Friday, May 27, 2011

What is Data Masking ?

Data masking is the process of protecting sensitive information in non-production databases from inappropriate visibility. After sanitization, the database remains perfectly usable - the look-and-feel is preserved - but the information content is secure. The Data Masker software provides a simple, repeatable and "push-button" method of scrambling data in test systems.

It is important to be aware that data masking is appropriate to more than just personal details – sometimes business confidential information is appropriate for masking as well. For example, it may be desirable to prevent quarterly sales figures for some products being present in an outsourced test database.

Why Mask Data ?                                                                                                                                      
1.) Legal Requirements :  The regulatory environment surrounding the duties and obligations of a data holder to protect the information they maintain are becoming increasingly rigorous in just about every legal jurisdiction. It is a pretty safe assumption that the standards for the security and maintenance of data will become increasingly strict in the future .

2.) Loss of Confidence And Public Relations Disasters :   It can reasonably be said in most locations, that if a data escape happens at our organization, then the formal legal sanctions applied by governmental bodies is not the only problem we will be facing. Possibly it may not even be the biggest of our immediate worries.

3.) Malicious Exposure :    Most people think the major risk to the information they hold is external entities (and organized syndicates) out to break in and steal the data. The assumption then follows that protecting the network and firewalls is the appropriate and sufficient response. There is no denying that such protection is necessary – however it has been shown that in many cases the data is stolen by malicious insiders who have been granted access to the data

4.) Accidental Exposure :   The risk of accidental exposure of information is often neglected when considering the security risks associated with real test data. Often it is thought that “there is no point in masking the test data because everybody has access to production anyways”. Not so, the risks associated with an accidental exposure of the data remain. Often just masking the most sensitive information (credit card numbers, customer email addresses etc) is enough to somewhat mitigate the damage associated with accidental exposure and the masked databases remain just as functional.

What Data To Mask :

I.) Light Masking on a Bug-Fix or Fire-Fighting Database .

II.) Medium Masking on Internal Development Databases .

III.) Thorough Masking on an Outsourced Database .

Is My Data Too Complex to be Masked ?
Not likely. Data Masker handles even the most intricate data structures. It can preserve data relationships between rows in tables, between rows in the same table or even internally between columns in the same row. Data synchronization issues of this type can be automatically handled by the addition of simple, easily configured masking rules. Don't worry about the size of the data either - Data Masker has successfully masked tables containing hundreds of millions of rows.

What Platforms and Databases does Data Masker Support ?
Oracle, SQL Server and DB2 UDB versions are available. The Data Masker software is installed on a Windows PC and operates on both local and remote databases. There are no server side components for any Data Masker version. Oracle versions 9i, 10g, 11g, Sql Server versions 2000, 2005, 2008 and DB2 UDB (LUW) versions 8.2 or greater are supported.

Enjoy     :-)

No comments: