Data Masking Secures Sensitive Data in Non-Production Environments

Sensitive data is a part of every large organization's normal business practice. Allowing sensitive data from production applications to be copied and used for development and testing environments increases the potential for theft, loss or exposure -- thus increasing the organization's risk. Data masking is emerging as a best practice for obfuscating real data so it can be safely used in non-production environments. This helps organizations meet compliance requirements for PCI, HIPAA, GLBA and other data privacy regulations.

By , Linda Musthaler Brian Musthaler

Fri, October 23, 2009Network World Last week's article covered the topic of protecting data in databases from the inside out. That is, watching every action involving data as it happens, and promptly halting improper actions. This week's article takes look at data masking, which another way to protect sensitive data, especially as it is being copied and used in the development and testing of applications

Enterprise Data Security: Definition and Solutions

Data masking is the process of de-identifying (masking) specific elements within data stores by applying one-way algorithms to the data. The process ensures that sensitive data is replaced with realistic but not real data; for example, scrambling the digits in a Social Security number while preserving the data format. The one-way nature of the algorithm means there is no need to maintain keys to restore the data as you would with encryption or tokenization.

10 woeful tales of data gone missing

Data masking is typically done while provisioning non-production environments so that copies of data created to support test and development processes are not exposing sensitive information. If you don't think this is important, consider what happened to Wal-Mart a few years ago. Wired.com reports that Wal-Mart was the victim of a serious security breach in 2005 and 2006 in which hackers targeted the development team in charge of the chain's point-of-sale system and siphoned source code and other sensitive data to a computer in Eastern Europe. Many computers the hackers targeted belonged to company programmers. Wal-Mart at the time produced some of its own software, and one team of programmers was tasked with coding the company's point-of-sale system for processing credit and debit card transactions. This was the team the intruders targeted and successfully hacked.

Wal-Mart's situation may not be unique. According to Gartner, more than 80%t of companies are using production sensitive data for non-production activities such as in-house development, outsourced or off-shored development, testing, quality assurance and pilot programs.

The need for data masking is largely being driven by regulatory compliance requirements that mandate the protection of sensitive information and personally identifiable information (PII). For instance, the Data Protection Directive implemented in 1995 by the European Commission strictly regulates the processing of personal data within the European Union. Multinational corporations operating in Europe must observe this directive or face large fines if they are found in violation. U.S. regulations such as the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA) also call for protection of sensitive financial and personal data.

Security
Loading...
Security MarketSpace
A Hidden Benefit of Desktop Virtualization?
This IDG eZine explores the many user benefits of desktop virtualization. Learn more »
Controlling E-Discovery: What stays in? What goes out?
You want to hold the cards as far as information management, but keeping large in-house teams doesn't make sense. Learn more »
Get Ahead of Your Data in Early Case Assessment
Need tools that provide cost savings today and fit into a long-term e-discovery strategy? Learn more »
The Challenges of Working with Keyword Search
There is a dangerous assumption that keyword search alone can sufficiently manage e-discovery. Learn more »
How In-House Technology Delivers Savings
Learn how companies can gain control of the e-discovery process and reduce costs by bringing software in-house. Learn more »
Cloud Computing Security
Learn how enterprises and service providers can achieve cloud-ready security for a competitive edge. Learn more »
This eBook tells you what you need to know about securing virtualized datacenters.
This eBook tells you what you need to know about securing virtualized datacenters. Learn more »
Achieving Compliance for the Virtual Infrastructure
Read this white paper on key trends in virtualization security from Nemertes Research. Learn more »
 
SPONSORED LINKS
 

Making Consumer Two-Factor Authentication Simple and Cost-Effective

Mining the Cloud to Ease the Enterprise Compliance Burden

Solve Five Key IT Security Challenges with Cloud-Based Authentication

IDC White Paper: CCM for IT Compliance and Risk Management

White Paper: A Security Blueprint Delivered From within the Network

Maximizing efficiencies with unified communications.

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion.

Cut Costs & Green Your IT Operations with PC Power Management

Webcast: Unleashing the Power of Customer Data

White Paper: Legacy Tools: Not Built for the Helpdesk

Taking a Seat at the Executive Table: The Reality of Virtualization

The Total Economic Impact of Network Security Intrusion Prevention

Generation Remote Infrastructure Management - Changing the Paradigm

Lower IT Costs with Oracle Database 11g Release 2

Ready to virtualize tier one applications? Check your virtualization maturity.

Seven Ways ITIL Can Help You in an Economic Downturn

Tips for successful virtualization management.

Five CIO challenges addressed by better change management

CA ARCserve r12.5 is More Than Backup! Download Trial Version Today

Secure & simplify your data center w/Juniper Networks.

Gartner ITxpo Panel Webcast: Real-world Early Adoption of Windows 7.

Masters of Virtualization and Cloud Computing - Daily News

Stay informed with custom newsletters from Tech Dispenser

Trend Micro ranked #1 against real-world malware. Read more.

Streamline IT Costs. Boost Performance with WAN Optimization.

Authentication as a Service by Forrester Research

Cloud-Based Authentication for Next-Generation Extranets

Mobile Security: The Essential Ingredient for Today's Enterprise

Learn about the growing threat of insider data theft.

Efficiency goes up. Costs come down.

Verint Systems. Discover the Power of Intelligence in Action"

Upgrading to VMware vSphere with vWire

See how AT&T can help protect your network.

White Paper: 5 Best Practices for Smartphone Support

Global Research: CIOs Weigh In On Virtualization

White Paper: Next Generation Remote Infrastructure Management

Seven Design Requirements for Web 2.0 Threat Protection

Cloud-Based Email Management: Opinion Shifts In Favor

Achieving Business Agility with Application Grid

Taking the Service Desk to the Next Level

Learn about The Information Technology Infrastructure Library.

Build your 1st app FREE with Force.com

Read about how to add efficiencies with Microsoft Virtualization.

Dark Fiber from Sunesys Save on Unlimited Bandwidth with Fixed Costs.

Forrester Webcast - Managing Desktop Support Costs

Be Prepared for Windows 7. Register for this Webcast Series.

Top Five CIO Challenges

AT&T Synaptic Storage as a Service. Expand on demand

Webinar: Jump-start your in-house e-discovery with Ringtail QuickCull from FTI Technology

Read the RSA report: Security for Business Innovation

 
 
RESOURCE CENTER
 
buy a link »
Ads by TechWords