Upload File

Download - Imperva Camouflage Data Masking Brief Dec 2015 V2 · Imperva Camouflage Data Masking Reduce the risk of non-compliance and sensitive data theft Sensitive data is embedded deep within

Transcript
Page 1: Imperva Camouflage Data Masking Brief Dec 2015 V2 · Imperva Camouflage Data Masking Reduce the risk of non-compliance and sensitive data theft Sensitive data is embedded deep within

ImpervaCamouflageDataMasking

Reducetheriskofnon-complianceandsensitivedatatheftSensitivedataisembeddeddeepwithinmanybusinessprocesses;itisthefoundationalelementinHumanRelations,sales,andstrategicanalysissystems.Thebusinesscannotfunctionwithoutenablingaccesstothisinformation.Theproblemisthatthisinformationisequallyvaluabletothebadguys–hackers,disgruntledormisguidedinsidersandcompetitors.Complianceregulationsrecognizethevalueofsomeofyoursensitivedata,includingpersonallyidentifiableinformation,butyourorganizationhasvastamountsofsensitiveinformationthatisnotsubjecttoregulation.Yourchallengeistoprotectallofthesensitiveinformationanddemonstratecompliancewiththeapplicableregulationinacost-effectivemannerthatfitsyourbusiness’sprocessesandresources.

TheImpervadatasecurityportfolioispurpose-builttoprovideyouwithsecurityandcompliancecapabilitiesthatmeetaddressabroadrangeofusecasesacrossdatabases,files,useractivity,BigDataandcloud-basedsystems.TheImpervaCamouflageDataMaskingsolutionwillreduceyourriskprofilebyreplacingsensitivedatawithrealisticfictionaldata.Thefictionaldatamaintainsreferentialintegrityandisstatisticallyaccurateenablingtesting,analysisandbusinessprocessestooperatenormally.Theprimaryuseofthismaskingisfordatainnon-productionsystems,includingtestanddevelopmentsystemsordatawarehousesandanalyticaldatastores.Anothersetofcandidatesfordatamaskingisbusinessenablersthatrequiredatatoleavethecountryorcompanycontrol,suchasoff-shoreteamsoroutsourcedsystems.TheImpervaCamouflageDataMaskingsolutionwillnotonlyprotectdatafromtheft,itwillhelpensurecompliancewithregulationsandinternationalpoliciesdictatingdataprivacyandtransport.

• Discoveranddocumentsensitivedataanddatarelationshipsacrosstheenterprise

• Reducethevolumeofsensitivedatainnon-productionsystems

• Facilitatedatatransportforoutsourcingorcompliancewithinternationalprivacyregulations

• Enableuseofproductiondataindevelopmentandtestingwithoutputtingsensitivedataatrisk

• Trackchangesandgeneratecompliancereportsateachdatarefresh

• Preventsensitivedatalossfromnon-productionsystems

DataMasking:AbaselinedatasecuritymeasureLikeothertraditionalsecuritytoolsdevelopedtoaddressaspecificchallenge,datamaskingisevolvingbeyondthetraditionalusecaseinapplicationdevelopmentandtestingtobecomeastrategicelementinanintegratedsecurityinfrastructure.TheGartnerMarketGuideforData-CentricAuditandProtectioncategorizesdatamaskingasakeydataprotectioncapabilitythatshouldbepartofanorganization’sdatasecuritygovernance“shortlist”.1Thereasonissimple:datamaskingpreventsaccesstosensitivedatawhileenablingtesting,analysis,andbusinessprocesses.

Whenevaluatingdatamasking,youwilllikelyinvestigatebothdynamicandstaticmasking.Staticdatamaskingisprimarilyusedonnon-productiondatabasesandispermanent;dynamicmaskingisusedonproductiondatabasesandistemporary.Whileeachmaskingservesapurpose,staticdatamaskingissignificantlyeasierandfastertodeployandmanagelong-term.Staticmaskinghasnoimpactontheproductionsystemperformance;thereisnoriskofcorruptingtheproduction

1GartnerReport:G00276042;MarketGuideforData-CentricAuditandProtection,December15,2015,

Page 2: Imperva Camouflage Data Masking Brief Dec 2015 V2 · Imperva Camouflage Data Masking Reduce the risk of non-compliance and sensitive data theft Sensitive data is embedded deep within

data.TheImpervaCamouflageDataMaskingsolutionisastaticdatamaskingtoolthatpermanentlyprotectsdataandreducesexposuretocompliancerequirements.

DataMaskingBestPractices

Designingasustainablestaticdatamaskingsolutionrequiresanunderstandingofthesourcedataandthedependenciesonthatdatasetacrosstheorganization.ThisunderstandingwilldrivethemaskingpoliciesandintegrationofmaskingintotheexistingITandbusinessprocesses.Theresultingframeworksupportsarepeatableprocessthatminimizesresourcerequirements,reducesriskandimprovescompliancewithregulatoryrequirements.

Discover:Retrieveandanalyzesensitivedata

ThegoaloftheDiscoverphaseistoidentifydatathatneedstobemaskedinordertoprovidesufficientprotectionwithoutcompromisingdatautility.ThisstageinvolvesdocumentationofrequirementsandeducationontheimplicationsofmaskingnecessaryforthecreationofconfigurationsduringthePolicystageoftheDataMaskingBestPractice.Automateddiscoveryofsensitivedataisakeyfactorinminimizingdeploymenttimesandlong-termsuccess.

AssessandClassify:Establishcontextforsensitivedata

TheAccessandClassifyphaseareintendedtoestablishcriteriathatwillaidindetermininghowtomaskthedata.IncludingthecodificationofthecontextualinformationdeterminedduringtheDiscoverphase,thesensitivityofvariousdata,itsintendeduse(s),thetransformationrequirementsandanyinter-databasedependencies.

SetPolicy:Createdatamaskingconfigurations

ThegoalofthePolicyphaseistocreatedatamaskingconfigurationsbaseduponcustomer-specificfunctionalmaskingrequirementsdefinedinpriorphases.Includingplansandrequirementsforintegratingdatamaskingconfigurationsintotheoveralldatarefreshprocessfornon-productionenvironments.Thisphasealsoprovidesanopportunitytodevelopdatamaskingschedulesandestablishappropriatechangemanagementprocesses.Datamaskingsoftwarethatiseasy-to-use,flexibleandscalableiscriticalforaccommodatingvaryingandoftencomplexrequirements.

Deploy:Integratedatamaskingintheexistingprocesses

TheDeployphaseisintendedtotransitiondatamaskingintotherefreshprocessfornon-productionenvironmentstakingtheoverallbusinessprocess(es)intoaccount.ThisphaseentailsexecutingconfigurationsconstructedduringthePolicyphase.Reportautomationandpre-andpost-runscriptsoptionssupportawiderangeofancillaryprocessesandrequirements.

ManageandReport:Adapttochangingrequirementsandprovidevisibility

TheManageandReportphaseiswherethe“fitandvalue”ofthesolutionwillbecomeclear.Thisphaseincludeschangemanagement,jobmaintenance,configurationupdatesandcompliancereportsaboutdatarelationships,maskingtechniques,andmaskeddatabasestructures.

DataMaskingSimplifiedSomedatamaskingvendorswillhaveyoubelieveittakesyearsandmillionsofdollarstoimplementadatamaskingsolution.Thispresumptionsimplyisnottrue.TheImpervaCamouflageDataMaskingsolutionimplementationscanberunninginweeksormonthsfromstarttofinish,evenforthelargestFortune500organizations.Thesolutionprovideseaseofuse,scalability,andend-to-endfunctionalitythatensurerapidadoptionandlong-termvalue.

Alldatamaskingfunctionsincludingdatadiscovery,datamasking,managementandreportingareperformedfromtheImpervaCamouflageWorkbenchuserinterface,resultinginashorterlearningcurve.Thisefficientcentralizedmanagementcontrastsstarklywithothersolutionsthatutilizedisparateuserinterfacesfordifferentfunctionality.

Page 3: Imperva Camouflage Data Masking Brief Dec 2015 V2 · Imperva Camouflage Data Masking Reduce the risk of non-compliance and sensitive data theft Sensitive data is embedded deep within

Intelligentlyidentify,classifyandanalyzesensitivedataanddatarelationships

Thechallengeofdatadiscoveryoftenliesinthecomplexmixoflegacy,homegrownandthird-partyapplicationsthatrunyourorganization.Sometimestheoriginaldevelopersoflegacyapplicationshavemovedon,andadequatedocumentationisnon-existent.Manytimescommercialsoftwareisaproprietary“blackbox".Regardlessofwhetheryouneedtosecurein-houseorcommercialoff-the-shelfapplications,ImpervaCamouflagemakesiteasytoidentifysensitivedata.Organizationsthatunderstandthenatureoftheirsensitivedataandthecontextinwhichitresidescanthentakemeasurestoputappropriatedataprivacyandsecuritycontrolsinplace.

