Upload File

Download - Imperva Camouflage Data Masking Brief Dec 2015 V2When evaluating data masking, you will likely investigate both dynamic and static masking. Static data masking is primarily ... Scripts

Transcript
Page 1: Imperva Camouflage Data Masking Brief Dec 2015 V2When evaluating data masking, you will likely investigate both dynamic and static masking. Static data masking is primarily ... Scripts

ImpervaCamouflageDataMasking

Reducetheriskofnon-complianceandsensitivedatatheftSensitivedataisembeddeddeepwithinmanybusinessprocesses;itisthefoundationalelementinHumanRelations,sales,andstrategicanalysissystems.Thebusinesscannotfunctionwithoutenablingaccesstothisinformation.Theproblemisthatthisinformationisequallyvaluabletothebadguys–hackers,disgruntledormisguidedinsidersandcompetitors.Complianceregulationsrecognizethevalueofsomeofyoursensitivedata,includingpersonallyidentifiableinformation,butyourorganizationhasvastamountsofsensitiveinformationthatisnotsubjecttoregulation.Yourchallengeistoprotectallofthesensitiveinformationanddemonstratecompliancewiththeapplicableregulationinacost-effectivemannerthatfitsyourbusiness’sprocessesandresources.

TheImpervadatasecurityportfolioispurpose-builttoprovideyouwithsecurityandcompliancecapabilitiesthatmeetaddressabroadrangeofusecasesacrossdatabases,files,useractivity,BigDataandcloud-basedsystems.TheImpervaCamouflageDataMaskingsolutionwillreduceyourriskprofilebyreplacingsensitivedatawithrealisticfictionaldata.Thefictionaldatamaintainsreferentialintegrityandisstatisticallyaccurateenablingtesting,analysisandbusinessprocessestooperatenormally.Theprimaryuseofthismaskingisfordatainnon-productionsystems,includingtestanddevelopmentsystemsordatawarehousesandanalyticaldatastores.Anothersetofcandidatesfordatamaskingisbusinessenablersthatrequiredatatoleavethecountryorcompanycontrol,suchasoff-shoreteamsoroutsourcedsystems.TheImpervaCamouflageDataMaskingsolutionwillnotonlyprotectdatafromtheft,itwillhelpensurecompliancewithregulationsandinternationalpoliciesdictatingdataprivacyandtransport.

• Discoveranddocumentsensitivedataanddatarelationshipsacrosstheenterprise

• Reducethevolumeofsensitivedatainnon-productionsystems

• Facilitatedatatransportforoutsourcingorcompliancewithinternationalprivacyregulations

• Enableuseofproductiondataindevelopmentandtestingwithoutputtingsensitivedataatrisk

• Trackchangesandgeneratecompliancereportsateachdatarefresh

• Preventsensitivedatalossfromnon-productionsystems

DataMasking:AbaselinedatasecuritymeasureLikeothertraditionalsecuritytoolsdevelopedtoaddressaspecificchallenge,datamaskingisevolvingbeyondthetraditionalusecaseinapplicationdevelopmentandtestingtobecomeastrategicelementinanintegratedsecurityinfrastructure.TheGartnerMarketGuideforData-CentricAuditandProtectioncategorizesdatamaskingasakeydataprotectioncapabilitythatshouldbepartofanorganization’sdatasecuritygovernance“shortlist”.1Thereasonissimple:datamaskingpreventsaccesstosensitivedatawhileenablingtesting,analysis,andbusinessprocesses.

Whenevaluatingdatamasking,youwilllikelyinvestigatebothdynamicandstaticmasking.Staticdatamaskingisprimarilyusedonnon-productiondatabasesandispermanent;dynamicmaskingisusedonproductiondatabasesandistemporary.Whileeachmaskingservesapurpose,staticdatamaskingissignificantlyeasierandfastertodeployandmanagelong-term.Staticmaskinghasnoimpactontheproductionsystemperformance;thereisnoriskofcorruptingtheproduction

1GartnerReport:G00276042;MarketGuideforData-CentricAuditandProtection,December15,2015,

Page 2: Imperva Camouflage Data Masking Brief Dec 2015 V2When evaluating data masking, you will likely investigate both dynamic and static masking. Static data masking is primarily ... Scripts

data.TheImpervaCamouflageDataMaskingsolutionisastaticdatamaskingtoolthatpermanentlyprotectsdataandreducesexposuretocompliancerequirements.

DataMaskingBestPractices

Designingasustainablestaticdatamaskingsolutionrequiresanunderstandingofthesourcedataandthedependenciesonthatdatasetacrosstheorganization.ThisunderstandingwilldrivethemaskingpoliciesandintegrationofmaskingintotheexistingITandbusinessprocesses.Theresultingframeworksupportsarepeatableprocessthatminimizesresourcerequirements,reducesriskandimprovescompliancewithregulatoryrequirements.

