SlideShare a Scribd company logo

Opteamix_whitepaper_Data Masking Strategy.pdf

Opteamix LLC
Opteamix LLC

It is shocking to note that about 3.5 billion people saw their personal data stolen in the top two of the 15 biggest breaches of this century alone. With the average cost of a data breach exceeding $8 million, it is no wonder that safeguarding confidential business and customer information has become more important than ever. Furthermore, with stricter laws and governance requirements, data security is now everyone’s responsibility across the entire enterprise. However, that is easier said than done, and for that reason, an an increasing number of organizations are relying heavily on data masking to proactively protect their data, avoid the cost of security breaches, and ensure compliance.

Technology
1 of 16
Download to read offline
Data Strategy Masking
1. 2. Overview Why Data Masking? 3. The Challenges 4. Our Solution 5. Where to Apply Data Masking 6. How to Apply Data Masking 7. Data Masking in Action 8. Conclusion CONTENTS
Overview It is shocking to note that about 3.5 billion people saw their personal data stolen in the top two of the 15 biggest breaches of this century alone. With the average cost of a data breach exceeding $8 million, it is no wonder that safeguarding confidential business and customer information has become more important than ever. Furthermore, with stricter laws and governance requirements, data security is now everyone’s responsibility across the entire enterprise. However, that is easier said than done, and for that reason, an increasing number of organizations are relying heavily on data masking to proactively protect their data, avoid the cost of security breaches, and ensure compliance. This whitepaper aims to give an overview of the world of data masking by uncovering the types, techniques, strategies, and use cases of custom implementations that will help you understand its enterprise potential. As the name implies, data masking (also known as data obfuscation, data anonymization, data munging, data pseudonymization, data scrambling, data scrubbing, etc.), is a process that organizations use to secure their data. The real data is obscured by random characters or other data that covers classified data points from those who do not have permission to view it. 1
Why Data Masking? Let us consider the following instances: The primary function of masking data is to protect sensitive, private information in situations where it might be visible to someone without clearance to the information. Organizations copy millions of sensitive data to non-production environments and very few succeed in protecting this data when sharing with external and third-party systems too. Health care organizations share patient data with medical sys- tems or healthcare providers for enhanced availability, the integrity of data on electronic Health Records (eHR), research on clinical trials, efficient medical treatments, etc. Enterprises share data from their production applications with other systems for various business needs, data & business analytics, or to allow a system administrator to test, apply patches, fixes, and run upgrades. Application developers need an environment-mimicking production setting to build and test new features. This helps businesses achieve a competitive advantage and stay up to date. Financial services institutions such as banking, mortgage, insurance, etc. depend on rapid transaction speed and global interconnectivity. Unfortunately, all of their critical support infrastructures like trading platforms, central security depositories, payment and settlement systems, and central counterparties each serve as a single point of failure. Therefore, a security breach at any one of those infrastructures could have far-reaching consequences. 2
As you can see, data masking is essential in many regulated industries where business-confidential information must be protected from overexposure. With data masking, sensitive data categories that include protection of intellectual property, personally identifiable information, protected health information, financial information, and payment card information can only be viewed by the people who are authorized to see it and can see only what they should. By masking data, the organization can expose the data as needed to test teams or database administrators without compromising the data or getting out of compliance. The primary benefit of data masking is reduced security risk. Government Laws & Regulations The need to protect data and mitigate the risk of compromising critical and confidential information is at the forefront of governments and enterprises, which is why laws, regulations, and business policies have been built around processes. Data masking is the first step to being in compliance with privacy laws, discretion, and fulfilling the obligations of confidentiality. Some of the regulatory efforts that have been put forth are - The Health Insurance Portability and Accountability Act (HIPAA) which alludes to the protection and confidential handling of protected health information, the Sarbanes-Oxley Act (or SOX Act) aims to protect investors by making corporate disclosures more reliable and accurate and the Payment Card Industry (PCI) Data Security Standard (DSS) which is enforced by Visa and Master Card ensures cardholder data security and adopts data security measures globally. 3
