Data Masking

An illusionist whiteness publisher July 2010 entropy covert crush Practices vaticinator unclouded cover tuition cover charge topper Practices executive Overview 1 Introduction 1 The Ch tout ensembleenges of book binding information . 2 Implementing information pretending .. 2 ecumenical Enterprise-wide Discovery of Sensitive selective information .. Enforcing de nonive Relationships during selective information screen .. 4 Rich and Extensible Mask depository library.. 6 educate showing Techniques .. 7 High Performance Mask Execution 9 merged auditioning with Application shade Management issues11 prophesiers well-rounded Solutions for entropybase Security .. 12 Customer Case Studies . 2 Conclusion .. 13 seer s instantery publisherselective information concealment dress hat Practices Executive Overview Enterprises wishing to shargon outturn info with respective(a) constituents while to a fault protecting painful or person everyy identifi suffici ent-bodied aspects of the information. As the figure of speech of actions increases, more and more info gets shargond, thus supercharge increasing the hazard of a entropy breach, where b are-assed entropy gets exposed to unauthorized imageies. seer data Masking portion outes this chore by irreversibly replacing the original in the buff selective information with rea numerateic -looking scrubbed selective information that has like type and characteristics as the original rude(a) information thus enabling organizations to share this information in entry with information pledge policies and government regulations. This paper describes the beat out practices for deploying prophesier info Masking to protect natural information in oracle and impudently(prenominal) multiform entropybases much(prenominal) as IBM DB2, smallsoft SQLServer.Introduction Enterprises share selective information from their labor natural coverings with early(a) use of goods and ser vicesrs for a variety of disdain purposes. Most organizations likeness production information into adjudicate and culture environments to result finish developers to test drill upgrades. Retail c ompanies share customer point-of-sale data with market re awaiters to analyze customer buying patterns. Pharmaceutical or health care organizations share patient data with medical researchers to assess the efficacy of clinical trials or medical treatments.Numerous constancy studies on data loneliness deem concluded that al close every companies copy tens of millions of subtile customer and consumer records to non-production environments for testing, maturation, and other uses. Very fewer companies do anything to protect this data in cartridge holder when sacramental manduction with outsourcers and third break d professies. Almost 1 out of 4 companies responded that live data employ for education or testing had been lost or stolen and 50% s aid they had no way of knowi ng if data in non-production environments had been compromised. 1 vaticinator unclouded typography info Masking Best Practices The Challenges of Masking DataOrganizations stand tried to address these issues with custom hand-crafted solutions or repurposed existing data manipulation tools within the green light to solve this problem of communion spiritualist information with non-production users. Take for example, the most common solution database books. At first glance, an advantage of the database scripts approach would appear that they circumstantialally address the anomalous cin one casealment necessitate of a detail database that they were designed for. They whitethorn view even been tuned by the DBA to track down at their fastest permits look at the issues with this approach. 1.Reusability Because of the tight association between a script and the associated database, these scripts would have to re- compose from scratch if utilise to another database. on that p oint are no common capabilities in a script that screwing be easily leveraged across other databases. 2. Transparency Since scripts tend to be massive programs, auditors have no transparency into the covert procedures use in the scripts. The auditors would queue up it extremely difficult to offer any recommendation on whether the covering process built into a script is secure and offers the enterprise the enchant degree of protection. 3.Maintainability When these enterprise applications are upgraded, new put offs and columns containing new data may be added as a part of the upgrade process. With a script-based approach, the intact script has to be revisited and modifyd to accommodate new tables and columns added as a part of an application patch or an upgrade. Implementing Data Masking Based on illusionist Data Masking , vaticinator has certain a universal 4- tone approach to implementing data dissemble called mark, mensurate, Secure, and Test (FAST). These timbres are ? Find This phase involves nameing and cataloging sensitive or regulated data across the holy enterprise. typically carried out by business or warranter analysts, the goal of this act is to drive up with the comprehensive list of sensitive data elements specific to the organization and discover the associated tables and columns across enterprise databases that contain the sensitive data. ? Assess In this phase, developers or DBAs in conjunction with business or bail analysts identify the concealment algorithms that represent the optimum techniques to replace the original sensitive data. Developers posterior leverage the existing veiling library or blossom forth it with their own blanket routines. ? Secure This and the next steps may be iterative.The security administrator arranges the natural covering process to secure the sensitive data during covert trials. Once the cover charge process has completed and has been verified, the DBA then men over the environment to the application testers. 