We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byCelia Ogburn
Modified about 1 year ago
2 © Hexaware Technologies. All rights reserved. 2 Agenda Data Masking - The needData theft - StatisticsObjectives & BenefitsFeaturesMasking TechniquesQ&A
3 © Hexaware Technologies. All rights reserved. 3 Increasing number of regulations & policies governing Data privacy Exposing sensitive information while sharing non-production data during Outsourcing Unauthorized access of confidential data by insiders Legal consequences due to data theft by insiders and external vendors Business Challenges/Risks Data Masking – The Need
4 © Hexaware Technologies. All rights reserved. 4 Data Masking – The Need Secure Zone Production environment Strict access restrictions Potential Risk Area Non - Production environment Looser access controls Vulnerable to security attacks
5 © Hexaware Technologies. All rights reserved. 5 Statistics - The ‘Insider Threat’ Insider Threat to Compliance and Privacy 90% of major corporations detected security breaches 70% of corporations detected unauthorized access by insiders Myth: Hackers cause most security breaches Fact: “Disgruntled employees and other insiders accounted for more than 70% of the cyber attacks” Reference – Computer World
6 © Hexaware Technologies. All rights reserved. 6 Security Layers Network Security Application Security OS Security Unauthorized Insider Access Data
7 © Hexaware Technologies. All rights reserved. 7 Privacy Compliance Legislations Organizations today face a growing number of regulations that mandate the accuracy, protection and privacy of data across the enterprise UK Data Protection Act (1998) All companies doing business in UK European Data Privacy Directive (1998) All companies doing business in Europe handling PII HIPAA(1996) Healthcare & Insurance All U.S. businesses handling medical records Canadian – Personal Information Protection And Electronic Documents Act (2001) All companies doing business in Canada AUS Privacy Act (2000) All companies doing business in AUS Sarbanes Oxley All U.S. public companies and private foreign issuers Gramm-Leach Bliley (1999) Banks and financial services companies doing business in U.S.
8 © Hexaware Technologies. All rights reserved. 8 Examples of sensitive data 1.Patient name 2.Medical record numbers 3.Health Plan Beneficiary Numbers Health Care/Medical 1.Grades 2.Student Financial Numbers 3.Financial Aid/Grants University 1.Funding/Sponsorship information 2.Human subject information Research 1.SSN 2.Name 3.Date of Birth 4.Contact Information 5.Pay components 6.Bank Account Number 7.Credit Card Number Employee Information Sector-wise Sensitive Information Common Sensitive Information
9 © Hexaware Technologies. All rights reserved. 9 Objectives & Business Benefits Protection of employee data Adherence to data privacy legislations Create de- identified production database copies Opens the avenue for Outsourcing – Results in cost reduction De-identify sensitive data for internal use Reduces the overhead of implementing internal security access policies Availability of realistic data post-masking High quality data is available for testing – Delivery excellence Objectives Business Benefits Akiva Application data integrity No impact on existing functionality of Application – No additional cost
10 © Hexaware Technologies. All rights reserved. 10 Where does Akiva fit in? Unmasked dataMasked data Copy of Production EMPLID – LU2947 NAME - Tom Fabris SSN company.com VendorzoneVendorzone EMPLID – FN1355 NAME - Kevin Peterson SSN domain.com Copy of Production Production database Client zoneClient zone Akiva
11 © Hexaware Technologies. All rights reserved. 11 Application-centred masking Akiva understands the complete Application Architecture Masking is performed after taking into consideration, the Business Processes and functionality in the Application Akiva is customizable - to suit custom built or home-grown Enterprise applications Akiva guarantees consistency post-masking
12 © Hexaware Technologies. All rights reserved. 12 Features Multi-threading Supports parallel execution to reduce runtime Key field masking Supports masking of all key fields without any impact Flexibility Ability to choose any sensitive data across the enterprise Reusability Masking configurations can be reused for multiple runs Preview masking See a preview of the masked data before actual masking Batch Processing Akiva can be run from the command line as a batch process Masking Algorithms User can mask in numerous ways using inbuilt algorithms in Akiva Subset masking Masks only a selected set of tables Platform and Database Supports Unix and Windows platforms and runs on Oracle database