The Challenges Organizations have started taking threats to data breaches very seriously and have set out to address these issues as quickly as possible. The typical approaches to data protection such as firewalls, encryption, and passwords fail to sufficiently lock down data. Enterprises today must go beyond traditional security measures and instead opt for a comprehensive data security solution that includes proactive security monitoring at the data level. The idea of merely removing sensitive information from the non-production environment seems to be a simple ask, However, it can pose serious challenges in various aspects. The immediate challenge lies in finding the perfect balance between conformance with privacy laws, discretion, and the obligations of confidentiality. Ensuring data integrity between support and the production environment delivers more value to the business and speeds up releases. Some of the immediate challenges are: Applications are getting more complex and integrated. Knowing where the sensitive information resides and what applications are referencing this information becomes difficult. Because of the ever-evolving nature of applications, maintaining meta-data knowledge of the application architecture throughout its lifecycle also is of concern. Maintaining application integrity, auditing needs, acceptable performance, and reliability while formulating a flexible solution. Since application design is usually not built with the intent of ‘hiding’ sensitive data from specific environments, the analysis of the dependencies on each of the sensitive elements (such as development and testing needs, target user community, location and compliance mandates to name a few), has to be considered. 4
Repeated masking and synchronizing poses a challenge when auditing is concerned. Keeping track of what has been changed becomes an important business control requirement to prove compliance with regulations and laws. To implement these types of controls, reporting becomes paramount, along with the separation of duties and role-based permissions. Complexity in introducing data security as a part of the development life cycle as data models and data stores have evolved with time. Providing a flexible solution that can evolve with the application and can be extended beyond the database to logs, XML files, JSON data within an enterprise becomes an important challenge to address. Inherent complexities due to referential nature of data, availability of data in multiple tables in de-normalized databases, distributed data sources. Diversity in environments with a single point of ownership for each application. 5
Our Solution Our solution to these challenges regardless of the industry is to apply our Masking Approach that is carried out in the following stages: Discover: Do a thorough discovery of understanding the business, go through the data model, relationship, usage, etc to identify the sensitive data. Assess: : Define the type, the technique, and where to apply the masking to be adopted for the use case and derive the masking definition for each of the data categories. Validate: Utilize the application test suite/automation testing framework to validate the system behavior and security of information. Parameters for Solution Identification Parameters for Solution Identification Apply: Apply the derived masking definition to the data source. Roles Involved: This process will involve the expertise and coordinated effort of DB Admin, Security Admin, Application Development, and Testing team. Business rule Business rule Analyze the underlying business rules of the use case of information. Referential integrity Referential integrity Must maintain the data integrity across tables, databases, and systems. 6
Row-Internal synchronization requirement Row-Internal synchronization requirement Similar to referential integrity, however integrity within the row or tuple. Ex. PersonName is the concatenation of FirstName, MiddleName, LastName. Application type Application type COTS or Custom-built: Analyse if there is any ready solution in the market for business case. Cost Cost Must be a cost-effective, yet efficient solution. Turn-around time Turn-around time Ready solution masking might be generic and custom solution can target for a specific case, hence might support reduced cycle time. 7
Where to Apply Data Masking Based on where we apply masking, there are two major types: Static and Dynamic data masking Static data masking - This kind is applied to the copy of a single source of data, however, does not limit to the DB but also evolves with log files, XML, JSON, payload files, etc. Admins, typically load data backup into an integrated environment, carry out filtering on the dataset to limit the necessary data needed for testing or business operation, and apply data masking at static and then push to the intended environment. Dynamic data masking - Dynamic Data Masking, applied on one record at a time, at runtime, dynamically, and on-demand. This process is crucial in enabling continuous deployment for huge integrated applications by avoiding the time spent on creating backup and load to a special copy of the database. Systems where there are feeds from production at a constant pace to development making it complex to remain compliant, on-the-fly data masking becomes essential in such cases. Further, on-the-Fly data masking happens in the process of transferring data from environment to environment without data touching the disk on its way. 8
How to Apply Data Masking Data Masking depends on your business needs and rules, as well as applicable data privacy law(s). At a technical level, that usually means deciding how the resulting masked data or, ciphertext needs to appear, if it needs to be reversible or unique, how secure it is, and possibly, what kind of resources and time are available for the process. Some of the various techniques are: Substitution Shuffling Number and Data Variance Encryption Masking Out Nulling out or Deletion 1. Preserves the authentic look and feel of the data records 2. Ability to apply customized data substitution sets. 1. Derives the subsititution set from the same column of data that is being masked. 2. Data is randomly shuffled within the column. 1. Number variance applied could br around =/- 10%. 2. Applying a random numeric variance of +/-120 days to date fields. 1. Requires that a “key” be applied to view the data based on user rights. 1. Applying null value to a perticular field. 2. Lessens the degree of data integrity that is maintained in the masked data set. 1. Character scrambling or masking out of certain fields, SSN: XXX-XX-1234 9