Discover:Retrieveandanalyzesensitivedata

ThegoaloftheDiscoverphaseistoidentifydatathatneedstobemaskedinordertoprovidesufficientprotectionwithoutcompromisingdatautility.ThisstageinvolvesdocumentationofrequirementsandeducationontheimplicationsofmaskingnecessaryforthecreationofconfigurationsduringthePolicystageoftheDataMaskingBestPractice.Automateddiscoveryofsensitivedataisakeyfactorinminimizingdeploymenttimesandlong-termsuccess.

AssessandClassify:Establishcontextforsensitivedata

TheAccessandClassifyphaseareintendedtoestablishcriteriathatwillaidindetermininghowtomaskthedata.IncludingthecodificationofthecontextualinformationdeterminedduringtheDiscoverphase,thesensitivityofvariousdata,itsintendeduse(s),thetransformationrequirementsandanyinter-databasedependencies.

SetPolicy:Createdatamaskingconfigurations

ThegoalofthePolicyphaseistocreatedatamaskingconfigurationsbaseduponcustomer-specificfunctionalmaskingrequirementsdefinedinpriorphases.Includingplansandrequirementsforintegratingdatamaskingconfigurationsintotheoveralldatarefreshprocessfornon-productionenvironments.Thisphasealsoprovidesanopportunitytodevelopdatamaskingschedulesandestablishappropriatechangemanagementprocesses.Datamaskingsoftwarethatiseasy-to-use,flexibleandscalableiscriticalforaccommodatingvaryingandoftencomplexrequirements.

Deploy:Integratedatamaskingintheexistingprocesses

TheDeployphaseisintendedtotransitiondatamaskingintotherefreshprocessfornon-productionenvironmentstakingtheoverallbusinessprocess(es)intoaccount.ThisphaseentailsexecutingconfigurationsconstructedduringthePolicyphase.Reportautomationandpre-andpost-runscriptsoptionssupportawiderangeofancillaryprocessesandrequirements.

ManageandReport:Adapttochangingrequirementsandprovidevisibility

TheManageandReportphaseiswherethe“fitandvalue”ofthesolutionwillbecomeclear.Thisphaseincludeschangemanagement,jobmaintenance,configurationupdatesandcompliancereportsaboutdatarelationships,maskingtechniques,andmaskeddatabasestructures.

DataMaskingSimplifiedSomedatamaskingvendorswillhaveyoubelieveittakesyearsandmillionsofdollarstoimplementadatamaskingsolution.Thispresumptionsimplyisnottrue.TheImpervaCamouflageDataMaskingsolutionimplementationscanberunninginweeksormonthsfromstarttofinish,evenforthelargestFortune500organizations.Thesolutionprovideseaseofuse,scalability,andend-to-endfunctionalitythatensurerapidadoptionandlong-termvalue.

Alldatamaskingfunctionsincludingdatadiscovery,datamasking,managementandreportingareperformedfromtheImpervaCamouflageWorkbenchuserinterface,resultinginashorterlearningcurve.Thisefficientcentralizedmanagementcontrastsstarklywithothersolutionsthatutilizedisparateuserinterfacesfordifferentfunctionality.

Page 3: Imperva Camouflage Data Masking Brief Dec 2015 V2When evaluating data masking, you will likely investigate both dynamic and static masking. Static data masking is primarily ... Scripts

Intelligentlyidentify,classifyandanalyzesensitivedataanddatarelationships

Thechallengeofdatadiscoveryoftenliesinthecomplexmixoflegacy,homegrownandthird-partyapplicationsthatrunyourorganization.Sometimestheoriginaldevelopersoflegacyapplicationshavemovedon,andadequatedocumentationisnon-existent.Manytimescommercialsoftwareisaproprietary“blackbox".Regardlessofwhetheryouneedtosecurein-houseorcommercialoff-the-shelfapplications,ImpervaCamouflagemakesiteasytoidentifysensitivedata.Organizationsthatunderstandthenatureoftheirsensitivedataandthecontextinwhichitresidescanthentakemeasurestoputappropriatedataprivacyandsecuritycontrolsinplace.

