On Data Privacy Day – January 28, 2020 – Data Masking is in the Spotlight
By: Mohie Ahmed
Data Privacy Day is held on the 28th of January every year, and is designed to raise awareness among businesses, governments, and other organizations on not only the right to privacy, but the responsibility associated with protecting the data of customers, citizens and consumers.
Data security and privacy have become a fundamental aspect of our connected world. We now regard the protection of people’s personal information as a human right. Most organizations have accepted that, as custodians of data, they bear the critical responsibility of ensuring personal information is protected.
Any organization’s security is only as strong as their weakest entry point. This includes internal data environments which, left unprotected, represent a huge risk.
On Data Privacy Day this year, the Ironsphere team is focused especially on data masking, which protects data and ensures businesses not only protect sensitive information, but also comply with regulations.
Nonintrusive data masking supports mixed IT environments without the need to modify specific applications or datasets. Done properly, data masking complements adjacent data security controls such as encryption and tokenization without the need to modify settings or configurations.
The most critical and sensitive enterprise data such as customer information, financial information, individual employee information, critical asset information and more is stored in databases.
Therefore, the security of these databases is of the utmost importance. Not only are internal security requirements imperative, but without taking additional measures to protect these databases, companies may not be in line with regulations governing compliance within their industry.
Some of these include: Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR). These regulations and others around the world are aimed at protecting data from abuse, preventing fraud and maintaining privacy.
According to breachlevelindex.com, every second of the day, sixty-one data records (almost two billion records per year) are lost or stolen.
These numbers prove that there is not one singular and simple way of securing data. There are different dimensions of how to secure databases such as eliminating the sharing of local account credentials (sys, sysadm, system, root, etc.), eliminating database account credentials that are embedded in application scripts or configuration files, and indisputably logging DB admin and user actions, among others.
Ironsphere’s platform routinely implements these best practices to defend against insider threats.
One innovative solution in test environments is to provide fictitious but representative and coherent data instead of real sensitive data. This means that data must be masked in real-time and in such a way that it is still useful but not sensitive anymore.
Ironsphere’s unique data masking solution supports real-time masking rules include redaction, nulling, shuffling, blurring, tokenization and substitution of sensitive data in SQL accessed databases. These real-time masking rules can be used when some users/applications need to be prevented from seeing sensitive data or in application development, test and training environments where not “real” but “synthetic and realistic data” is required.
Ironsphere offers the first and the only PAM solution in the market with dynamic data masking in addition to its other powerful features; at Ironsphere we continue to work hard to innovate in order to enable our customers to “Protect What They Connect”, without compromising operational efficiency.
Data can be de-identified and de-sensitized so that sensitive information is anonymous when used for support, analytics, testing, or outsourcing.
Key features include:
- Precision for data privacy laws: Any combination of personal, health, or credit information can be anonymized to comply with complex cross-border privacy laws and regulations.
- Powerful masking capabilities: A range of masking functions is repeatable across systems to ensure business processes are reliable and precise.
- Performance: Dynamic data masking’s high-speed engine ensures no impact on user throughput. Persistent data masking can scale to mask terabytes of data for large test, outsourcing, or analytic projects.
- Role-based masking: Dynamic data masking accommodates data security and privacy policies that vary depending on users’ locations.
- Data connectivity: Take advantage of comprehensive integrations and connectors with a wealth of Informatica connectors to on-premises and cloud data sources.
- Monitoring and compliance reporting: Data security and privacy professionals can validate that identified sensitive data has been masked to meet security and privacy policies.
While this is just one aspect of comprehensive security measures, it is increasingly important and we’re proud to have developed and to promote our solution as part of Privacy Day 2020.
Security automation is now a top concern for enterprises as the attack surface expands given more remote workers, more devices, and new attack vectors in the cloud.
Automation is rising because IT leaders are realizing it paves the way to reducing risks, gaining greater visibility into their networks, and getting the most from their security investments.
Automation technologies, from Robotic Process Automation (RPA), to Artificial Intelligence (AI) and Machine Learning (ML), are transforming business processes and operating models. These are relatively new categories, and most enterprises do not yet have the skills to implement automation technologies successfully, including Privileged Task Automation (PTA) associated with a robust Privileged Access Management (PAM) posture.read more
Apps are increasingly moving to the cloud, especially as more and more people are working remotely and expect to access them from anywhere, any time, on multiple devices. Despite that, the way enterprises secure access to applications has largely remained unchanged, as they are still focused and dependent on the corporate network perimeter.read more