Imperva Camouflage Data Masking Brief Dec 2015 V2When evaluating data masking, you will likely investigate both dynamic and static masking. Static data masking is primarily ... Scripts
Post on 29-May-2020
5 Views
Preview:
Transcript
ImpervaCamouflageDataMasking
Reducetheriskofnon-complianceandsensitivedatatheftSensitivedataisembeddeddeepwithinmanybusinessprocesses;itisthefoundationalelementinHumanRelations,sales,andstrategicanalysissystems.Thebusinesscannotfunctionwithoutenablingaccesstothisinformation.Theproblemisthatthisinformationisequallyvaluabletothebadguys–hackers,disgruntledormisguidedinsidersandcompetitors.Complianceregulationsrecognizethevalueofsomeofyoursensitivedata,includingpersonallyidentifiableinformation,butyourorganizationhasvastamountsofsensitiveinformationthatisnotsubjecttoregulation.Yourchallengeistoprotectallofthesensitiveinformationanddemonstratecompliancewiththeapplicableregulationinacost-effectivemannerthatfitsyourbusiness’sprocessesandresources.
TheImpervadatasecurityportfolioispurpose-builttoprovideyouwithsecurityandcompliancecapabilitiesthatmeetaddressabroadrangeofusecasesacrossdatabases,files,useractivity,BigDataandcloud-basedsystems.TheImpervaCamouflageDataMaskingsolutionwillreduceyourriskprofilebyreplacingsensitivedatawithrealisticfictionaldata.Thefictionaldatamaintainsreferentialintegrityandisstatisticallyaccurateenablingtesting,analysisandbusinessprocessestooperatenormally.Theprimaryuseofthismaskingisfordatainnon-productionsystems,includingtestanddevelopmentsystemsordatawarehousesandanalyticaldatastores.Anothersetofcandidatesfordatamaskingisbusinessenablersthatrequiredatatoleavethecountryorcompanycontrol,suchasoff-shoreteamsoroutsourcedsystems.TheImpervaCamouflageDataMaskingsolutionwillnotonlyprotectdatafromtheft,itwillhelpensurecompliancewithregulationsandinternationalpoliciesdictatingdataprivacyandtransport.
• Discoveranddocumentsensitivedataanddatarelationshipsacrosstheenterprise
• Reducethevolumeofsensitivedatainnon-productionsystems
• Facilitatedatatransportforoutsourcingorcompliancewithinternationalprivacyregulations
• Enableuseofproductiondataindevelopmentandtestingwithoutputtingsensitivedataatrisk
• Trackchangesandgeneratecompliancereportsateachdatarefresh
• Preventsensitivedatalossfromnon-productionsystems
DataMasking:AbaselinedatasecuritymeasureLikeothertraditionalsecuritytoolsdevelopedtoaddressaspecificchallenge,datamaskingisevolvingbeyondthetraditionalusecaseinapplicationdevelopmentandtestingtobecomeastrategicelementinanintegratedsecurityinfrastructure.TheGartnerMarketGuideforData-CentricAuditandProtectioncategorizesdatamaskingasakeydataprotectioncapabilitythatshouldbepartofanorganization’sdatasecuritygovernance“shortlist”.1Thereasonissimple:datamaskingpreventsaccesstosensitivedatawhileenablingtesting,analysis,andbusinessprocesses.
Whenevaluatingdatamasking,youwilllikelyinvestigatebothdynamicandstaticmasking.Staticdatamaskingisprimarilyusedonnon-productiondatabasesandispermanent;dynamicmaskingisusedonproductiondatabasesandistemporary.Whileeachmaskingservesapurpose,staticdatamaskingissignificantlyeasierandfastertodeployandmanagelong-term.Staticmaskinghasnoimpactontheproductionsystemperformance;thereisnoriskofcorruptingtheproduction
1GartnerReport:G00276042;MarketGuideforData-CentricAuditandProtection,December15,2015,
data.TheImpervaCamouflageDataMaskingsolutionisastaticdatamaskingtoolthatpermanentlyprotectsdataandreducesexposuretocompliancerequirements.