Howdatadiscoveryworks

Intelligentdiscoveryalgorithmsandahigh-performancearchitectureallowImpervaCamouflagetoscanbillionsofdatapointsforsensitivedataanddatarelationshipsthroughoutanenterprise,greatlyreducingtheneedformanualeffortandenablingamoreagileandefficientprocess.UsingthepredefinedpatterntemplatesandanycustomerspecifiedcustomrulesImpervalocatesandidentifiesawiderangeofsensitivedata,including:

• Creditcardnumbers • Socialsecuritynumbers/NationalId

• Birthdates • Names

• Bankcardnumbers • Addresses

• Healthcarecodes • Phonenumbers

• Identificationnumbers • Financialfields(salary,hourlyrate)

ImpervaCamouflageusesheuristicsandstatisticalanalysistoidentifysensitivedatarelationships.Comparingtheresultswithhistoricalresultsstoredinthecentralizedrepositorytodetectandauditchangestothesensitivedatalandscape.Dataanalysistoolsandreportsprovideriskmanagersandthebusinessstakeholderswiththevisibilitytothoroughlyassesssensitivedatariskandderiveactionableinsightsforimprovingtheorganization’sdatasecurityposture.

Understandyoursensitivedatalandscape

Page 4: Imperva Camouflage Data Masking Brief Dec 2015 V2When evaluating data masking, you will likely investigate both dynamic and static masking. Static data masking is primarily ... Scripts

Byautomatingtheidentificationofdatarelationships,themanualeffortrequiredissignificantlyreduced,enablingamoreagileandefficientsensitivedataanalysisprocess.Italsoyieldsdataprofilesthataresnapshotsofdatabaseinformationataparticularpointintime.AFunctionalMaskingDocumentmaybegenerateddirectlyfromthedataprofile.

ThecomprehensiveoverviewreportoftheDiscoveryRunprovidesaneasytounderstand,andactionabledashboard-stylereportwithgraphs,tables,andrecommendationsthatareidealforsharingwithbusinessstakeholders.

Efficientlysetpolicy,configuremaskingrulesanddatarelationships

UsingImpervaCamouflagetocreaterealisticandfullyfunctionaldatarequiredforuseinnonproductionenvironmentsreducestheoverallamountofdatasubjecttocompliancewithprivacylegislationandorganizationalpolicies.Italsoeliminatesthecorrespondingriskassociatedwithdatalossintheeventofabreach.

ThecentralizedWorkbenchconsoleutilizesanumberofpredefinedtemplates,datatransformers,andclick-to-configureoptionsthatstreamlineeveryaspectofadatamaskingproject,including:

• Datadiscovery • Projectexecution(real-timeorbatch)

• Projectdefinition • Pre-andpost-processscripts

• Databaseandflatfile/mainframeconnectivity • SubsettingandETLmasking

• TranslationMatrix(Inter-databasedependencymanagement) • Reporting

• Maskingtargets • Projectsecurity

• Datatransformation • Systemandprojectpreferences

Click-to-ConfigureMaskingCapabilitiesandFunctionality

Databasedrivenconfiguration-WhenconfiguringanImpervaCamouflageproject,thevaluesdefinedandselectedduringtheconfigurationprocessareretrieveddirectlyfromthedatabaseorflatfile.

RelationalIntegrity-Ifprimarykey/foreignkeyrelationshipsaredefinedatthedatabaselevel,ImpervaCamouflagecanautomaticallyupdateallforeignkeyswhenmaskingaprimarykeyfield.Whenkey/foreignkeyrelationshipsaredefinedattheapplicationlevel,therelatedfieldscanbeconfiguredwithinImpervaCamouflagetocorrectlyupdateassociatedkeyfieldstomaintainrelationalintegrity.TheDatabaseTranslationMatrixallowsuserstomaintainconsistentdatarelationshipsacrossdifferentapplicationsandacrosstime.

RealisticFictionalData-Bymaskingdatausedinproductiondatabases,ImpervaCamouflageallowsthecreationoffullyfunctionalandrealisticdata.Oncemasked,thedataretainsitsrealismwithoutdisclosingitsoriginalproperties.

KeyDataTransformers-Thedatatransformersprovidethedatamaskinglogic.Impervaincludesmultipletransformers,coveringamultitudeoftransformationneeds.

RobustScriptingCapability–Inadditiontotheout-of-the-boxtransformers,ImpervaCamouflageprovidestheabilitytotransformdatabywritingcustomscripts.Thecustomscriptsoperatealoneorinconjunctionwithoneofthepre-definedtransformers.ScriptsarewrittenusingtheGroovyscriptinglanguagethatallowsforsignificantflexibilityincreatingcustommaskingfunctions.

Page 5: Imperva Camouflage Data Masking Brief Dec 2015 V2When evaluating data masking, you will likely investigate both dynamic and static masking. Static data masking is primarily ... Scripts

ExternalDataSources–Inadditiontothedefaultprojectconnection,otherdataconnectionscanbeconfiguredforuseinretrievingexternalupdatevalues.

EnhancedMasking–ImpervaCamouflageprovidessupportforadvancedandcomplexmaskingrequirementswithadvancedfiltereddatamasking(subsetting)anddatagrouping.

