Data Masking for More Secure Networks and Stronger Compliance
By: Mohie Ahmed
SQL – or Structured Query Language – was first introduced in the early 1970s and was based on the concept of accessing many records using a single command. Since then, many software vendors have implemented SQL within their own database solutions with these core fundamentals in place. Because of this, SQL has become the industry’s most widely used database language.
The most critical and sensitive enterprise data such as customer information, financial information, individual employee information, critical asset information and more is stored in databases. Therefore, the security of these databases is of the utmost importance. Not only are internal security requirements imperative, but without taking additional measures to protect these databases, companies may not be in line with regulations governing compliance within their industry. Some of these would include: Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR). These regulations and others around the world are aimed at protecting data from abuse, preventing fraud and maintaining privacy.
According to breachlevelindex.com, every second of the day, sixty-one data records (almost two billion records per year) are lost or stolen. The size of the threat we are facing is enormous. These numbers prove that there is not one singular and simple way of securing data. There are different dimensions of how to secure databases such as eliminating the sharing of local account credentials (sys, sysadm, system, root, etc.), eliminating database account credentials that are embedded in application scripts or configuration files, and indisputably logging DB admin and user actions, among others. Ironsphere’s platform routinely implements these best practices to defend against insider threats.
Sometimes, however, securing a database can be even more challenging. For example, some users or applications are required to access production data for test or training purposes. This presents a big challenge for today’s security leaders, because many of these users may intentionally or accidentally misuse sensitive data. However, merely blocking them from accessing the database is not a viable option.
One innovative solution to this challenge is to provide fictitious but representative and coherent data instead of real sensitive data. This means that data must be masked in real-time and in such a way that it is still useful but not sensitive anymore. Our latest release introduces the solution. Supported real-time masking rules include redaction, nulling, shuffling, blurring, tokenization and substitution of sensitive data in SQL accessed databases. These real-time masking rules can be used when some users/applications need to be prevented from seeing sensitive data or in application development, test and training environments where not “real” but “synthetic and realistic data” is required.
Ironsphere offers the first and the only PAM solution in the market with dynamic data masking in addition to its other powerful features; at Ironsphere we continue to work hard to innovate in order to enable our customers to “Protect What They Connect”, without compromising operational efficiency.
We have all found ourselves in a different world of work given the events that have defined 2020, and few professionals are feeling the pressure more than IT and OT teams.
Just as cyber risks evolve, the evolution of risk appetite frameworks is more active than ever. With more sophisticated adversaries, more digital transformation initiatives, more mobile works, ecosystem partnerships and connectivity to multiple clouds and services, enlightened management teams and their boards are updating their levels of “risk tolerance.”
Two-factor authentication has been around for decades – requiring an additional step between entering a username and password, for example, then entering a one-time security code sent to a mobile device – to access applications, systems and data.