Data Masking in Action Opteamix successfully performed the Data Masking Analysis and defined strategies for one of the leading US-based Human and Health Services providers whose business involved crucial and critical rules and regulations for the protection of PII/PHI information. The business needed a solution that would mask sensitive information, retain referential integrity, maintain row internal synchronization, enable continuous deployment of the applications all while reducing time and DBA workload. A number of their existing applications were data masked as a security-related solution provided by their vendors. However, because of the sheer size of the application, problems arose in the form of high turnaround time and restrictions on certain data records which were either nullified or filtered out even though they were crucial in running the business in onsite-offshore model. To find a solution to the above-mentioned problem, it was important to recognize the fact that a single solution might not be feasible in this situation. We had to come up with a solution that can leverage people, processes, and technology for easy integration. Our study included-analysis of production issues, mimicking systems for an exact production-like environment of test and dev, covering tests for patch/fixes/upgrades, quick turn-around test, and development environment provisioning, etc With the out-of-the-box pre-defined masking algorithms, masking common sensitive information, such as social security numbers, emails, credit card numbers, etc. reduced significant time in constructing from scratch. COTS applications can be masked with ready market solutions. Solution Options 1. Data Masking Solution for COTS like ATS, ERP, and/or CRM products: Usage of ready market solutions like: DATPROF Data Masking Tool, Delphix, Oracle solution. 10
Scenarios where applications have free text of audit notes, logged information, operation team’s & application’s notes, structured text like Payload, JSON and/or XML, etc. Due to this complexity, there is a strong need for an Inhouse custom or Hybrid solution after performing the various stages of masking approach of discovery and assessment We recommended, Static data masking considering the complexity, cumbersome steps, and tools involved in other types for similar products for one of the Product for supporting US Health Care services. 2. Data Masking Solution for Inhouse Products & Applications with Free text and Structured JSON/XML Analysis of existing scripts if any Approach based on recommendation Prepare masking scripts using tool and/or custom process Validate masking scripts Baseline scripts ready Initial Iteration Representation of Incremental approach Identified Techniques to be used are: Substitution, Masking, Numeric/Date Variance and Nulling. 11
Take a scenario where application production support is performed by offshore consultants, lending their expertise towards batch job executions, patches, DB upgrades, and data fixes to resolve issues for the operations team. During this process, people who are not authorized to see certain data are privy to lots of information that most often is of a sensitive nature. Due to the ongoing Pandemic and remote working, this process has become more vulnerable to security threats. To mitigate this risk, we carried out the various stages of the masking approach of discovery and assessment and provided the following options to solve the problem: Data Redaction: Users working on Data fixes are provided with specialized user role and access and rendered with redacted data from DB Client on the execution of SQL queries against the PII/PHI information holding DB tables. Example: Email Address of JohnMary123@abc.com can be rendered as JxxxMxxxxx@abc.com or xxxxxxx@xxx.com for the unauthorized user. Use of Datebase Views: Designed exclusive user roles and permissions for the DB access users and created DB views for the tables which are needed, without the PII/PHI holding columns for Production Support. Application code changes: Application side code changes for the UI layer to use CSS styles and HTML and JavaScript functions to render masked data for the sensitive information on to the web-application. Validate masking scripts Incremental scripts ready Subsequent Iteration Analyse baseline scripts and identify gaps Prepare scripts using tools and/or custom process 12
Conclusion With stricter laws and governance requirements, data security is now a concern across industries. Data masking is not domain- specific and offers organizations of all sizes a highly effective method to address data protection. It can be adopted to suit any business needs, enabling organizations to proactively secure corporate data, improve data security compliance, and lower costs associated with data breaches that are simply too great for any organization to ignore. While it may require a change in mindset in how data is secured, data masking can swiftly reduce the risk of data breaches. Organizations must have a well-defined strategy in place to discover, assess, apply, and validate the right Data Masking process based on business needs. As customer and organization data and other sensitive information are hidden, a large number of malicious and accidental threats are simply eliminated, helping to protect organizations from the very real threats of insider data leakage or theft. 13
www.opteamix.com Visit us at USA 9609 S. University Blvd., #631994 Littleton CO 80163 ++1 303 683 6454 +91 80 4667 1666 INDIA Brigade Software Park A Block, 2nd Floor #42, 27th Cross Road Banashankari Stage II Bengaluru 560070 Opteamix is a digital automation technology consulting firm with deep expertise in Application Development, Robotic Process Automation, AI, DevOps, Enterprise Mobility, and Test Automation Services. We are headquartered in Denver, Colorado with a wholly-owned delivery center in Bangalore, India. Contact Us