13 © Hexaware Technologies. All rights reserved. 13 Features...Continued Data Integrity No impact on Business Processes User interface Simple, intuitive and user-friendly web interface Flat File masking Facilitates flat file masking Database Level Security Security permissions of Akiva are same as those privileged by the database Realistic Data Data post-masking is realistic and fully functional Ability to handle Customization Takes care of customizations in the application while masking Mask it your way Create your own masking algorithm
14 © Hexaware Technologies. All rights reserved. 14 Algorithm Scramble Sequence number generator Pattern generator Combo Shuffle Generic shuffle Blank out Replacement SSN generator Luhn generator Rule based algorithm Country based name lookup Additional functions Scheduler Profiling Multi threading Schedule monitor Masking preview Key field masking Features
15 © Hexaware Technologies. All rights reserved. 15 Masking Techniques 2 Shuffle Replace sensitive values with meaningful, readable data Before Masking Obrien, Kandy ObrienKandyLZ001 Peterson, Kevin PetersonKevinKU002 Adams, John AdamsJohnKU001 NameLast Name First Name EMP ID After Masking Pearson, Emily PearsonEmilyLZ001 Gilberto, Samuel GilbertoSamuelKU002 Bonner, Rob BonnerRobKU001 NameLast Name First Name EMP ID Sample fields Employee Name information, Address details Masking Techniques
16 © Hexaware Technologies. All rights reserved. 16 Blankout Simply replaces a field with a value of “ ” or 0 Sample fields Employee Address details, Phone Number Before Masking 614/ LZ / KU / KU001 Phone NumberEMP ID After Masking LZ001 KU002 KU001 Phone NumberEMP ID Masking Techniques
17 © Hexaware Technologies. All rights reserved. 17 Replacement Simply replaces a field with a supplied static value Sample fields Address, Phone Number Before Masking AddressEMP ID After Masking AddressEMP ID Masking Techniques
18 © Hexaware Technologies. All rights reserved. 18 Masking Techniques 2 Lookup Replace employee names and addresses choosing from an inbuilt repository of over 200,000 names Before Masking Obrien, KandyObrienKand y LZ001 Peterson, KevinPetersonKevinKU002 Adams, JohnAdamsJohnKU001 NameLast Name First Name EMP ID After Masking Julia, AngelineJuliaAngelineLZ001 Conrad, MichaelConradMichaelKU002 McKinley,LarryMcKinleyLarryKU001 NameLast Name First Name EMP ID Sample fields Employee Name information, Address details Masking Techniques
19 © Hexaware Technologies. All rights reserved. 19 SSN Generator Generate valid US Social Security Numbers for all employees Sample fields SSN, NATIONAL_ID Before Masking LZ KU KU001 SSNEMP ID After Masking LZ KU KU001 SSNEMP ID Masking Techniques
20 © Hexaware Technologies. All rights reserved. 20 Luhn Generator Generate numbers satisfying Luhn checksum condition Sample fields Credit Card Number Before Masking LZ KU KU001 Credit Card NumberEMP ID After Masking LZ KU KU001 Credit Card NumberEMP ID Masking Techniques
21 © Hexaware Technologies. All rights reserved. 21 Before Masking FN3056LZ001 FN1149KU002 FN5297KU001 DEP_IDEMP ID After Masking PU0102LZ001 PU0101KU002 PU0100KU001 DEP_IDEMP ID Sequence Number Generator Generate alphanumeric sequences in order Masking Techniques
22 © Hexaware Technologies. All rights reserved. 22 Random Number Generator Generate numbers in random Before Masking LZ KU KU001 COMPRATEEMP ID After Masking LZ KU KU001 COMPRATEEMP ID Masking Techniques
23 © Hexaware Technologies. All rights reserved. 23 Pattern Generator Generates a set of numbers based on user-defined pattern Before Masking 917LZ KU KU001 MEMBERSHIP_IDEMP ID After Masking 716LZ KU KU001 MEMBERSHIP_IDEMP ID A SAMPLE PATTERN Requirement MEMBERSHIP_ID - 3 digit numbers satisfying the condition (Hundredth digit + Tenth Digit ) > Units Digit Example A valid number is 253, (2+5) > 3 An invalid number is 129, (1+2) < 9 Steps The requirement can be interpreted and broken down into the following steps (Digits are numbered from left to right). Step 1: S1 = Digit 1 + Digit 2 Step 2: S2 = S1 > Digit 3 Masking Techniques
24 © Hexaware Technologies. All rights reserved. 24 Rule based masking Consistently masks the database based on rules/custom masking algorithms defined by the user. SAMPLE RULE 2 – FIELD RELATIONSHIP DEFINITION Requirement Mask all the pay details of employees Define Relationship between fields NP – Net Pay GP – Gross Pay BP – Basic Pay HRA – House Rent Allowance DA – Dearness Allowance Step 1: NP = GP - Tax Step 2: Tax = 20% GP Step 3: GP = BP + HRA + DA Step 4: HRA = 50% BP Step 5: DA = 10% BP SAMPLE RULE 1 – CUSTOM MASKING ALGORITHM Requirement Decrease the Compensation Rate Code field value by a fixed percentage. Define custom masking algorithm COMPRATE – Compensation Rate Code field Step 1: Step 1 = 30% of COMPRATE Step 2: COMPRATE = Step 1 Masking Techniques
25 © Hexaware Technologies. All rights reserved. 25 Rule based masking sample data Before Masking NP GP LZ KU KU001 HRADABPEMP ID Masking Techniques After Masking NP GP LZ KU KU001 HRADABPEMP ID
26 © Hexaware Technologies. All rights reserved. 26 Thank You
Data Masking Counter Attack to Identity Theft Paul Preston Data Masking: Counter Attack to Identity Theft.