DataMaskingBestPractices
Designingasustainablestaticdatamaskingsolutionrequiresanunderstandingofthesourcedataandthedependenciesonthatdatasetacrosstheorganization.ThisunderstandingwilldrivethemaskingpoliciesandintegrationofmaskingintotheexistingITandbusinessprocesses.Theresultingframeworksupportsarepeatableprocessthatminimizesresourcerequirements,reducesriskandimprovescompliancewithregulatoryrequirements.
Discover:Retrieveandanalyzesensitivedata
ThegoaloftheDiscoverphaseistoidentifydatathatneedstobemaskedinordertoprovidesufficientprotectionwithoutcompromisingdatautility.ThisstageinvolvesdocumentationofrequirementsandeducationontheimplicationsofmaskingnecessaryforthecreationofconfigurationsduringthePolicystageoftheDataMaskingBestPractice.Automateddiscoveryofsensitivedataisakeyfactorinminimizingdeploymenttimesandlong-termsuccess.
AssessandClassify:Establishcontextforsensitivedata
TheAccessandClassifyphaseareintendedtoestablishcriteriathatwillaidindetermininghowtomaskthedata.IncludingthecodificationofthecontextualinformationdeterminedduringtheDiscoverphase,thesensitivityofvariousdata,itsintendeduse(s),thetransformationrequirementsandanyinter-databasedependencies.
SetPolicy:Createdatamaskingconfigurations
ThegoalofthePolicyphaseistocreatedatamaskingconfigurationsbaseduponcustomer-specificfunctionalmaskingrequirementsdefinedinpriorphases.Includingplansandrequirementsforintegratingdatamaskingconfigurationsintotheoveralldatarefreshprocessfornon-productionenvironments.Thisphasealsoprovidesanopportunitytodevelopdatamaskingschedulesandestablishappropriatechangemanagementprocesses.Datamaskingsoftwarethatiseasy-to-use,flexibleandscalableiscriticalforaccommodatingvaryingandoftencomplexrequirements.
Deploy:Integratedatamaskingintheexistingprocesses
TheDeployphaseisintendedtotransitiondatamaskingintotherefreshprocessfornon-productionenvironmentstakingtheoverallbusinessprocess(es)intoaccount.ThisphaseentailsexecutingconfigurationsconstructedduringthePolicyphase.Reportautomationandpre-andpost-runscriptsoptionssupportawiderangeofancillaryprocessesandrequirements.
ManageandReport:Adapttochangingrequirementsandprovidevisibility
TheManageandReportphaseiswherethe“fitandvalue”ofthesolutionwillbecomeclear.Thisphaseincludeschangemanagement,jobmaintenance,configurationupdatesandcompliancereportsaboutdatarelationships,maskingtechniques,andmaskeddatabasestructures.
DataMaskingSimplifiedSomedatamaskingvendorswillhaveyoubelieveittakesyearsandmillionsofdollarstoimplementadatamaskingsolution.Thispresumptionsimplyisnottrue.TheImpervaCamouflageDataMaskingsolutionimplementationscanberunninginweeksormonthsfromstarttofinish,evenforthelargestFortune500organizations.Thesolutionprovideseaseofuse,scalability,andend-to-endfunctionalitythatensurerapidadoptionandlong-termvalue.
Alldatamaskingfunctionsincludingdatadiscovery,datamasking,managementandreportingareperformedfromtheImpervaCamouflageWorkbenchuserinterface,resultinginashorterlearningcurve.Thisefficientcentralizedmanagementcontrastsstarklywithothersolutionsthatutilizedisparateuserinterfacesfordifferentfunctionality.
Intelligentlyidentify,classifyandanalyzesensitivedataanddatarelationships
Thechallengeofdatadiscoveryoftenliesinthecomplexmixoflegacy,homegrownandthird-partyapplicationsthatrunyourorganization.Sometimestheoriginaldevelopersoflegacyapplicationshavemovedon,andadequatedocumentationisnon-existent.Manytimescommercialsoftwareisaproprietary“blackbox".Regardlessofwhetheryouneedtosecurein-houseorcommercialoff-the-shelfapplications,ImpervaCamouflagemakesiteasytoidentifysensitivedata.Organizationsthatunderstandthenatureoftheirsensitivedataandthecontextinwhichitresidescanthentakemeasurestoputappropriatedataprivacyandsecuritycontrolsinplace.
