optanium
Securing Confidentiality Through Data Masking
  • Blog
  • Technology
  • 401 Views

Securing Confidentiality Through Data Masking

Satya Prakash

As the name implies, data masking, also known as data obfuscation, is a process that enterprises use to replace original data with functional fictitious data so that it can be used safely in situations where original data is not needed. This blog aims to illuminate how we implemented the Redgate Data masker tool for a Corporate Banking institution to protect their sensitive data while also simultaneously maintaining its usability for the development and testing team.

This process was applied to a number of their sensitive business & personal critical information, such as:

  • Personally Identifiable Information (PII)
  • Loan Account information
  • Social Security Number (SSN)
  • Intellectual Property data (IP)
  • Mobile/Land/Address/Zip details

By using the data masking concept, we altered the data value while keeping the constant formatting of original data.

A simple example to illustrate data masking would be: Take the loan account id as a 6-digit format, let us say 123456. Masking data changes the numbers but maintains the same 6-digit format. Using the example above, the masked loan account id could become 456123 (using shuffling) or 123999 (using prefix) or 999456 (using postfix) based on the masking rule set.

Here we note that data masking uses several methods to alter the original sensitive data, including character or number substitution, character shuffling, or the use of algorithms to generate random data that has the same properties as the original data. For our particular need, we chose to leverage Redgate, which has the masking capability to mask Oracle as well as Microsoft SQL Server databases.

Masking Methodology :

 

Masking Workflow :

 

Data masking & Process Automation Architecture: (without asset tagging)

 

In a new process of masking and automation, we were able to safeguard the originality of data and boost efficiency in the overall process of automation using shell command.

Business Recognition

By implementing data masking, we have ensured that the data for non-production use is secure and noninformative as compared to the original data. This type of data is widely used for the following purposes:

  • Personnel training
  • Application development and testing
  • Development & testing of dummy reporting
  • Business analytics modeling

Subsequently, masking data also helps protect against insider threats and comply with the General Data Protection Regulation to strengthen and unify personal data protection & compliance. Data security threats are everywhere and pose risks to the organization and its customers.

Financial institutions are especially sought-after targets for hackers due to the enormous amount of capital they oversee and should take all precautions against the growing technological threats they face. Whether it is losses caused by hackers or damage to public perception, financial institutions have the most to lose, which is why they must invest in securing their data to avoid the very real threat of information leakage.

To fully understand data masking and its enterprise potential one first needs to understand how it works and what it aims to solve – check out our whitepaper that gives an overview into the world of data masking by uncovering the types, techniques, strategies, and also includes a use case of custom data masking that we implemented for one of our Health and Human Services clients.

Talk to us for a quick assessment

Related Articles

September 23rd, 2020

Is the Threat of Data Breaches Keeping You up at Night?

by Sudha Devadas Read more

August 14th, 2020

How to Avoid Security Risks While Remote Working

by Kishore Naidu Read more

Freshest Articles

October 20th, 2020

Infrastructure as code – What and Why?

by Kishore NaiduRead more

October 14th, 2020

We are Now 300 Strong!

by Raghurama KoteRead more

September 23rd, 2020

The Future of Automation – Part 4

by Walt CarperRead more

Engage Deeper

Opteamix is a digital automation technology consulting firm with deep expertise in Application Development, Robotic Process Automation, AI, DevOps, Enterprise Mobility, and Test Automation Services. We are headquartered in Denver, Colorado with a wholly-owned delivery center in Bangalore, India.