Data masking

Data masking

Data masking is the process of obscuring (masking) specific data elements within data stores. It ensures that sensitive data is replaced with realistic but not real data. The goal is that sensitive customer information is not available outside of the authorized environment. Data masking is typically done while provisioning non-production environments so that copies created to support test and development processes are not exposing sensitive information and thus avoiding risks of leaking. Masking algorithms are designed to be repeatable so referential integrity is maintained.

Common business applications require constant patch and upgrade cycles and require that 6-8 copies of the application and data be made for testing. While organizations typically have strict controls on production systems, data security in non-production instances is often left up to trusting the employee, with potentially disastrous results.

Creating test and development copies in an automated process reduces the exposure of sensitive data. Database layout often changes, it is useful to maintain a list of sensitive columns in a without rewriting application code. Data masking is an effective strategy in reducing the risk of data exposure from inside and outside of an organization and should be considered a best practice for curing non-production databases. It can be done in a copy THEN mask approach or a mask WHILE copy approach (the latter is branded as Dynamic Data Masking in some products).

Contents

Requirements

Effective data masking requires data to be altered in a way that the actual values cannot be determined or re-engineered, functional appearance is maintained, so effective testing is possible. Data can be encrypted and decrypted, relational integrity is maintained, security polices can be established and separation of duties between security and administration established. Common methods of data masking includes: encryption/decryption, shuffling, masking (i.e. numbers letters), substitution (i.e. All female names = Julie), nulling (####) or shuffling (zip code12345 = 53412).

Data Masking Techniques

Substitution

The Substitution technique replaces the existing data with random values from a pre-prepared dataset.

Shuffling

The Shuffling technique uses the existing data as its own substitution dataset and moves the values between rows in such a way that the no values are present in their original rows.

Number and Date Variance

The Number and Date Variance technique varies the existing values in a specified range in order to obfuscate them. For example, birth date values could be changed within a range of +/- 60 days.

Encryption

The Encryption technique algorythmically scrambles the data. This usually does not leave the data looking realistic and can sometimes make the data larger.

Nulling Out Or Deletion

The Nulling Out technique simply removes the sensitive data by deleting it.

Masking Out

If two tables contain the columns with the same denormalized data values and those columns are masked in one table then the second table will need to be updated with the changes. This technique is called Table-To-Table Synchronization.

References


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • Data security — is the means of ensuring that data is kept safe from corruption and that access to it is suitably controlled. Thus data security helps to ensure privacy. It also helps in protecting personal data. Data security is part of the larger practice of… …   Wikipedia

  • Data mapping — Data transformation/Source transformation Concepts metadata · data mapping data transformation · model transf …   Wikipedia

  • Data Field Masking —   [dt. Datenfeldmaskierung], Datenfeld …   Universal-Lexikon

  • Data compression — Source coding redirects here. For the term in computer programming, see Source code. In computer science and information theory, data compression, source coding or bit rate reduction is the process of encoding information using fewer bits than… …   Wikipedia

  • masking —    1. A method of transforming one set of data into another while blocking or excluding some data from this process on the basis of code patterns or position.    2. Protecting part of an image from change while manipulating the area around or… …   IT glossary of terms, acronyms and abbreviations

  • Audio compression (data) — For processes which reduce the amount of time it takes to listen to and understand a recording, see time compressed speech. Audio compression is a form of data compression designed to reduce the size of audio files. Audio compression algorithms… …   Wikipedia

  • Sound masking — For other uses of masking , see Masking (disambiguation). Sound masking is the addition of natural or artificial sound (such as as white noise or pink noise) into an environment to cover up unwanted sound by using auditory masking. This is in… …   Wikipedia

  • Aperture masking interferometry — is a form of speckle interferometry, allowing diffraction limited imaging from ground based telescopes. This technique allows ground based telescopes to reach the maximum possible resolution, allowing ground based telescopes with large diameters… …   Wikipedia

  • Cactus Data Shield — (CDS) is a form of CD/DVD copy protection for audio compact discs developed by Midbar Tech now owned by Macrovision. It has been used extensively by EMI and BMG and their subsidiaries, see Copy Control. CDS relies on two components: multiple… …   Wikipedia

  • CDMF — In cryptography, CDMF (Commercial Data Masking Facility) is an algorithm developed at IBM in 1992 to reduce the security strength of the 56 bit DES cipher to that of 40 bit encryption, at the time a requirement of U.S. restrictions on export of… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”