1 / 26

Agenda

Data Masking - The need. Data theft - Statistics. Objectives & Benefits. Features. Masking Techniques. Q&A. Agenda. Exposing sensitive information while sharing non-production data during Outsourcing. Legal consequences due to data theft by insiders and external vendors. Unauthorized.

opa
Télécharger la présentation

Agenda

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Masking - The need Data theft - Statistics Objectives & Benefits Features Masking Techniques Q&A Agenda

  2. Exposing sensitive information while sharing non-production data during Outsourcing Legal consequences due to data theft by insiders and external vendors Unauthorized Increasing number of regulations & policies governing Data privacy access of confidential data by insiders Data Masking – The Need Business Challenges/Risks

  3. Secure Zone • Production environment • Strict access restrictions Potential Risk Area • Non - Production environment • Looser access controls • Vulnerable to security attacks Data Masking – The Need

  4. Insider Threat to Compliance and Privacy 90% of major corporations detected security breaches 70% of corporations detected unauthorized access by insiders Myth: Hackers cause most security breaches Fact: “Disgruntled employees and other insiders accounted for more than 70% of the cyber attacks” Statistics - The ‘Insider Threat’ Reference – Computer World

  5. Security Layers Network Security Network Security OS Security OS Security Application Security Application Security Data Application Security Application Security OS Security OS Security Network Security Network Security Unauthorized Insider Access

  6. Privacy Compliance Legislations Organizations today face a growing number of regulations that mandate the accuracy, protection and privacy of data across the enterprise Canadian – Personal Information Protection And Electronic Documents Act (2001) All companies doing business in Canada AUS Privacy Act (2000) All companies doing business in AUS Sarbanes Oxley All U.S. public companies and private foreign issuers Gramm-Leach Bliley (1999) Banks and financial services companies doing business in U.S. UK Data Protection Act (1998) All companies doing business in UK European Data Privacy Directive (1998) All companies doing business in Europe handling PII HIPAA(1996) Healthcare & Insurance All U.S. businesses handling medical records 2002 1995 2004

  7. Employee Information • SSN • Name • Date of Birth • Contact Information • Pay components • Bank Account Number • Credit Card Number University Research • Grades • Student Financial Numbers • Financial Aid/Grants • Funding/Sponsorship information • Human subject information Health Care/Medical • Patient name • Medical record numbers • Health Plan Beneficiary Numbers Examples of sensitive data Common Sensitive Information Sector-wise Sensitive Information

  8. Application data integrity Objectives Business Benefits No impact on existing functionality of Application – No additional cost Protection of employee data Adherence to data privacy legislations Opens the avenue for Outsourcing – Results in cost reduction Create de-identified production database copies Availability of realistic data post-masking High quality data is available for testing – Delivery excellence De-identify sensitive data for internal use Reduces the overhead of implementing internal security access policies Objectives & Business Benefits Akiva

  9. Copy of Production Production database Cl i e nt zone Vendor zone Akiva EMPLID – FN1355 NAME - Kevin Peterson SSN - 231-28-1046 Email - kevin.peterson@ domain.com EMPLID – LU2947 NAME - Tom Fabris SSN - 643-75-9912 Email - employee@ company.com Copy of Production Where does Akiva fit in? Unmasked data Masked data

  10. Application-centredmasking • Akiva understands the complete Application Architecture • Masking is performed after taking into consideration, the Business Processes and functionality in the Application • Akiva is customizable - to suit custom built or home-grown Enterprise applications • Akiva guarantees consistency post-masking Application Focus

  11. Features Platform and Database Supports Unix and Windows platforms and runs on Oracle database MaskingAlgorithms User can mask in numerous ways using inbuilt algorithms in Akiva Multi-threading Supports parallel execution to reduce runtime Previewmasking See a preview of the masked data before actual masking Subset masking Masks only a selected set of tables Key field masking Supports masking of all key fields without any impact Flexibility Ability to choose any sensitive data across the enterprise Reusability Masking configurations can be reused for multiple runs Batch Processing Akiva can be run from the command line as a batch process

  12. Features...Continued Data Integrity No impact on Business Processes Realistic Data Data post-masking is realistic and fully functional Database Level Security Security permissions of Akiva are same as those privileged by the database Flat File masking Facilitates flat file masking Ability to handle Customization Takes care of customizations in the application while masking Mask it your way Create your own masking algorithm User interface Simple, intuitive and user-friendly web interface

  13. Features • Algorithm • Scramble • Sequence number generator • Pattern generator • Combo Shuffle • Generic shuffle • Blank out • Replacement • SSN generator • Luhn generator • Rule based algorithm • Country based name lookup • Additional functions • Scheduler • Profiling • Multi threading • Schedule monitor • Masking preview • Key field masking

  14. Before Masking EMP ID First Name Last Name Name KU001 John Adams Adams, John KU002 Kevin Peterson Peterson, Kevin After Masking LZ001 Kandy Obrien Obrien, Kandy EMP ID First Name Last Name Name KU001 Rob Bonner Bonner, Rob KU002 Samuel Gilberto Gilberto, Samuel LZ001 Emily Pearson Pearson, Emily Masking Techniques Masking Techniques 2 Shuffle Replace sensitive values with meaningful, readable data Sample fields Employee Name information, Address details

