br />Skewing <br />which alters the numeric data by a random variance<br />Scrambling<br />Smart Functions created in PL/SQL<br />Character substring masking <br />Shows a portion of the actual value and hides the rest<br />Shuffling<br />Uses values from other rows<br />Algorithms for Masking Sensitive Data<br />
  32. 32. Remember, this is Static Data Masking<br />Values are physically stored in the tables/columns<br />One size may not fit all<br />Look Out For:<br />Mutually-exclusive test cases<br />Referential Integrity<br />Data Distribution<br />Cardinality<br />Frequency/Duration of Extracts<br />Frequency/Variety of Target Environments<br />Be sure to delete all copies of Un-masked Extracts<br />Key Considerations<br />
  33. 33. Data Masking at the Presentation Layer<br /><ul><li>SELECT ACCT_NUM = 3072-100924-90212
  34. 34. SELECT TRUNCATE(ACCT_NUM)= XXXX-XXXXXX-X0212</li></li></ul><li>The Next Frontier<br />Works in Production as well as Dev/Test<br />Database retains original values<br />Selectively mask data in real time<br />Transparent to clients, applications, databases<br />Implemented on SQL*Net protocol layer<br />Acts as SQL*Net proxy / Oracle Listener<br />Catches inbound SQL statement protocol packets<br />Apply security policies as pre-defined rules <br />Dynamic Data Masking<br />
  35. 35. Scenarios for Dynamic Data Masking<br />
  36. 36. Selective Data Masking<br />Application Support / Help Desk<br />
  37. 37. Application Mis-Use<br />Application User<br />
  38. 38. QA Team Capturing Scripts<br />
  39. 39. Privileged User Control<br />
  40. 40. This User has SYSDBA<br />
  41. 41. And so does this one…<br />Mask ‘salary’ values in all tables<br />Hide ‘job name’ in all tables<br />Scramble ‘name’ in all tables<br />26<br />
  42. 42. Quick Example of ourRules Editor<br />Matches Any SQL<br />Masking Actions<br />How Did You Do That?<br />
  43. 43. Dynamic Data Masking<br />Application WebDev. tools, SQL*plus, DBlinks etc.,<br />ActiveBase Security<br />User rules apply ‘Rewrite’ or Block actions on incoming SQL requests<br />Oracle<br />Database<br />Before<br />After<br />Example:<br />Rewrite Rule replaced:<br />select .., ‘****’,..from..<br />Rule<br />Original SQL:<br />select ..,name,..from..<br />Hiding Rules: <br />Blocking Rules: <br />Scrambling Rules: <br />Masking Rules: <br />Original SQL:<br />Original SQL:<br />Original SQL:<br />Original SQL:<br />Select name,..from..<br />Select name,..from..<br />Select name,..from..<br />Select name,..from..<br />After Rule:<br />After Rule:<br />After Rule:<br />After Rule:<br />Select scrmbl(name)..<br />Select substr(name,1,2)||’***’<br />select ..,’’,..from..<br />Returned message:<br />You are not allowed to access this personal information!<br />Result:<br />Result:<br />Result:<br />28<br />
  44. 44. User Profiles – NOT just based on DB Privilege level<br /><ul><li>Employee vs Contractor
  45. 45. Local vs Offshore
  46. 46. Developervs DBA
  47. 47. End-uservs IT Staff</li></ul>Other Actions:<br />Block the request <br />Send alertto business and/or notification to user<br />Quarantine - block sessions and new connections from the same machine or user for ‘X’ minutes<br />Apply delays between each subsequent request<br />Killsession(s)<br />Log audit trail of activity<br />More than Just Masking Data<br />
  48. 48. 30<br />Toad, DBArtisan, SQL*Plus, etc.<br /><ul><li>Restrict parallel load: - allow up to four parallel servers for all Toad requests - or dynamically remove the parallelism from the request
  49. 49. Block specific DB activities from either authorized or unauthorized users: locks, drop table, drop synonym, drop grant
  50. 50. Selectively preventing DML, DCL, DDL commands from unauthorized users
  51. 51. Automatically redirect requests to the REPORT DB when request includes certain conditions</li></ul>Enforce Dev Tool Usage Policies<br />
  52. 52. User<br />ActiveBase Modules Overview<br />Application<br />ActiveBase in-line Proxy modules:<br />Security<br />Module<br />Performance<br />Module<br />Masks personal informationfor outsourced support and IT<br />Applies SQL Hints / Rewritefor improving performance<br />Blocks offensive Requests /SQL injection / CPU risks<br />Redirects report /ad-hocto replication / history DB <br />Scrambles / Encrypts<br />confidential & personal fields<br />Blocks / defers ‘request-from-hell’for safe guarding production<br />Tuning Robot<br />Prioritization module(DB server)<br />OracleDatabaseServer<br />Allocates Database Server<br />resourcesto processes according<br />totransaction importance<br />Manual Operator<br />Automatic - Rules<br />31<br />
  53. 53. AB*Performance Rule Examples<br />