Howdatadiscoveryworks
Intelligentdiscoveryalgorithmsandahigh-performancearchitectureallowImpervaCamouflagetoscanbillionsofdatapointsforsensitivedataanddatarelationshipsthroughoutanenterprise,greatlyreducingtheneedformanualeffortandenablingamoreagileandefficientprocess.UsingthepredefinedpatterntemplatesandanycustomerspecifiedcustomrulesImpervalocatesandidentifiesawiderangeofsensitivedata,including:
• Creditcardnumbers • Socialsecuritynumbers/NationalId
• Birthdates • Names
• Bankcardnumbers • Addresses
• Healthcarecodes • Phonenumbers
• Identificationnumbers • Financialfields(salary,hourlyrate)
ImpervaCamouflageusesheuristicsandstatisticalanalysistoidentifysensitivedatarelationships.Comparingtheresultswithhistoricalresultsstoredinthecentralizedrepositorytodetectandauditchangestothesensitivedatalandscape.Dataanalysistoolsandreportsprovideriskmanagersandthebusinessstakeholderswiththevisibilitytothoroughlyassesssensitivedatariskandderiveactionableinsightsforimprovingtheorganization’sdatasecurityposture.
Understandyoursensitivedatalandscape
Byautomatingtheidentificationofdatarelationships,themanualeffortrequiredissignificantlyreduced,enablingamoreagileandefficientsensitivedataanalysisprocess.Italsoyieldsdataprofilesthataresnapshotsofdatabaseinformationataparticularpointintime.AFunctionalMaskingDocumentmaybegenerateddirectlyfromthedataprofile.
ThecomprehensiveoverviewreportoftheDiscoveryRunprovidesaneasytounderstand,andactionabledashboard-stylereportwithgraphs,tables,andrecommendationsthatareidealforsharingwithbusinessstakeholders.
Efficientlysetpolicy,configuremaskingrulesanddatarelationships
UsingImpervaCamouflagetocreaterealisticandfullyfunctionaldatarequiredforuseinnonproductionenvironmentsreducestheoverallamountofdatasubjecttocompliancewithprivacylegislationandorganizationalpolicies.Italsoeliminatesthecorrespondingriskassociatedwithdatalossintheeventofabreach.
ThecentralizedWorkbenchconsoleutilizesanumberofpredefinedtemplates,datatransformers,andclick-to-configureoptionsthatstreamlineeveryaspectofadatamaskingproject,including:
• Datadiscovery • Projectexecution(real-timeorbatch)
• Projectdefinition • Pre-andpost-processscripts
• Databaseandflatfile/mainframeconnectivity • SubsettingandETLmasking
• TranslationMatrix(Inter-databasedependencymanagement) • Reporting
• Maskingtargets • Projectsecurity
• Datatransformation • Systemandprojectpreferences
Click-to-ConfigureMaskingCapabilitiesandFunctionality
Databasedrivenconfiguration-WhenconfiguringanImpervaCamouflageproject,thevaluesdefinedandselectedduringtheconfigurationprocessareretrieveddirectlyfromthedatabaseorflatfile.
RelationalIntegrity-Ifprimarykey/foreignkeyrelationshipsaredefinedatthedatabaselevel,ImpervaCamouflagecanautomaticallyupdateallforeignkeyswhenmaskingaprimarykeyfield.Whenkey/foreignkeyrelationshipsaredefinedattheapplicationlevel,therelatedfieldscanbeconfiguredwithinImpervaCamouflagetocorrectlyupdateassociatedkeyfieldstomaintainrelationalintegrity.TheDatabaseTranslationMatrixallowsuserstomaintainconsistentdatarelationshipsacrossdifferentapplicationsandacrosstime.
