DMsuite Static & Dynamic Data Masking Overview
-
Upload
axis-technology-llc -
Category
Technology
-
view
1.059 -
download
2
description
Transcript of DMsuite Static & Dynamic Data Masking Overview
© Copyright 2013 Axis Technology, LLC
DMsuite DMsuite Data Masking Overview Data Masking Overview
know your data • protect your data • share your data
DMsuite™ is the proprietary data masking software product by Axis Technology Software, LLC.
With DMsuite you can profile, mask, audit, provision and manage your data in a standardized, automated manner. It acts like a water filter, working behind the scenes to replace sensitive data with fictitious data when you copy it out of your production environment. DMsuite represents a major advance over existing one-off scripts to a fully automated, repeatable process.
You need data masking when you:• Copy sensitive data outside of production environments
• Move your test data to the cloud
• Leverage off-shore development/consultants
• Send data to the vendors
• Need regulatory compliance (HIPAA, PCI DSS)
• Respond to that audit item
Static Data Masking for TestingWhat is it?
Ensure that Test Environments contain robust test data that has the same characteristics as production without containing any sensitive information
Benefits
Internal and 3rd Party developers and testers are free from concerns about data breaches.
Production Database
Real DataMasked
Test Database
Masked Data
4
Migration to CloudWhat is it?
Organizations want to take advantages of the benefits of cloud computing, but are concerned about data security.
Benefits
Moving masked test data to the cloud, can provide the benefits of cloud computing to an organization, without the threat of a data leak.
Production Database
Real DataMasked
Test Database
In the Cloud
Masked Data
5
TrainingWhat is it?
In both BPO and Internal Training situations, students need to have a robust set of data to simulate real world processing
Benefits
BPO providers and Testing organizations can simulate real world situations without exposing sensitive data
Production Database
Real DataMasked
Test Database
Masked Data
6
Bringing on New ClientsWhat is it?
New clients for Prime Broker, Family Office and other areas require testing prior to going live.
Benefits
Utilizing DMsuiteTM can facilitate testing while ensuring that sensitive data is protected.
Masked Test
Database
Masked Data
7
Masked Data
Masked Data
Internal System
Protection from HackersWhat is it?
Hackers pose a great threat to an organization’s data. Many firms house sensitive data in their non-production environments.
Benefits
Hackers who gain access to masked environments, come away with NOTHING.Organizations can focus their efforts on production environments.
Production Database
Real DataMasked
Test Database
Masked Data
8
AnalyticsWhat is it?
Organizations are compiling data from various sources and running them through analytical models.
Benefits
Utilizing DMsuiteTM can facilitate testing while ensuring that sensitive data is protected.
Masked Test
Database
Masked Data
9
Masked Data
Masked Data
Analytical System
DMsuite™ Static Data Masking DMsuiteTM replaces sensitive data with fictitious but realistic data so only
masked data flows through your organization.
DMsuite™ Dynamic Data Masking
SQL Server or MySQL
Real (Unmasked) Values Masked Values
3307
3306
Name: XXXXXXXXXID Number: XXXX XXX XXXX XXX
Status: ActiveLast Activity: January 3rd, 2013Last Activity Type: A78
Name: John SmithID Number: 1234 123 5678 789
Status: ActiveLast Activity: January 3rd, 2013Last Activity Type: A78
Data on the database is not changed.Values are masked on their way to the UI.Can be applied to any field.Dynamic data masking only affects select queries and bypasses insert and update queries
Names, Phone, Email Medicaid Number Address
• Street address, Zip+4• Care of…, Attn: ...
SSN or other national identifier Birth date and other dates Credit card #, bank account # Comment fields Customer ID Internal sequence keys
CUSTOMER PII & PATIENT PHI
Pricing, M&A, Contracts Confidential/Top Secret Provider Contracts Actuarial Calculations Security Identifiers CUSIP, ISIN,
SEDOL trade date Financials
• Price, quantity, legal fees, vendor payments
Assets/holdings
Employee or Corporate ID Salary, Benefits HR status
(termination, personnel issues)
Family data Manager information Cost Center data
Who Needs to Mask What DataAny Businesses Falling Under
HIPAA - Healthcare and Pharmaceutical are required to secure Patient Health InformationPCI DSS: Credit Card Industry StandardState privacy laws - All companies must follow their own similar to Senate Bill No 1386 – State of California
Gramm-Leach-Bliley Financial Services Modernization Act (1999) Sarbanes-Oxley Act (2002) CANADA: Jan 2005 – Personal Information Protection and Electronic Documents ActJAPAN: Apr 2005 – Personal Information Protection Law FRANCE: Oct 2005 – Computing and Liberties Act
TYPE I TYPE II
COMPANY SECRETS
TYPE IIICompany Data
EMPLOYEE
DMsuite provides clients with a smart way to secure sensitive data, making it suitable for a large set of tasks without incurring unnecessary risks
– Reduces Risk of Breach• Masked data is suitable for numerous business activities. The fewer places real data
is stored the lower your risk of a breach.– Reduce by up to 80% the work required to Identify sensitive data
• DMsuite Profiler automates Identification of Sensitive Data across databases, copybooks, and files where your sensitive data is stored.