Challenges of Recent Legislation and the Need for IT Policy Jacqueline Craig University of California Office of the President Secure IT 2004 April 28,
By Jason Perkins & William O’Shea Mission Critical BI in an EDW 2.0 world.
Logical IT Security By Prashant Mali.
UNIT I FUNDAMENTAL OF E-COMMERCE 1.1INTRODUCTION TO E-COMMERCE 1.2 DRIVING FORCES OF E-COMMERCE 1.3 BENEFITS AND LIMITATIONS OF E-COMMERCE 1.4 DATA MINING.
Copyright © 2011 Pearson Education, Inc. publishing as Prentice Hall 14-1 MANAGING INFORMATION TECHNOLOGY 7 th EDITION CHAPTER 14 INFORMATION SECURITY.
Learning Objectives 13.1 Explain how businesses benefit from the use of information technology (IT) Describe the components that enable IT– networks,
John Clark COO, PCI Security and Compliance CCIA Fall Meeting – 7 th October 2011.
National Safety Compliance, Inc. …because safety is never an accident… Presentation works best if displayed on a computer with an active internet connection.
A sneak peek. About Us IT company specializing in Products, Design & Development Founded in April 2000 Run by a team of IT professionals with diverse.
1 Gramm-Leach-Bliley Act (GLBA) Implementation of the Safeguards Rule Information Security Program University of Minnesota (Adapted from the Federal Trade.
CHTP REVIEW. HFTP Todays Session Structure Four-Hour Review Designed for Exam Review Sectioned Same as Exam Breaks when needed.
IT Security Policy Framework. Policies IT Security Policy Framework Policies Standards.
PCI-DSS Compliance and Payment Card Acceptance Cathy Freeman Cash and Treasury Services Phone:
Principles of Information Security, 3rd Edition2 Use this chapter as a guide for future reference on laws, regulations, and professional organizations.
Nationwide and Regional Health Information Networks and Federated Identity for Authentication and HIPAA Compliance Christina Stephan, MD Co-Chair Liberty.
Working with Data Managers Renee Woodten Frost Internet2 Middleware Initiative University of Michigan Copyright Renee Woodten Frost This work is.
MDM Strategies for the Global 10,000 Atul Patel Director MDM SAP Asia Pacific & Japan
Information Security Microsoft Legal Spotlight Presented by LawNet and Microsoft Alan Hakimi US Lead Architect for Security Microsoft Services Scott D.
What is an Operating System? A program that acts as an intermediary between a user of a computer and the computer hardware. Operating system goals: Execute.
Dealing with Web Application Security, Regulation Style Andrew Weidenhamer 11/10/2010.
Open Solutions for a Changing World Eddy Kleinjan Copyright 2005, Data Access WorldwideDynamic AI June 6-9, 2005 Key Biscayne, Florida Conceptual Dynamic.
INTERNAL CONTROL BASED ON THE COSO REPORT. Objective COSO C OBI T To use COSO, the Corporate Governance model, and C OBI T, the Information Technology.
Workshop: Governance, Risk, Compliance (GRC) & Identity Management , 09:00-12:30, Track: Workshop I Dr. Horst Walther, Kuppinger Cole + Partner.
ViPNt ViPNet Product Presentation Infotecs GmbH 2008.
© 2016 SlidePlayer.com Inc. All rights reserved.