As the name implies, data masking, also known as data obfuscation, is a process that enterprises use to replace original data with functional fictitious data so that it can be used safely in situations where original data is not needed. This blog aims to illuminate how we implemented the Redgate Data masker tool for a Corporate Banking institution to protect their sensitive data while also simultaneously maintaining its usability for the development and testing team.
This process was applied to a number of their sensitive business & personal critical information, such as:
- Personally Identifiable Information (PII)
- Loan Account information
- Social Security Number (SSN)
- Intellectual Property data (IP)
- Mobile/Land/Address/Zip details
By using the data masking concept, we altered the data value while keeping the constant formatting of original data.
A simple example to illustrate data masking would be: Take the loan account id as a 6-digit format, let us say 123456. Masking data changes the numbers but maintains the same 6-digit format. Using the example above, the masked loan account id could become 456123 (using shuffling) or 123999 (using prefix) or 999456 (using postfix) based on the masking rule set.
Here we note that data masking uses several methods to alter the original sensitive data, including character or number substitution, character shuffling, or the use of algorithms to generate random data that has the same properties as the original data. For our particular need, we chose to leverage Redgate, which has the masking capability to mask Oracle as well as Microsoft SQL Server databases.
Masking Methodology :
Masking Workflow :
Data masking & Process Automation Architecture: (without asset tagging)
In a new process of masking and automation, we were able to safeguard the originality of data and boost efficiency in the overall process of automation using shell command.
By implementing data masking, we have ensured that the data for non-production use is secure and noninformative as compared to the original data. This type of data is widely used for the following purposes:
- Personnel training
- Application development and testing
- Development & testing of dummy reporting
- Business analytics modeling
Subsequently, masking data also helps protect against insider threats and comply with the General Data Protection Regulation to strengthen and unify personal data protection & compliance. Data security threats are everywhere and pose risks to the organization and its customers.
Financial institutions are especially sought-after targets for hackers due to the enormous amount of capital they oversee and should take all precautions against the growing technological threats they face. Whether it is losses caused by hackers or damage to public perception, financial institutions have the most to lose, which is why they must invest in securing their data to avoid the very real threat of information leakage.
To fully understand data masking and its enterprise potential one first needs to understand how it works and what it aims to solve – check out our whitepaper that gives an overview into the world of data masking by uncovering the types, techniques, strategies, and also includes a use case of custom data masking that we implemented for one of our Health and Human Services clients.