Howdatadiscoveryworks

Intelligentdiscoveryalgorithmsandahigh-performancearchitectureallowImpervaCamouflagetoscanbillionsofdatapointsforsensitivedataanddatarelationshipsthroughoutanenterprise,greatlyreducingtheneedformanualeffortandenablingamoreagileandefficientprocess.UsingthepredefinedpatterntemplatesandanycustomerspecifiedcustomrulesImpervalocatesandidentifiesawiderangeofsensitivedata,including:

• Creditcardnumbers • Socialsecuritynumbers/NationalId

• Birthdates • Names

• Bankcardnumbers • Addresses

• Healthcarecodes • Phonenumbers

• Identificationnumbers • Financialfields(salary,hourlyrate)

ImpervaCamouflageusesheuristicsandstatisticalanalysistoidentifysensitivedatarelationships.Comparingtheresultswithhistoricalresultsstoredinthecentralizedrepositorytodetectandauditchangestothesensitivedatalandscape.Dataanalysistoolsandreportsprovideriskmanagersandthebusinessstakeholderswiththevisibilitytothoroughlyassesssensitivedatariskandderiveactionableinsightsforimprovingtheorganization’sdatasecurityposture.

Understandyoursensitivedatalandscape

Page 4: Imperva Camouflage Data Masking Brief Dec 2015 V2 · Imperva Camouflage Data Masking Reduce the risk of non-compliance and sensitive data theft Sensitive data is embedded deep within

Byautomatingtheidentificationofdatarelationships,themanualeffortrequiredissignificantlyreduced,enablingamoreagileandefficientsensitivedataanalysisprocess.Italsoyieldsdataprofilesthataresnapshotsofdatabaseinformationataparticularpointintime.AFunctionalMaskingDocumentmaybegenerateddirectlyfromthedataprofile.

ThecomprehensiveoverviewreportoftheDiscoveryRunprovidesaneasytounderstand,andactionabledashboard-stylereportwithgraphs,tables,andrecommendationsthatareidealforsharingwithbusinessstakeholders.

Efficientlysetpolicy,configuremaskingrulesanddatarelationships

UsingImpervaCamouflagetocreaterealisticandfullyfunctionaldatarequiredforuseinnonproductionenvironmentsreducestheoverallamountofdatasubjecttocompliancewithprivacylegislationandorganizationalpolicies.Italsoeliminatesthecorrespondingriskassociatedwithdatalossintheeventofabreach.

ThecentralizedWorkbenchconsoleutilizesanumberofpredefinedtemplates,datatransformers,andclick-to-configureoptionsthatstreamlineeveryaspectofadatamaskingproject,including:

• Datadiscovery • Projectexecution(real-timeorbatch)

• Projectdefinition • Pre-andpost-processscripts

• Databaseandflatfile/mainframeconnectivity • SubsettingandETLmasking

• TranslationMatrix(Inter-databasedependencymanagement) • Reporting

• Maskingtargets • Projectsecurity

• Datatransformation • Systemandprojectpreferences

Click-to-ConfigureMaskingCapabilitiesandFunctionality

Databasedrivenconfiguration-WhenconfiguringanImpervaCamouflageproject,thevaluesdefinedandselectedduringtheconfigurationprocessareretrieveddirectlyfromthedatabaseorflatfile.

RelationalIntegrity-Ifprimarykey/foreignkeyrelationshipsaredefinedatthedatabaselevel,ImpervaCamouflagecanautomaticallyupdateallforeignkeyswhenmaskingaprimarykeyfield.Whenkey/foreignkeyrelationshipsaredefinedattheapplicationlevel,therelatedfieldscanbeconfiguredwithinImpervaCamouflagetocorrectlyupdateassociatedkeyfieldstomaintainrelationalintegrity.TheDatabaseTranslationMatrixallowsuserstomaintainconsistentdatarelationshipsacrossdifferentapplicationsandacrosstime.

RealisticFictionalData-Bymaskingdatausedinproductiondatabases,ImpervaCamouflageallowsthecreationoffullyfunctionalandrealisticdata.Oncemasked,thedataretainsitsrealismwithoutdisclosingitsoriginalproperties.

KeyDataTransformers-Thedatatransformersprovidethedatamaskinglogic.Impervaincludesmultipletransformers,coveringamultitudeoftransformationneeds.

RobustScriptingCapability–Inadditiontotheout-of-the-boxtransformers,ImpervaCamouflageprovidestheabilitytotransformdatabywritingcustomscripts.Thecustomscriptsoperatealoneorinconjunctionwithoneofthepre-definedtransformers.ScriptsarewrittenusingtheGroovyscriptinglanguagethatallowsforsignificantflexibilityincreatingcustommaskingfunctions.

Page 5: Imperva Camouflage Data Masking Brief Dec 2015 V2 · Imperva Camouflage Data Masking Reduce the risk of non-compliance and sensitive data theft Sensitive data is embedded deep within

ExternalDataSources–Inadditiontothedefaultprojectconnection,otherdataconnectionscanbeconfiguredforuseinretrievingexternalupdatevalues.