  54. 54. THANK YOU!<br />Tony Cannizzo | President<br />Silos-Connect Technologies<br /><br />404 580 3451<br />Soon to be: Dynamic Database Solutions<br />Questions, Comments, Jokes?<br />DynamicDB<br />
  55. 55. Oracle Data Masking<br />Optional Backup Slides<br />
  56. 56. Copy production data to other environments<br />Dev<br />Test<br />Staging<br />Irreversible process<br />Replaces sensitive data with realistic-looking<br />But scrubbed data based on masking rules<br />The original data cannot be retrieved, recovered or restored.<br />OEM 10g Data Masking Pack<br />
  57. 57. Format Library for Out-of-the-Box formats<br />Credit Card Numbers<br />Phone Numbers<br />National Identifiers<br />SSN (US)<br />National Ins Number (UK)<br />Mask Formats built on Mask Primitives<br />Random Numbers<br />Random Digits<br />Random Dates<br />Constants<br />Masking Functions<br />Shuffle: column values used in different rows<br />Useful when the range of values in a column is not known<br />User-defined Formats<br />Defined using PL/SQL<br />Example – complexly formulated account numbers can be generated using fictitious values but providing functionality for the application<br />Deterministic Masks<br />For maintaining RI when masking across application environments<br />Consistent mask in CRM/ERP and DW<br />Centralized Mask Formats<br />
  58. 58. A Built-in Search Function on Data Dictionary<br />Helps identify all tables and columns containing SPI<br />Maps to appropriate mask formats<br />Related Application Column Capability<br />Automatically identifies RI based on Foreign Keys that are maintained in the Data Dictionary<br />Application-defined relationships that are not maintained in the Data Dictionary can be added<br />Portable Masking Definition<br />
  59. 59. Assign multiple mask formats to a column dependent on specific conditions<br />Example: Multi-national HR System and National Identifiers depending on Country of employee:<br />If employee is US, use SSN mask<br />If employee is UK, use National Insurance mask<br />If employee is Canadian, use Social Insurance mask<br />Condition-based Masking<br />
  60. 60. For multiple related columns within a row<br />Example: Must have a valid address <br />City for State<br />Zip for City <br />Compound Masking<br />
  61. 61. XML File containing all masking definitions<br />Created via the Export Masking Definition capability<br />Can be loaded into other databases<br />Can be used to restore the original masking definitions if a mask definition is improperly altered<br />Application Masking Template<br />
  62. 62. Define Mask Formats<br />Assign Masking Definitions to the Application Masking Template<br />Run a Series of Validation Steps to insure the script can run without errors<br />One step checks RI, Uniqueness Constraints, Column Lengths, Data Types, etc.<br />Generate the PL/SQL-based Masking Script<br /><ul><li>Create a fully-loaded database as a target for the Masking Script</li></ul>Transfer Masking Script to target database<br />Execute the Masking Script<br />CREATES a Masked Replacement for the Original TABLE<br />REPLACES the Table containing sensitive data with an identical table containing masked data maintaining the original database’s:<br />Constraints<br />Referential Integrity<br />Associated Access Structures (i.e. Indexes, Partitions, Permissions, etc.)<br />Executes in Parallel<br />Disables Database Logging<br />Then DROP’s the original table containing sensitive data AFTER the Masking Process is completed.<br />Steps in the Masking Process<br />NOTE: Target TABLE contains the actual production values until the masking process is completed!!!<br />
  63. 63. ODMP integrates with OEM Database Cloning<br />Separate from the Standalone Process<br />Can Add Data Masking to the Clone Process<br />Point the PRD Database to a Staging Environment <br />Specify the Masking Definitions to be run AFTER Cloning<br />Cloned Database is brought up in RESTRICTED mode to prevent non-administrative access to the database<br />Executes the Masking Script<br />Then opens the database for unrestricted use<br />ONLY UPON VERIFYING THAT THE MASKING PROCESS HAS COMPLETED SUCCESSFULLY.<br />Secure Clone-and-Mask Workflow<br />
  64. 64. <ul><li>The most secure approach.</li></ul>Clone the production database to a Staging Area<br />Mask it <br />Then Export/ Import it to another Database in the Test Region<br />This automatically drops the masking table and the unmasked data files<br />Less Secure Approach<br />You can clone the production database to a mask staging area, then make the staging area the new test region. <br />The masked database contains the original data in unused blocks and in the free list. <br />You can only purge this information by exporting/importing the data to another database.<br />ODMP: Key Considerations<br />