– Ideal for Test Data Management (TDM)• Automatically mask production data, with no need to do any programming.
– Enables Data Sharing• Share masked data quickly with partners, offshore and outside vendors .
– Lowers DBA, Application Development and Testing Costs • With fewer databases to secure and faster data provisioning, reduce your costs to
secure sensitive data (vs. Lockdown controls).– Masks ERP and other packaged software
• PeopleSoft, Oracle E-Business Suite, Lawson, SAP, Salesforce.
DMsuite Value Proposition
DMsuite FeaturesA meta-data driven data masking product that automates a repeatable masking framework with powerful features and algorithms. “Shovel Ready” - Supports rapid implementation for a business unit and scalability for the enterprise.Patented 5th-generation masking algorithms designed to mask your data consistently, no matter where or how it is stored.Pre-populated profiles to get your masking program up and running quickly.Uses secure platform-independent technology (Java, XML). Conforms to your data refresh processes.Broad coverage of relational, file masking, big data, and mainframe required for all size enterprises:
• Automatic Referential Integrity for all of the supported persistence types
Integration features include working with LDAP & Microsoft Active Directory, Kerberos & SiteMinder
DMsuite™ Masks…and keeps referential integrity across all of them
Test Data ManagementDMsuite™ data masking enables:
– Test Data Management - the risk of a data breach in nonproduction environments is eliminated while still providing the highest quality test data for software development.
– Outsourcing, typically puts production data in nonproduction environments for testing, putting client data at risk if it’s not masked.
– Consulting companies are getting resistance from their clients regarding accessing sensitive data, since they may work for their clients’ competition as well.
– Break/Fix - If a vendor application breaks, fixes can be developed using masked data, eliminating the risk of exposure.
DMsuite ROI
withoutDMsuite™
TMwithDMsuite™
TM
Effort
Time
Program Inception
Business as Usual Begins
Periodic Audit Legend:
Automated Analysis
Automated Change Capture
Automated Audit
Safe Re-Masking
• Targeted at Information Security professionals, no need to hire additional developers or DBA’s• No impact on Developers because no programming is required!• Makes the DBA’s life easier - only needed for initial configuration• Analysts can identify sensitive data quickly with the DMsuite™ Profiler• Auditors receive DMsuite™ Certification reports to show what data has been masked
DMsuite 5-Step Process
Application Database with real
Production Data
Target Environment with Masked
Data
Step 1Identify
Step 2Select
Step 3Validate
Step 4Implement
Step 5Certify
DM Profiler DM Manager DM Generator
DM Applicator
DM Auditor
1
2
3
4
5
DM Profiler automatically identifies the location of your sensitive data and assigns masking algorithms.
DM Manager is the web application that allows users to manage the masking process or, just click a button to mask your data!
DM Generator reads the sensitive data inventory that you built with DM Profiler and DM Manager and generates XML code targeted to your environment.
DM Applicator runs the code created by DM Generator on the target platform: typically the DMsuite™ internal engine or other commercial tools.
DM Auditor runs Certification jobs that monitor data security. You set up alerts to notify you if any masked data becomes "polluted" with unmasked data.
DMsuite SupportAxis provides world-class support through our DMsuite™ Customer Support Center
– Clients can contact the support center directly:
• Toll-free phone , E-mail and Online – Customer Support Plans
• Standard– Monday-Friday, Standard business hours
• Silver– Monday-Friday, Extended business hours
• Gold– 24/7 support– Dedicated support specialist– Direct access to DMsuite Product team
– All customer support plans include• Direct access to a Customer Support Specialist• Access to our online customer support center 24/7• Product updates
© Copyright 2013 Axis Technology, LLC
know your data • protect your data • share your data
www.AxisDMsuite.com
Thank You!
70 Federal StreeetBoston, MA 02110(857) 445-0110