RealisticFictionalData-Bymaskingdatausedinproductiondatabases,ImpervaCamouflageallowsthecreationoffullyfunctionalandrealisticdata.Oncemasked,thedataretainsitsrealismwithoutdisclosingitsoriginalproperties.
KeyDataTransformers-Thedatatransformersprovidethedatamaskinglogic.Impervaincludesmultipletransformers,coveringamultitudeoftransformationneeds.
RobustScriptingCapability–Inadditiontotheout-of-the-boxtransformers,ImpervaCamouflageprovidestheabilitytotransformdatabywritingcustomscripts.Thecustomscriptsoperatealoneorinconjunctionwithoneofthepre-definedtransformers.ScriptsarewrittenusingtheGroovyscriptinglanguagethatallowsforsignificantflexibilityincreatingcustommaskingfunctions.
ExternalDataSources–Inadditiontothedefaultprojectconnection,otherdataconnectionscanbeconfiguredforuseinretrievingexternalupdatevalues.
EnhancedMasking–ImpervaCamouflageprovidessupportforadvancedandcomplexmaskingrequirementswithadvancedfiltereddatamasking(subsetting)anddatagrouping.
CentralizedManagementandReporting
ThecentralizedmanagementandreportingcapabilityofImpervaCamouflagereducesthetimerequiredtocreateandmanagedatamaskingprojects.Predefinedreporttemplatesautomatecompliancereportingrequirementsandprovidevisibilityintodatause,risk,andprotection.
CommandLineAPIforBatchProcessing–ImpervaCamouflageisenterprisefriendly,supportingcommandlineexecutionoftasksforintegrationwithautomatedITanddatabasescripts.Theintegrationofthemaskingprocesswiththeprocessfortherefreshmentofdatainthenon-productionsystemsensuresconsistentapplicationofcomplianceandsecuritypolicies.
ReusableProjectFiles-AllmaskingactionsarestoredinaImpervaCamouflageprojectfileforfutureuse,modification,andprocessing.ThisfileisXML-based,allowingforeasymigrationofprojectfilesbetweenoperatingsystems.
ConsistentMasking–ImpervaCamouflageprovidestheabilitytocreatemappingtablesthatstoretheoriginalkeyvaluesastheyexistedinthedatabasebeforemasking,alongwiththenewkeyvalues.Activationofthisfeatureiscompletelyoptional(i.e.Impervadoesnotrequirethesetablesinanyway)andthesetablescanalsobesecuredorremovedbyadatabaseadministratorasappropriate.
MultithreadedDatabaseUpdates-Atruntime,thedatabaserefreshcanbeupdatedusingaconfigurablenumberofthreadstooptimizeperformanceinagivenenvironment.
ProjectSecurity–ImpervaCamouflageprovidesalayeredsecuritymechanismforprotectingtheprojectfileaswellasthesixprimaryconfigurationsectionswithintheproject.Independentsecurityenablementofeachsectionandtheprojectprovideflexibilitytomatchyourinternalgovernancepolicies.
VisibilityandReporting–Pre-definedreportsinclude:BeforeandAfterReport,ProjectConfigurationReport,ImpactedObjectReport,HistoricalProjectRunReport.Automaticreportgenerationisapreferencesettingwithineachmaskingproject.Inadditiontothepredefinedreports,thereareanumberofinteractivetoolsandprogressmonitorsthatimprovetheoveralluserexperienceandtaskefficiency.
SummaryImpervaCamouflageDataMaskingreducestheamountofsensitivedatastoredwithinyourenvironmentwhilemaintainingtheintegrityandvalidityoftheinformationforuseinsupportingbusinessprocessesandtestenvironments.Thesmallersensitivedatafootprinttranslatesintohardsavingswhenyouconsiderthepotentialriskandsecurityrequirementsthatnon-maskeddatainthesesystemswouldpose.
ToLearnmorevisitImperva.comorcall+1(866)926-4678
© 2015, Imperva, Inc. All rights reserved. Imperva, the Imperva logo, SecureSphere, Incapsula and Skyfence are trademarks of Imperva, Inc. and its subsidiaries. All other brand or product names are trademarks or registered trademarks of their respective holders. Tech-Name-Date-rev#
top related