SUBSCRIBE NOW
IN THIS ISSUE
PIPELINE RESOURCES

Masking Data for Testing and Regulatory Compliance


The idea is that sensitive data can be de-identified.

Whether static or dynamic, the idea is that sensitive data can be de-identified, with key portions of credit information, credit card numbers, social security numbers and other private information redacted to eliminate its usefulness for hackers and thieves.

The “dynamic” flavor of DM adds the ability to adjust the extent to which the data is masked depending on who is seeing it, where they’re seeing it, when they’re seeing it, etc.

Gartner identifies three companies in its “magic quadrant,” in which the ability to execute intersects with the completeness of vision, in this most recent analysis of the market: IBM, Oracle and Informatica.

SDM was noted as the more in-demand of the data masking technologies, though analysts rightfully noted that DDM is a key component of broader data security discipline and was present in the offerings of the three noted leaders in the market.

Lagging implementation

Despite the availability of these technologies, however, carriers and other potential customers don’t seem to be rushing to implement them.

Pipeline spoke to Robert Shields, Informatica’s product marketing manager for data security, data privacy, and test data management solutions about the need for these solutions in the market, and he offered some stunning statistics from a recent survey commissioned by Informatica and performed by the Ponemon Institute. “There is a lagging adoption rate for these solutions in the industry,” said Shields. “The survey showed that the percentage of respondents whose firms have data encryption solutions in place is in the 50% range, and for data masking it was in the 30% range.”

The survey goes on to report that 1,663 global security practitioners surveyed in 18 countries and 16 industry sectors, only 43% have a common process to assess the risks to sensitive data on premise (and only 33% have a process for the cloud). Furthermore, only 22% of respondents say there is little risk that insiders would have too much access to data despite having a common process for tracking individuals who have access to sensitive information.

And that’s a big issue. Protecting information from external threats is one thing, but how about protecting from insiders? To go back to one of the flashier recent hacks, the Ashley Madison CEO said that the exposure of millions of philanderers was an inside job. Perhaps data masking could have resulted in a different outcome.

Treasure hunt

However, Shields notes that one of the major problems confronting survey respondents was a very familiar one to anyone who has dealt with Big Data: before you can mask your sensitive data, you need to know where to find it. “You need a snapshot of the landscape,” said Shields. “You need to be able to scan data storage, Hadoop, etc., for sensitive data.” The Ponemon survey suggests that the number one thing that keeps security practitioners up at night (65% of North American and 59% of European respondents, and 67% of respondents from the rest of the world) is not knowing where sensitive data is.

Carriers need to be able to locate this data and mask it appropriately, which fits in nicely with wider Big Data efforts. “What carriers want is trend information, generally,” notes Shields, so the masking of sensitive data will rarely hinder other operational efforts. In fact, a clear policy and the solutions to back it up will help carriers’ testing efforts by alleviating some of the constant worry that massive records databases contain data that could lead to privacy violations.

And that brings us back to the Office of Personnel Management hack last December, which may have compromised the personal data of some 4 million current and former U.S. government employees. The OPM, considered an agile and cutting-edge organization by no one, includes data masking in a list of possible measures that it is considering implementing to prevent future hacks.

Last November, Pipeline explored dark players and the data market that's fueling breaches such as those mentioned above in our Security Threats issue.  The conclusion was that if you could secure the data these bad actors were after - the very same data that is driving the dark data market - that the criminal economy (or a significant portion of it) would simply collapse.  DM seems like a viable approach to doing just that, and if it keeps your data compliant with whatever regulation comes down the pike as well, what's not to love?

So how about you? Is your data masked?



FEATURED SPONSOR:

Latest Updates





Subscribe to our YouTube Channel