Recommended

The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
Eryk Budi Pratama
 
Unit 5 v2
Unit 5 v2Unit 5 v2
Unit 5 v2
ShubhraGoyal4
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
Eryk Budi Pratama
 
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET Journal
 
Michael Josephs
Michael JosephsMichael Josephs
Michael Josephs
daveGBE
 
Isaca global journal - choosing the most appropriate data security solution ...
Isaca global journal - choosing the most appropriate data security solution ...Isaca global journal - choosing the most appropriate data security solution ...
Isaca global journal - choosing the most appropriate data security solution ...
Ulf Mattsson
 
Cyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykCyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - Eryk
Eryk Budi Pratama
 
295256_Security_Problem_Whitepaper.Web
295256_Security_Problem_Whitepaper.Web295256_Security_Problem_Whitepaper.Web
295256_Security_Problem_Whitepaper.WebDeron Grzetich, CISSP, CISM, GCIH
 

Recommended

The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
Eryk Budi Pratama
 
Unit 5 v2
Unit 5 v2Unit 5 v2
Unit 5 v2
ShubhraGoyal4
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
Eryk Budi Pratama
 
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET Journal
 
Michael Josephs
Michael JosephsMichael Josephs
Michael Josephs
daveGBE
 
Isaca global journal - choosing the most appropriate data security solution ...
Isaca global journal - choosing the most appropriate data security solution ...Isaca global journal - choosing the most appropriate data security solution ...
Isaca global journal - choosing the most appropriate data security solution ...
Ulf Mattsson
 
Cyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykCyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - Eryk
Eryk Budi Pratama
 
295256_Security_Problem_Whitepaper.Web
295256_Security_Problem_Whitepaper.Web295256_Security_Problem_Whitepaper.Web
295256_Security_Problem_Whitepaper.WebDeron Grzetich, CISSP, CISM, GCIH
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Eryk Budi Pratama
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
Ulf Mattsson
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Eryk Budi Pratama
 
Big Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouBig Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouDATAVERSITY
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production Environments
LindaWatson19
 
Data_Protection_WP - Jon Toigo
Data_Protection_WP - Jon ToigoData_Protection_WP - Jon Toigo
Data_Protection_WP - Jon ToigoEd Ahl
 
Data-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseData-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended Enterprise
NextLabs, Inc.
 
Internal Audit
Internal AuditInternal Audit
Internal AuditNigel Robinson
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program Management
Eryk Budi Pratama
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
Eryk Budi Pratama
 
Data protection services lifecycle approach to critical information protection
Data protection services lifecycle approach to critical information protectionData protection services lifecycle approach to critical information protection
Data protection services lifecycle approach to critical information protection
Aujas Networks Pvt. Ltd.
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uae
RishalHalid1
 
California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)
Happiest Minds Technologies
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
ALI ANWAR, OCP®
 
Enterprise Data Privacy Quiz
Enterprise Data Privacy QuizEnterprise Data Privacy Quiz
Enterprise Data Privacy Quiz
Druva
 
Secure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentsSecure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentse.law International
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving services
CloudMask inc.
 
Big data security
Big data securityBig data security
Big data security
Anne ndolo
 
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...
Fasoo
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data Pribadi
Eryk Budi Pratama
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gap
xband
 
Big data security
Big data securityBig data security
Big data security
Anne ndolo
 

More Related Content

What's hot

Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Eryk Budi Pratama
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
Ulf Mattsson
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Eryk Budi Pratama
 
Big Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouBig Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouDATAVERSITY
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production Environments
LindaWatson19
 
Data_Protection_WP - Jon Toigo
Data_Protection_WP - Jon ToigoData_Protection_WP - Jon Toigo
Data_Protection_WP - Jon ToigoEd Ahl
 
Data-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseData-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended Enterprise
NextLabs, Inc.
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program Management
Eryk Budi Pratama
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
Eryk Budi Pratama
 
Data protection services lifecycle approach to critical information protection
Data protection services lifecycle approach to critical information protectionData protection services lifecycle approach to critical information protection
Data protection services lifecycle approach to critical information protection
Aujas Networks Pvt. Ltd.
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uae
RishalHalid1
 
California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)
Happiest Minds Technologies
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
ALI ANWAR, OCP®
 
Enterprise Data Privacy Quiz
Enterprise Data Privacy QuizEnterprise Data Privacy Quiz
Enterprise Data Privacy Quiz
Druva
 
Secure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentsSecure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentse.law International
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving services
CloudMask inc.
 
