Dec 14, 2015
www.hexaware.com • 2© Hexaware Technologies. All rights reserved. © Hexaware Technologies. All rights reserved. www.hexaware.com • 2
Agenda
Data Masking - The need
Data theft - Statistics
Objectives & Benefits
Features
Masking Techniques
Q&A
www.hexaware.com • 3© Hexaware Technologies. All rights reserved. © Hexaware Technologies. All rights reserved. www.hexaware.com • 3
Increasing number
of regulations &
policies governing
Data privacy
Exposing sensitive
information while
sharing
non-production data
during Outsourcing
Unauthorized
access of confidential
data by insiders
Legal consequences
due to data theft by
insiders and external
vendors
Business Challenges/Risks
Data Masking – The Need
www.hexaware.com • 4© Hexaware Technologies. All rights reserved. © Hexaware Technologies. All rights reserved. www.hexaware.com • 4
Data Masking – The Need
Secure Zone • Production environment
• Strict access restrictions
Potential Risk Area • Non - Production environment
• Looser access controls
• Vulnerable to security attacks
www.hexaware.com • 5© Hexaware Technologies. All rights reserved. © Hexaware Technologies. All rights reserved. www.hexaware.com • 5
Statistics - The ‘Insider Threat’
Insider Threat to Compliance and Privacy
• 90% of major corporations detected security breaches
• 70% of corporations detected unauthorized access by insiders
• Myth: Hackers cause most security breaches
• Fact: “Disgruntled employees and other insiders accounted for more than
70% of the cyber attacks”
Reference – Computer World
www.hexaware.com • 6© Hexaware Technologies. All rights reserved. © Hexaware Technologies. All rights reserved. www.hexaware.com • 6
Security Layers
Network Security
Network Security
Network Security
Network Security
Application Security
Application Security
Application Security
Application Security
OS Security
OS Security
OS Security
OS Security
Unauthorized Insider Access
Data
www.hexaware.com • 7© Hexaware Technologies. All rights reserved. © Hexaware Technologies. All rights reserved. www.hexaware.com • 7
Privacy Compliance Legislations
Organizations today face a growing number of regulations that mandate the accuracy, protection and privacy of data across the enterprise
1995 2002 2004
UK Data Protection Act
(1998)All companies doing
business in UK
European Data Privacy Directive
(1998)All companies doing business in Europe
handling PII
HIPAA(1996)
Healthcare & Insurance
All U.S. businesses handling medical records
Canadian – Personal Information Protection And Electronic Documents Act (2001)
All companies doing business in Canada
AUS Privacy Act (2000)
All companies doing business in AUS
Sarbanes Oxley
All U.S. public companies and private foreign issuers
Gramm-Leach Bliley (1999)
Banks and financial services companies doing business in U.S.
www.hexaware.com • 8© Hexaware Technologies. All rights reserved. © Hexaware Technologies. All rights reserved. www.hexaware.com • 8
Examples of sensitive data
1. Patient name2. Medical record numbers3. Health Plan Beneficiary
Numbers
Health Care/Medical
1. Grades2. Student Financial
Numbers3. Financial Aid/Grants
University
1. Funding/Sponsorship information
2. Human subject information
Research
1. SSN2. Name3. Date of Birth4. Contact Information5. Pay components6. Bank Account Number7. Credit Card Number
Employee Information
Sector-wise Sensitive Information
Common Sensitive Information
www.hexaware.com • 9© Hexaware Technologies. All rights reserved. © Hexaware Technologies. All rights reserved. www.hexaware.com • 9
Objectives & Business Benefits
Protection of employee data
Adherence to data privacy legislations
Create de-identified
production database copies
Opens the avenue for
Outsourcing – Results in cost
reduction
De-identify sensitive data for internal
use
Reduces the overhead of
implementing internal security
access policies
Availability of realistic data post-masking
High quality data is
available for testing – Delivery
excellence
ObjectivesBusiness Benefits
Akiva
Application data integrity
No impact on existing functionality
of Application – No
additional cost
www.hexaware.com • 10© Hexaware Technologies. All rights reserved. © Hexaware Technologies. All rights reserved. www.hexaware.com • 10
Where does Akiva fit in?
