存档

文章标签 ‘脱敏’

Data Masking

2015年8月9日 没有评论

The replacement of already existing susceptible information with one that looks real but is of no use to those who wish to misuse the original information is termed as Data Masking. In simple words, data masking is the method of covering the data with a protective layer which looks exactly like data and information but is fake, just to confuse the intruder. Did you know the Germans used to send the message in ciphered form? They masked their original message with an undecipherable code. That technique when used in protecting the highly confidential and sensitive data of the organisations it was called Data Masking.

Many people confuse this term with ‘data invisibility’. But, it is an entirely different concept. In Data Invisibility, users are restricted to see the data; they get a clear message that data is hidden. But, in Data Masking they are fetched with a kind of fake data.

Why Data masking is Important?

The data leaking or inappropriate exposure of it can affect the company on multiple levels.

Legally: Organizations have the duty to protect its user’s private data. If the company loses it anyhow, then any user can take legal action against that company.

Defamation: A company can have anything saved in its files, reaching of those documents to the public can defame a company

Loss of Future Prospects: If your company’s sensitive information gets in the hands of your competitors, they can know your future prospects and work accordingly to beat in competition. Or, your competitor can mould the information and can use it against you.

What does Data Masking do?

The actual data with real information may be required in one database – but it is doubtful to be needed in every test database. Various masking routines are followed through which the magnitude of the data exposure is maintained and controlled.

Level-I Masking or Compound Masking

The set of relative columns is masked as a group so as the masked data retain the same relationship across the columns. For instance: zip, city and state need to be consistent after masking.

Level –II Masking or Deterministic Masking

Level-II Masking is used to ensure that certain values get masked to the same value across all databases. For instance: a customer number or I.D.

Level-III Masking or Lock-Key Masking

When a company has to send its data to another company or any third party for reporting, analysis or any other business process, then Lock-Key masking is used. Original data is masked using a secure lock-key masking function. Once the company gets the data back from the 3rd party, it can recover the original data by using the same key that is used to mask it. It is also called Key-based reversible masking.

Data can be masked using following Techniques

Substitution: The content is randomly replaced with something similar but not exactly the same. For example, replacing the real surnames with surnames picked from a random list.

Shuffling: In substitution, the replacement data is fetched from outer source whereas in shuffling, the replacement data is taken from the column itself. The data is randomly moved between rows until a stage is reached where there is no longer a reasonable correlation between the column entries.

Number and Date Difference: This technique is useful in case of numeric data. The original numeric data is replaced by a range of percentage. For instance; the salary data may be varied by ±5%. Add 5 % to some values and decrease 5% to some values.

Encryption: Original content is converted into Patterns/code languages such as Morse code or Binary. Not necessary these two, but a company can cipher their data in any form.

Nullifying: As in the name ‘nullifying’ – a sample or a column of data is replaced with NULL values.

The other techniques are

X-Masking, Internal Row Synchronization, Internal Table Synchronization, Table-To-Table Synchronization, User defined SQL commands, Flat File Masking.

All are used for one and one purpose only and i.e. to save your data from getting into the wrong hands.

DataSunrise Database Security Firewall holes the facilities of Data Auditing, Data Security and Data masking. It’s a complete product that ensures total security to your organization’s confidential and sensitive data.