Big data security
Big data securityBig data security
Big data security
Anne ndolo
 
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...
Fasoo
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data Pribadi
Eryk Budi Pratama
 

What's hot (20)

Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
 
Big Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouBig Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to You
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production Environments
 
Data_Protection_WP - Jon Toigo
Data_Protection_WP - Jon ToigoData_Protection_WP - Jon Toigo
Data_Protection_WP - Jon Toigo
 
Data-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseData-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended Enterprise
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program Management
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
 
Data protection services lifecycle approach to critical information protection
Data protection services lifecycle approach to critical information protectionData protection services lifecycle approach to critical information protection
Data protection services lifecycle approach to critical information protection
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uae
 
California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
 
Enterprise Data Privacy Quiz
Enterprise Data Privacy QuizEnterprise Data Privacy Quiz
Enterprise Data Privacy Quiz
 
Secure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentsSecure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documents
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving services
 
Big data security
Big data securityBig data security
Big data security
 
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data Pribadi
 

Similar to Opteamix_whitepaper_Data Masking Strategy.pdf

Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gap
xband
 
Big data security
Big data securityBig data security
Big data security
Anne ndolo
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancem
IlonaThornburg83
 
Protecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordProtecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of Record
Cor Ranzijn
 
Five_Big_Data_Security_Pitfalls
Five_Big_Data_Security_PitfallsFive_Big_Data_Security_Pitfalls
Five_Big_Data_Security_PitfallsLaris Orman
 
Mitigating Data Security Risks at Broker Dealers
Mitigating Data Security Risks at Broker DealersMitigating Data Security Risks at Broker Dealers
Mitigating Data Security Risks at Broker DealersBroadridge
 
Data security and privacy
Data security and privacyData security and privacy
Data security and privacy
rajab ssemwogerere
 
Looking Beyond GDPR Compliance Deadline
Looking Beyond GDPR Compliance DeadlineLooking Beyond GDPR Compliance Deadline
Looking Beyond GDPR Compliance Deadline
accenture
 
eBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceeBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data Governance
Kim Cook
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data security
Keith Braswell
 
A data-centric program
A data-centric program A data-centric program
A data-centric program
at MicroFocus Italy ❖✔
 
Encrypt-Everything-eB.pdf
Encrypt-Everything-eB.pdfEncrypt-Everything-eB.pdf
Encrypt-Everything-eB.pdf
alexguzman510050
 
Insider's Guide- The Data Protection Imperative
Insider's Guide- The Data Protection ImperativeInsider's Guide- The Data Protection Imperative
Insider's Guide- The Data Protection ImperativeDataCore Software
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for Governments
CloudMask inc.
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx
lorainedeserre
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx
jesusamckone
 
Securing sensitive data for the health care industry
Securing sensitive data for the health care industrySecuring sensitive data for the health care industry
Securing sensitive data for the health care industry
CloudMask inc.
 
Cashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidence
CloudMask inc.
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991Jim Romeo
 

Similar to Opteamix_whitepaper_Data Masking Strategy.pdf (20)

Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gap
 
Big data security
Big data securityBig data security
Big data security
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancem
 
Protecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordProtecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of Record
 
Five_Big_Data_Security_Pitfalls
Five_Big_Data_Security_PitfallsFive_Big_Data_Security_Pitfalls
Five_Big_Data_Security_Pitfalls
 
Mitigating Data Security Risks at Broker Dealers
Mitigating Data Security Risks at Broker DealersMitigating Data Security Risks at Broker Dealers
Mitigating Data Security Risks at Broker Dealers
 
Data security and privacy
Data security and privacyData security and privacy
Data security and privacy
 
Looking Beyond GDPR Compliance Deadline
Looking Beyond GDPR Compliance DeadlineLooking Beyond GDPR Compliance Deadline
Looking Beyond GDPR Compliance Deadline
 
eBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceeBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data Governance
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - Web
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data security
 
A data-centric program
A data-centric program A data-centric program
A data-centric program
 
Encrypt-Everything-eB.pdf
Encrypt-Everything-eB.pdfEncrypt-Everything-eB.pdf
Encrypt-Everything-eB.pdf
 
Insider's Guide- The Data Protection Imperative
Insider's Guide- The Data Protection ImperativeInsider's Guide- The Data Protection Imperative
Insider's Guide- The Data Protection Imperative
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for Governments
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx
 