Unmasked data Masked dataCopy of Production
EMPLID – LU2947NAME - Tom FabrisSSN - 643-75-9912Email - employee@ company.com
Vendor
zone
EMPLID – FN1355NAME - Kevin PetersonSSN - 231-28-1046Email - kevin.peterson@ domain.com
Copy of Production
Production database
Client zone
Akiva
www.hexaware.com • 11© Hexaware Technologies. All rights reserved. © Hexaware Technologies. All rights reserved. www.hexaware.com • 11
Application-centred masking
Akiva understands the complete Application Architecture
• Masking is performed after taking into consideration, the Business Processes and functionality in the Application
• Akiva is customizable - to suit custom built or home-grown Enterprise applications
• Akiva guarantees consistency post-masking
www.hexaware.com • 12© Hexaware Technologies. All rights reserved. © Hexaware Technologies. All rights reserved. www.hexaware.com • 12
Features
Multi-threadingSupports parallel execution to reduce runtime
Key field maskingSupports masking of all key fields without any impactFlexibilityAbility to choose any sensitive data across the enterprise
Reusability Masking configurations can be reused for multiple runs
Preview maskingSee a preview of the masked data before actual masking
Batch ProcessingAkiva can be run from the command line as a batch process
Masking AlgorithmsUser can mask in numerous ways using inbuilt algorithms in Akiva
Subset maskingMasks only a selected set of tables
Platform and DatabaseSupports Unix and Windows platforms and runs on Oracle database
www.hexaware.com • 13© Hexaware Technologies. All rights reserved. © Hexaware Technologies. All rights reserved. www.hexaware.com • 13
Features...Continued
Data IntegrityNo impact on Business Processes
User interfaceSimple, intuitive and user-friendly web interface
Flat File maskingFacilitates flat file masking
Database Level SecuritySecurity permissions of Akiva are same as those privileged by the database
Realistic DataData post-masking is realistic and fully functional
Ability to handle CustomizationTakes care of customizations in the application while masking
Mask it your wayCreate your own masking algorithm
www.hexaware.com • 14© Hexaware Technologies. All rights reserved. © Hexaware Technologies. All rights reserved. www.hexaware.com • 14
Algorithm • Scramble• Sequence number generator• Pattern generator• Combo Shuffle• Generic shuffle• Blank out• Replacement• SSN generator• Luhn generator• Rule based algorithm• Country based name lookup
Additional functions • Scheduler• Profiling• Multi threading• Schedule monitor• Masking preview• Key field masking
Features
www.hexaware.com • 15© Hexaware Technologies. All rights reserved. © Hexaware Technologies. All rights reserved. www.hexaware.com • 15
Masking Techniques 2
ShuffleReplace sensitive values with meaningful, readable data
Before Masking
Obrien, Kandy
ObrienKandyLZ001
Peterson, Kevin
Peterson
KevinKU002
Adams, John
AdamsJohnKU001
NameLast Name
First Name
EMP ID
After Masking
Pearson, Emily
PearsonEmilyLZ001
Gilberto, Samuel
GilbertoSamuel
KU002
Bonner, Rob
BonnerRobKU001
NameLast Name
First Name
EMP ID
Sample fieldsEmployee Name information, Address details
Masking Techniques
www.hexaware.com • 16© Hexaware Technologies. All rights reserved. © Hexaware Technologies. All rights reserved. www.hexaware.com • 16
BlankoutSimply replaces a field with a value of “ ” or 0
Sample fieldsEmployee Address details, Phone Number
Before Masking
614/834-1247LZ001
847/729-5711KU002
608/831-0103KU001
Phone NumberEMP ID
After Masking
LZ001
KU002
KU001
Phone NumberEMP ID
Masking Techniques
www.hexaware.com • 17© Hexaware Technologies. All rights reserved. © Hexaware Technologies. All rights reserved. www.hexaware.com • 17
ReplacementSimply replaces a field with a supplied static value
Sample fieldsEmail Address, Phone Number
Before Masking
Email AddressEMP ID
After Masking
Email AddressEMP ID
Masking Techniques
www.hexaware.com • 18© Hexaware Technologies. All rights reserved. © Hexaware Technologies. All rights reserved. www.hexaware.com • 18
Masking Techniques 2
LookupReplace employee names and addresses choosing from an inbuilt repository of over 200,000 names