  15. Before Masking EMP ID Phone Number KU001 608/831-0103 KU002 847/729-5711 LZ001 614/834-1247 After Masking EMP ID Phone Number KU001 KU002 LZ001 Masking Techniques Blankout Simply replaces a field with a value of “ ” or 0 Sample fields Employee Address details, Phone Number

  16. Before Masking EMP ID Email Address KU001 John.Adams@domain.com KU002 Kevin.Peterson@domain.com LZ001 Kandy.Obrien@domain.com After Masking EMP ID Email Address KU001 employee@company.com KU002 employee@company.com LZ001 employee@company.com Masking Techniques Replacement Simply replaces a field with a supplied static value Sample fields Email Address, Phone Number

  17. Before Masking EMP ID First Name Last Name Name KU001 John Adams Adams, John KU002 Kevin Peterson Peterson, Kevin LZ001 Kandy Obrien Obrien, Kandy After Masking EMP ID First Name Last Name Name KU001 Larry McKinley McKinley,Larry KU002 Michael Conrad Conrad, Michael LZ001 Angeline Julia Julia, Angeline Masking Techniques Masking Techniques 2 Lookup Replace employee names and addresses choosing from an inbuilt repository of over 200,000 names Sample fields Employee Name information, Address details

  18. Before Masking EMP ID SSN KU001 002-01-0001 KU002 152-08-2397 LZ001 304-25-9151 After Masking EMP ID SSN KU001 513-01-0270 KU002 513-01-0421 LZ001 513-01-0087 Masking Techniques SSN Generator Generate valid US Social Security Numbers for all employees Sample fields SSN, NATIONAL_ID

  19. Before Masking EMP ID Credit Card Number KU001 4552 7204 1234 5677 KU002 4302 1519 0076 5981 LZ001 5588 3201 2345 6783 After Masking EMP ID Credit Card Number KU001 5490 1234 5678 9128 KU002 5219 4473 6058 2919 LZ001 4119 6175 2805 4704 Masking Techniques Luhn Generator Generatenumbers satisfying Luhn checksum condition Sample fields Credit Card Number

  20. Before Masking EMP ID DEP_ID KU001 FN5297 KU002 FN1149 LZ001 FN3056 After Masking EMP ID DEP_ID KU001 PU0100 KU002 PU0101 LZ001 PU0102 Masking Techniques Sequence Number Generator Generate alphanumeric sequences in order

  21. Before Masking EMP ID COMPRATE KU001 753 KU002 309.12 LZ001 855.47 After Masking EMP ID COMPRATE KU001 527.34 KU002 670.05 LZ001 138.59 Masking Techniques Random Number Generator Generate numbers in random

  22. Before Masking EMP ID MEMBERSHIP_ID KU001 121 KU002 242 LZ001 917 After Masking EMP ID MEMBERSHIP_ID KU001 253 KU002 501 LZ001 716 Masking Techniques Pattern Generator Generates a set of numbers based on user-defined pattern A SAMPLE PATTERN Requirement MEMBERSHIP_ID - 3 digit numbers satisfying the condition (Hundredth digit + Tenth Digit ) > Units Digit Example A valid number is 253, (2+5) > 3 An invalid number is 129, (1+2) < 9 Steps The requirement can be interpreted and broken down into the following steps (Digits are numbered from left to right). Step 1: S1 = Digit 1 + Digit 2 Step 2: S2 = S1 > Digit 3

  23. Masking Techniques SAMPLE RULE 2 – FIELD RELATIONSHIP DEFINITION Requirement Mask all the pay details of employees Define Relationship between fields NP – Net Pay GP – Gross Pay BP – Basic Pay HRA – House Rent Allowance DA – Dearness Allowance Step 1: NP = GP - Tax Step 2: Tax = 20% GP Step 3: GP = BP + HRA + DA Step 4: HRA = 50% BP Step 5: DA = 10% BP SAMPLE RULE 1 – CUSTOM MASKING ALGORITHM Requirement Decrease the Compensation Rate Code field value by a fixed percentage. Define custom masking algorithm COMPRATE – Compensation Rate Code field Step 1: Step 1 = 30% of COMPRATE Step 2: COMPRATE = Step 1 Rule based masking Consistently masks the database based on rules/custom masking algorithms definedby the user.

  24. Before Masking EMP ID BP DA HRA GP NP KU001 10000 1000 5000 16000 12800 KU002 10526 1052.6 5263 16841.6 13473.2 LZ001 11000 1100 5500 17600 14080 After Masking EMP ID BP DA HRA GP NP KU001 54320 5432 27160 86912 69529.6 KU002 54831 5483.1 27415 87729.6 70183.6 LZ001 56320 5632 28160 90112 72089.6 Masking Techniques Rule based masking sample data

  25. Q&A Thank You akiva@hexaware.com

More Related