Securing sensitive data for the health care industry
Securing sensitive data for the health care industrySecuring sensitive data for the health care industry
Securing sensitive data for the health care industry
 
Cashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidence
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991
 

Recently uploaded

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 

Opteamix_whitepaper_Data Masking Strategy.pdf

  • 2. 1. 2. Overview Why Data Masking? 3. The Challenges 4. Our Solution 5. Where to Apply Data Masking 6. How to Apply Data Masking 7. Data Masking in Action 8. Conclusion CONTENTS
  • 3. Overview It is shocking to note that about 3.5 billion people saw their personal data stolen in the top two of the 15 biggest breaches of this century alone. With the average cost of a data breach exceeding $8 million, it is no wonder that safeguarding confidential business and customer information has become more important than ever. Furthermore, with stricter laws and governance requirements, data security is now everyone’s responsibility across the entire enterprise. However, that is easier said than done, and for that reason, an increasing number of organizations are relying heavily on data masking to proactively protect their data, avoid the cost of security breaches, and ensure compliance. This whitepaper aims to give an overview of the world of data masking by uncovering the types, techniques, strategies, and use cases of custom implementations that will help you understand its enterprise potential. As the name implies, data masking (also known as data obfuscation, data anonymization, data munging, data pseudonymization, data scrambling, data scrubbing, etc.), is a process that organizations use to secure their data. The real data is obscured by random characters or other data that covers classified data points from those who do not have permission to view it. 1
  • 4. Why Data Masking? Let us consider the following instances: The primary function of masking data is to protect sensitive, private information in situations where it might be visible to someone without clearance to the information. Organizations copy millions of sensitive data to non-production environments and very few succeed in protecting this data when sharing with external and third-party systems too. Health care organizations share patient data with medical sys- tems or healthcare providers for enhanced availability, the integrity of data on electronic Health Records (eHR), research on clinical trials, efficient medical treatments, etc. Enterprises share data from their production applications with other systems for various business needs, data & business analytics, or to allow a system administrator to test, apply patches, fixes, and run upgrades. Application developers need an environment-mimicking production setting to build and test new features. This helps businesses achieve a competitive advantage and stay up to date. Financial services institutions such as banking, mortgage, insurance, etc. depend on rapid transaction speed and global interconnectivity. Unfortunately, all of their critical support infrastructures like trading platforms, central security depositories, payment and settlement systems, and central counterparties each serve as a single point of failure. Therefore, a security breach at any one of those infrastructures could have far-reaching consequences. 2
  • 5. As you can see, data masking is essential in many regulated industries where business-confidential information must be protected from overexposure. With data masking, sensitive data categories that include protection of intellectual property, personally identifiable information, protected health information, financial information, and payment card information can only be viewed by the people who are authorized to see it and can see only what they should. By masking data, the organization can expose the data as needed to test teams or database administrators without compromising the data or getting out of compliance. The primary benefit of data masking is reduced security risk. Government Laws & Regulations The need to protect data and mitigate the risk of compromising critical and confidential information is at the forefront of governments and enterprises, which is why laws, regulations, and business policies have been built around processes. Data masking is the first step to being in compliance with privacy laws, discretion, and fulfilling the obligations of confidentiality. Some of the regulatory efforts that have been put forth are - The Health Insurance Portability and Accountability Act (HIPAA) which alludes to the protection and confidential handling of protected health information, the Sarbanes-Oxley Act (or SOX Act) aims to protect investors by making corporate disclosures more reliable and accurate and the Payment Card Industry (PCI) Data Security Standard (DSS) which is enforced by Visa and Master Card ensures cardholder data security and adopts data security measures globally. 3