Before Masking
Obrien, Kandy
ObrienKandy
LZ001
Peterson, KevinPetersonKevinKU002
Adams, JohnAdamsJohnKU001
NameLast Name
First Name
EMP ID
After Masking
Julia, AngelineJuliaAngeline
LZ001
Conrad, MichaelConradMichaelKU002
McKinley,LarryMcKinleyLarryKU001
NameLast Name
First Name
EMP ID Sample fields
Employee Name information, Address details
Masking Techniques
www.hexaware.com • 19© Hexaware Technologies. All rights reserved. © Hexaware Technologies. All rights reserved. www.hexaware.com • 19
SSN GeneratorGenerate valid US Social Security Numbers for all employees
Sample fieldsSSN, NATIONAL_ID
Before Masking
304-25-9151LZ001
152-08-2397KU002
002-01-0001KU001
SSNEMP ID
After Masking
513-01-0087LZ001
513-01-0421KU002
513-01-0270KU001
SSNEMP ID
Masking Techniques
www.hexaware.com • 20© Hexaware Technologies. All rights reserved. © Hexaware Technologies. All rights reserved. www.hexaware.com • 20
Luhn GeneratorGenerate numbers satisfying Luhn checksum condition
Sample fieldsCredit Card Number
Before Masking
5588 3201 2345 6783LZ001
4302 1519 0076 5981KU002
4552 7204 1234 5677KU001
Credit Card NumberEMP ID
After Masking
4119 6175 2805 4704LZ001
5219 4473 6058 2919KU002
5490 1234 5678 9128KU001
Credit Card NumberEMP ID
Masking Techniques
www.hexaware.com • 21© Hexaware Technologies. All rights reserved. © Hexaware Technologies. All rights reserved. www.hexaware.com • 21
Before Masking
FN3056LZ001
FN1149KU002
FN5297KU001
DEP_IDEMP ID
After Masking
PU0102LZ001
PU0101KU002
PU0100KU001
DEP_IDEMP ID
Sequence Number GeneratorGenerate alphanumeric sequences in order
Masking Techniques
www.hexaware.com • 22© Hexaware Technologies. All rights reserved. © Hexaware Technologies. All rights reserved. www.hexaware.com • 22
Random Number GeneratorGenerate numbers in random
Before Masking
855.47LZ001
309.12KU002
753KU001
COMPRATEEMP ID
After Masking
138.59LZ001
670.05KU002
527.34KU001
COMPRATEEMP ID
Masking Techniques
www.hexaware.com • 23© Hexaware Technologies. All rights reserved. © Hexaware Technologies. All rights reserved. www.hexaware.com • 23
Pattern GeneratorGenerates a set of numbers based on user-defined pattern
Before Masking
917LZ001
242KU002
121KU001
MEMBERSHIP_IDEMP ID
After Masking
716LZ001
501KU002
253KU001
MEMBERSHIP_IDEMP ID
A SAMPLE PATTERNRequirementMEMBERSHIP_ID - 3 digit numbers satisfying the condition
(Hundredth digit + Tenth Digit ) > Units Digit
ExampleA valid number is 253, (2+5) > 3An invalid number is 129, (1+2) < 9
StepsThe requirement can be interpreted and broken down into the following steps (Digits are numbered from left to right).
Step 1: S1 = Digit 1 + Digit 2
Step 2: S2 = S1 > Digit 3
Masking Techniques
www.hexaware.com • 24© Hexaware Technologies. All rights reserved. © Hexaware Technologies. All rights reserved. www.hexaware.com • 24
Rule based maskingConsistently masks the database based on rules/custom masking algorithms defined by the user.
SAMPLE RULE 2 – FIELD RELATIONSHIP DEFINITION
RequirementMask all the pay details of employees
Define Relationship between fieldsNP – Net PayGP – Gross PayBP – Basic PayHRA – House Rent AllowanceDA – Dearness Allowance
Step 1: NP = GP - Tax
Step 2: Tax = 20% GP
Step 3: GP = BP + HRA + DA
Step 4: HRA = 50% BP
Step 5: DA = 10% BP
SAMPLE RULE 1 – CUSTOM MASKING ALGORITHM
RequirementDecrease the Compensation Rate Code field value by a fixed percentage.
Define custom masking algorithmCOMPRATE – Compensation Rate Code field
Step 1: Step 1 = 30% of COMPRATE
Step 2: COMPRATE = Step 1
Masking Techniques
www.hexaware.com • 25© Hexaware Technologies. All rights reserved. © Hexaware Technologies. All rights reserved. www.hexaware.com • 25
Rule based masking sample data
Before Masking
14080
13473.2
12800
NP
17600
16841.6
16000
GP
5500110011000LZ001
52631052.610526KU002
5000100010000KU001
HRADABPEMP ID
Masking Techniques
After Masking
72089.6
70183.6
69529.6
NP
90112
87729.6
86912
GP
28160563256320LZ001
274155483.154831KU002
27160543254320KU001
HRADABPEMP ID
www.hexaware.com • 26© Hexaware Technologies. All rights reserved. © Hexaware Technologies. All rights reserved. www.hexaware.com • 26
Thank You