EnhancedMasking–ImpervaCamouflageprovidessupportforadvancedandcomplexmaskingrequirementswithadvancedfiltereddatamasking(subsetting)anddatagrouping.

CentralizedManagementandReporting

ThecentralizedmanagementandreportingcapabilityofImpervaCamouflagereducesthetimerequiredtocreateandmanagedatamaskingprojects.Predefinedreporttemplatesautomatecompliancereportingrequirementsandprovidevisibilityintodatause,risk,andprotection.

CommandLineAPIforBatchProcessing–ImpervaCamouflageisenterprisefriendly,supportingcommandlineexecutionoftasksforintegrationwithautomatedITanddatabasescripts.Theintegrationofthemaskingprocesswiththeprocessfortherefreshmentofdatainthenon-productionsystemsensuresconsistentapplicationofcomplianceandsecuritypolicies.

ReusableProjectFiles-AllmaskingactionsarestoredinaImpervaCamouflageprojectfileforfutureuse,modification,andprocessing.ThisfileisXML-based,allowingforeasymigrationofprojectfilesbetweenoperatingsystems.

ConsistentMasking–ImpervaCamouflageprovidestheabilitytocreatemappingtablesthatstoretheoriginalkeyvaluesastheyexistedinthedatabasebeforemasking,alongwiththenewkeyvalues.Activationofthisfeatureiscompletelyoptional(i.e.Impervadoesnotrequirethesetablesinanyway)andthesetablescanalsobesecuredorremovedbyadatabaseadministratorasappropriate.

MultithreadedDatabaseUpdates-Atruntime,thedatabaserefreshcanbeupdatedusingaconfigurablenumberofthreadstooptimizeperformanceinagivenenvironment.

ProjectSecurity–ImpervaCamouflageprovidesalayeredsecuritymechanismforprotectingtheprojectfileaswellasthesixprimaryconfigurationsectionswithintheproject.Independentsecurityenablementofeachsectionandtheprojectprovideflexibilitytomatchyourinternalgovernancepolicies.

VisibilityandReporting–Pre-definedreportsinclude:BeforeandAfterReport,ProjectConfigurationReport,ImpactedObjectReport,HistoricalProjectRunReport.Automaticreportgenerationisapreferencesettingwithineachmaskingproject.Inadditiontothepredefinedreports,thereareanumberofinteractivetoolsandprogressmonitorsthatimprovetheoveralluserexperienceandtaskefficiency.

SummaryImpervaCamouflageDataMaskingreducestheamountofsensitivedatastoredwithinyourenvironmentwhilemaintainingtheintegrityandvalidityoftheinformationforuseinsupportingbusinessprocessesandtestenvironments.Thesmallersensitivedatafootprinttranslatesintohardsavingswhenyouconsiderthepotentialriskandsecurityrequirementsthatnon-maskeddatainthesesystemswouldpose.

ToLearnmorevisitImperva.comorcall+1(866)926-4678

© 2015, Imperva, Inc. All rights reserved. Imperva, the Imperva logo, SecureSphere, Incapsula and Skyfence are trademarks of Imperva, Inc. and its subsidiaries. All other brand or product names are trademarks or registered trademarks of their respective holders. Tech-Name-Date-rev#


Top Related

SecureSphere 7 - Imperva
SecureSphere 7 - Imperva
Bruck...CAMOUFLAGE FABRICS • With and without NIR Signature Management Camouflage • Maritime Multicam Camouflage Pattern Uniform (MMPU) • Australian Multicam Camouflage Uniform
Bruck...CAMOUFLAGE FABRICS • With and without NIR Signature Management Camouflage • Maritime Multicam Camouflage Pattern Uniform (MMPU) • Australian Multicam Camouflage Uniform
Global IT Service Provider Wins...and testing environments Imperva Solution Incorporate Imperva Camouflage data masking best practice into the software development process. Mask copy
Global IT Service Provider Wins...and testing environments Imperva Solution Incorporate Imperva Camouflage data masking best practice into the software development process. Mask copy
Secure Microsoft SharePoint with Imperva SecureSphere
Secure Microsoft SharePoint with Imperva SecureSphere
IMPERVA 2.pdf
IMPERVA 2.pdf
Imperva Document Template - Rich (1)
Imperva Document Template - Rich (1)
Imperva SecureSphere Case Study - Imperva - Data Center
Imperva SecureSphere Case Study - Imperva - Data Center
Imperva-GDPR-72hournotification-Infographic€¦ · Title: Imperva-GDPR-72hournotification-Infographic Created Date: 4/30/2018 12:55:30 PM
Imperva-GDPR-72hournotification-Infographic€¦ · Title: Imperva-GDPR-72hournotification-Infographic Created Date: 4/30/2018 12:55:30 PM