  • 6. The Challenges Organizations have started taking threats to data breaches very seriously and have set out to address these issues as quickly as possible. The typical approaches to data protection such as firewalls, encryption, and passwords fail to sufficiently lock down data. Enterprises today must go beyond traditional security measures and instead opt for a comprehensive data security solution that includes proactive security monitoring at the data level. The idea of merely removing sensitive information from the non-production environment seems to be a simple ask, However, it can pose serious challenges in various aspects. The immediate challenge lies in finding the perfect balance between conformance with privacy laws, discretion, and the obligations of confidentiality. Ensuring data integrity between support and the production environment delivers more value to the business and speeds up releases. Some of the immediate challenges are: Applications are getting more complex and integrated. Knowing where the sensitive information resides and what applications are referencing this information becomes difficult. Because of the ever-evolving nature of applications, maintaining meta-data knowledge of the application architecture throughout its lifecycle also is of concern. Maintaining application integrity, auditing needs, acceptable performance, and reliability while formulating a flexible solution. Since application design is usually not built with the intent of ‘hiding’ sensitive data from specific environments, the analysis of the dependencies on each of the sensitive elements (such as development and testing needs, target user community, location and compliance mandates to name a few), has to be considered. 4
  • 7. Repeated masking and synchronizing poses a challenge when auditing is concerned. Keeping track of what has been changed becomes an important business control requirement to prove compliance with regulations and laws. To implement these types of controls, reporting becomes paramount, along with the separation of duties and role-based permissions. Complexity in introducing data security as a part of the development life cycle as data models and data stores have evolved with time. Providing a flexible solution that can evolve with the application and can be extended beyond the database to logs, XML files, JSON data within an enterprise becomes an important challenge to address. Inherent complexities due to referential nature of data, availability of data in multiple tables in de-normalized databases, distributed data sources. Diversity in environments with a single point of ownership for each application. 5
  • 8. Our Solution Our solution to these challenges regardless of the industry is to apply our Masking Approach that is carried out in the following stages: Discover: Do a thorough discovery of understanding the business, go through the data model, relationship, usage, etc to identify the sensitive data. Assess: : Define the type, the technique, and where to apply the masking to be adopted for the use case and derive the masking definition for each of the data categories. Validate: Utilize the application test suite/automation testing framework to validate the system behavior and security of information. Parameters for Solution Identification Parameters for Solution Identification Apply: Apply the derived masking definition to the data source. Roles Involved: This process will involve the expertise and coordinated effort of DB Admin, Security Admin, Application Development, and Testing team. Business rule Business rule Analyze the underlying business rules of the use case of information. Referential integrity Referential integrity Must maintain the data integrity across tables, databases, and systems. 6
  • 9. Row-Internal synchronization requirement Row-Internal synchronization requirement Similar to referential integrity, however integrity within the row or tuple. Ex. PersonName is the concatenation of FirstName, MiddleName, LastName. Application type Application type COTS or Custom-built: Analyse if there is any ready solution in the market for business case. Cost Cost Must be a cost-effective, yet efficient solution. Turn-around time Turn-around time Ready solution masking might be generic and custom solution can target for a specific case, hence might support reduced cycle time. 7
  • 10. Where to Apply Data Masking Based on where we apply masking, there are two major types: Static and Dynamic data masking Static data masking - This kind is applied to the copy of a single source of data, however, does not limit to the DB but also evolves with log files, XML, JSON, payload files, etc. Admins, typically load data backup into an integrated environment, carry out filtering on the dataset to limit the necessary data needed for testing or business operation, and apply data masking at static and then push to the intended environment. Dynamic data masking - Dynamic Data Masking, applied on one record at a time, at runtime, dynamically, and on-demand. This process is crucial in enabling continuous deployment for huge integrated applications by avoiding the time spent on creating backup and load to a special copy of the database. Systems where there are feeds from production at a constant pace to development making it complex to remain compliant, on-the-fly data masking becomes essential in such cases. Further, on-the-Fly data masking happens in the process of transferring data from environment to environment without data touching the disk on its way. 8
  • 11. How to Apply Data Masking Data Masking depends on your business needs and rules, as well as applicable data privacy law(s). At a technical level, that usually means deciding how the resulting masked data or, ciphertext needs to appear, if it needs to be reversible or unique, how secure it is, and possibly, what kind of resources and time are available for the process. Some of the various techniques are: Substitution Shuffling Number and Data Variance Encryption Masking Out Nulling out or Deletion 1. Preserves the authentic look and feel of the data records 2. Ability to apply customized data substitution sets. 1. Derives the subsititution set from the same column of data that is being masked. 2. Data is randomly shuffled within the column. 1. Number variance applied could br around =/- 10%. 2. Applying a random numeric variance of +/-120 days to date fields. 1. Requires that a “key” be applied to view the data based on user rights. 1. Applying null value to a perticular field. 2. Lessens the degree of data integrity that is maintained in the masked data set. 1. Character scrambling or masking out of certain fields, SSN: XXX-XX-1234 9