CentralizedManagementandReporting

ThecentralizedmanagementandreportingcapabilityofImpervaCamouflagereducesthetimerequiredtocreateandmanagedatamaskingprojects.Predefinedreporttemplatesautomatecompliancereportingrequirementsandprovidevisibilityintodatause,risk,andprotection.

CommandLineAPIforBatchProcessing–ImpervaCamouflageisenterprisefriendly,supportingcommandlineexecutionoftasksforintegrationwithautomatedITanddatabasescripts.Theintegrationofthemaskingprocesswiththeprocessfortherefreshmentofdatainthenon-productionsystemsensuresconsistentapplicationofcomplianceandsecuritypolicies.

ReusableProjectFiles-AllmaskingactionsarestoredinaImpervaCamouflageprojectfileforfutureuse,modification,andprocessing.ThisfileisXML-based,allowingforeasymigrationofprojectfilesbetweenoperatingsystems.

ConsistentMasking–ImpervaCamouflageprovidestheabilitytocreatemappingtablesthatstoretheoriginalkeyvaluesastheyexistedinthedatabasebeforemasking,alongwiththenewkeyvalues.Activationofthisfeatureiscompletelyoptional(i.e.Impervadoesnotrequirethesetablesinanyway)andthesetablescanalsobesecuredorremovedbyadatabaseadministratorasappropriate.

MultithreadedDatabaseUpdates-Atruntime,thedatabaserefreshcanbeupdatedusingaconfigurablenumberofthreadstooptimizeperformanceinagivenenvironment.

ProjectSecurity–ImpervaCamouflageprovidesalayeredsecuritymechanismforprotectingtheprojectfileaswellasthesixprimaryconfigurationsectionswithintheproject.Independentsecurityenablementofeachsectionandtheprojectprovideflexibilitytomatchyourinternalgovernancepolicies.

VisibilityandReporting–Pre-definedreportsinclude:BeforeandAfterReport,ProjectConfigurationReport,ImpactedObjectReport,HistoricalProjectRunReport.Automaticreportgenerationisapreferencesettingwithineachmaskingproject.Inadditiontothepredefinedreports,thereareanumberofinteractivetoolsandprogressmonitorsthatimprovetheoveralluserexperienceandtaskefficiency.

SummaryImpervaCamouflageDataMaskingreducestheamountofsensitivedatastoredwithinyourenvironmentwhilemaintainingtheintegrityandvalidityoftheinformationforuseinsupportingbusinessprocessesandtestenvironments.Thesmallersensitivedatafootprinttranslatesintohardsavingswhenyouconsiderthepotentialriskandsecurityrequirementsthatnon-maskeddatainthesesystemswouldpose.

ToLearnmorevisitImperva.comorcall+1(866)926-4678

© 2015, Imperva, Inc. All rights reserved. Imperva, the Imperva logo, SecureSphere, Incapsula and Skyfence are trademarks of Imperva, Inc. and its subsidiaries. All other brand or product names are trademarks or registered trademarks of their respective holders. Tech-Name-Date-rev#


Top Related

Data Masking and Subsetting Guide - Oracle · Oracle® Data Masking and Subsetting Guide ... 3.1 Creating an Application Data Model 3-2 ... of Oracle Enterprise Manager (EM) Database
Data Masking and Subsetting Guide - Oracle · Oracle® Data Masking and Subsetting Guide ... 3.1 Creating an Application Data Model 3-2 ... of Oracle Enterprise Manager (EM) Database
Data Subsetting and Masking
Data Subsetting and Masking
22660761 Data Masking Concept in Power Center
22660761 Data Masking Concept in Power Center
A Data Masking Technique for Data Warehouses Ricardo Jorge Santos & Marco Vieira
A Data Masking Technique for Data Warehouses Ricardo Jorge Santos & Marco Vieira
trainocate.asiatrainocate.asia/static/images/media/JAN - … · XLS file · Web view · 2016-03-31InfoSphere Optim Test Data Management and Data Masking on z/OS DX900G DX900IN IBM
trainocate.asiatrainocate.asia/static/images/media/JAN - … · XLS file · Web view · 2016-03-31InfoSphere Optim Test Data Management and Data Masking on z/OS DX900G DX900IN IBM
Delphix Masking User Guide · Data Platform seamlessly integrates masking with data delivery capabilities, ensuring the security of sensitive data before it is made available for
Delphix Masking User Guide · Data Platform seamlessly integrates masking with data delivery capabilities, ensuring the security of sensitive data before it is made available for
Oracle database 12c data masking and subsetting guide
Oracle database 12c data masking and subsetting guide
Data Masking Windows
Data Masking Windows