  • 12. Data Masking in Action Opteamix successfully performed the Data Masking Analysis and defined strategies for one of the leading US-based Human and Health Services providers whose business involved crucial and critical rules and regulations for the protection of PII/PHI information. The business needed a solution that would mask sensitive information, retain referential integrity, maintain row internal synchronization, enable continuous deployment of the applications all while reducing time and DBA workload. A number of their existing applications were data masked as a security-related solution provided by their vendors. However, because of the sheer size of the application, problems arose in the form of high turnaround time and restrictions on certain data records which were either nullified or filtered out even though they were crucial in running the business in onsite-offshore model. To find a solution to the above-mentioned problem, it was important to recognize the fact that a single solution might not be feasible in this situation. We had to come up with a solution that can leverage people, processes, and technology for easy integration. Our study included-analysis of production issues, mimicking systems for an exact production-like environment of test and dev, covering tests for patch/fixes/upgrades, quick turn-around test, and development environment provisioning, etc With the out-of-the-box pre-defined masking algorithms, masking common sensitive information, such as social security numbers, emails, credit card numbers, etc. reduced significant time in constructing from scratch. COTS applications can be masked with ready market solutions. Solution Options 1. Data Masking Solution for COTS like ATS, ERP, and/or CRM products: Usage of ready market solutions like: DATPROF Data Masking Tool, Delphix, Oracle solution. 10
  • 13. Scenarios where applications have free text of audit notes, logged information, operation team’s & application’s notes, structured text like Payload, JSON and/or XML, etc. Due to this complexity, there is a strong need for an Inhouse custom or Hybrid solution after performing the various stages of masking approach of discovery and assessment We recommended, Static data masking considering the complexity, cumbersome steps, and tools involved in other types for similar products for one of the Product for supporting US Health Care services. 2. Data Masking Solution for Inhouse Products & Applications with Free text and Structured JSON/XML Analysis of existing scripts if any Approach based on recommendation Prepare masking scripts using tool and/or custom process Validate masking scripts Baseline scripts ready Initial Iteration Representation of Incremental approach Identified Techniques to be used are: Substitution, Masking, Numeric/Date Variance and Nulling. 11
  • 14. Take a scenario where application production support is performed by offshore consultants, lending their expertise towards batch job executions, patches, DB upgrades, and data fixes to resolve issues for the operations team. During this process, people who are not authorized to see certain data are privy to lots of information that most often is of a sensitive nature. Due to the ongoing Pandemic and remote working, this process has become more vulnerable to security threats. To mitigate this risk, we carried out the various stages of the masking approach of discovery and assessment and provided the following options to solve the problem: Data Redaction: Users working on Data fixes are provided with specialized user role and access and rendered with redacted data from DB Client on the execution of SQL queries against the PII/PHI information holding DB tables. Example: Email Address of JohnMary123@abc.com can be rendered as JxxxMxxxxx@abc.com or xxxxxxx@xxx.com for the unauthorized user. Use of Datebase Views: Designed exclusive user roles and permissions for the DB access users and created DB views for the tables which are needed, without the PII/PHI holding columns for Production Support. Application code changes: Application side code changes for the UI layer to use CSS styles and HTML and JavaScript functions to render masked data for the sensitive information on to the web-application. Validate masking scripts Incremental scripts ready Subsequent Iteration Analyse baseline scripts and identify gaps Prepare scripts using tools and/or custom process 12
  • 15. Conclusion With stricter laws and governance requirements, data security is now a concern across industries. Data masking is not domain- specific and offers organizations of all sizes a highly effective method to address data protection. It can be adopted to suit any business needs, enabling organizations to proactively secure corporate data, improve data security compliance, and lower costs associated with data breaches that are simply too great for any organization to ignore. While it may require a change in mindset in how data is secured, data masking can swiftly reduce the risk of data breaches. Organizations must have a well-defined strategy in place to discover, assess, apply, and validate the right Data Masking process based on business needs. As customer and organization data and other sensitive information are hidden, a large number of malicious and accidental threats are simply eliminated, helping to protect organizations from the very real threats of insider data leakage or theft. 13
  • 16. www.opteamix.com Visit us at USA 9609 S. University Blvd., #631994 Littleton CO 80163 ++1 303 683 6454 +91 80 4667 1666 INDIA Brigade Software Park A Block, 2nd Floor #42, 27th Cross Road Banashankari Stage II Bengaluru 560070 Opteamix is a digital automation technology consulting firm with deep expertise in Application Development, Robotic Process Automation, AI, DevOps, Enterprise Mobility, and Test Automation Services. We are headquartered in Denver, Colorado with a wholly-owned delivery center in Bangalore, India. Contact Us