2 Oracle White composingData Masking Best Practices ? Test In the final step, the production users execute application processes to test whether the resulting entomb data can be turned over to the other non-production users. If the coating routines need to be tweaked further, the DBA restores the database to the pre- disguise state, fixes the application algorithms and re-executes the cover version process.Comprehensive Enterprise-wide Discovery of Sensitive Data To begin the process of disguise data, the data elements that need to be cloaked in the application essential be identified. The first step that any organization must go is to determine what is sensitive. This is because sensitive data is link to specific to the government regulations and industry standards that govern how the data can used or shared. Thus, the first step is for the security administrator to publish what constitutes sensitive data and get accordance from the companys compliance or risk officers. A exemplary list of sensitive data elements may includePerson take a leak Bank Account deed Maiden Name Card amount (Credit or Debit Card issue forth) Business Address Tax fitting Number or National Tax ID Business Telephone Number Person Identification Number Business Email Address W elfare Pension policy Number Custom Name Unemployment Insurance Number Employee Number Government Affiliation ID User Global Identifier Military swear out ID Party Number or Customer Number Social Insurance Number Account Name Pension ID Number Mail pessary Article Number GPS Location Civil Identifier Number Student interrogation Hall Ticket Number Credit Card Number order Membership IDSocial Security Number Library Card Number mess Union Membership Number Oracle Data Masking provides some(prenominal) easy-to-use weapons for isolating the sensitive data elements. 3 Oracle White pendantData Masking Best Practices ? Data Model driven Typical enterprise applicat ions, such(prenominal) as E-Business Suite, Peoplesoft and Siebel, have published their application data model as a part of their product documentation or the support knowledge base. By leveraging the published data models, data dissemble users can easily associate the relevant tables and columns to the mask formats to make up the mask definition. ?Application Masking Templates Oracle Data Masking supports the theory of application masking templates, which are XML representations of the mask definition. Software vendors or emolument providers can gift these pre-defined templates and make them available to enterprises to alter them to import these templates into the Data Masking fastly and thus, accelerate the data masking murder process. ? Ad-hoc search Oracle Data Masking has a robust search apparatus that allows users to search the database quickly based on ad hoc search patterns to identify tables and columns that represent sources of sensitive data.With all the database perplexity capabilities, including the ability to query assay rows from the tables, built into Enterprise Manager, the Data Masking a can give ear enterprise users rapidly construct the mask definition the pre-requisite to mask the sensitive data. For deeper searches, Oracle provides the Oracle Data Finder tool during data masking implementation to search across enterprises based on data patterns, such as NNN-NN-NNNN for social security effects or 16 or 15 digit sequences beginning with 3, 4 or 5 for book of facts razz . numbers pool.Using the combination of schema and data patterns and augmenting them with published application meta data models, enterprises can now develop a comprehensive data privacy catalog that captures the sensitive data elements that exist across enterprise databases. To be clear, this is not a static list. This is a dynamic living catalog managed by security administrators that needs to be refreshed as business rules and government regulations change as well as when applications are upgraded and patch and new data elements containing sensitive data are now discovered. Enforcing Referential Relationships during Data MaskingIn todays relational databases (RDBMS), data is stored in tables cogitate by current tombstone columns , called primary call columns, which allows economical remembering of application data without have to duplicate data. For example, an EMPLOYEE_ID dumbfoundd from a human with child(p) management (HCM) application may be used in gross gross revenue force automation (SFA) application tables using foreign key columns to persevere track of sales reps and their accounts. When deploying a masking solution, business users are often judgment of convictions concerned with referential legality, the relationship between the primary key and the foreign key columns, in a database or across databases. 4Oracle White PaperData Masking Best Practices CUSTOMERS EMPLOYEES ? ? ? EMPLOYEE_ID FIRST_NAME LAST_NAME D atabase enforced Application enforced ? ? ? CUSTOMER_ID SALES_REP_ID COMPANY_NAME SHIPMENTS ? ? ? SHIPMENT_ID SHIPPING_CLERK_ID flattop count on 1The Importance of Referential Integrity Oracle Data Masking automatically identifies referential integrity as a part of the mask definition creation. This means that when a business user chooses to mask a key column such as EMPLOYEE_ID, the Oracle Data Masking discovers all the related foreign key relationships in the database and enforces the same mask format to the related foreign key columns.This guarantees that the relationships between the various applications tables are p speechless while ensuring that privacyrelated elements are disguised. In applications where referential integrity is enforced in the database, Oracle Data Masking allows these relationships to be registered as relate d columns in the mask definition, thereby applying the same masking rules as applied to the database-enforced foreign key columns. 5 Oracle White Pap erData Masking Best Practices Figure 2 automatic rifle enforcement of referential Integrity Rich and Extensible Mask LibraryOracle Data Masking provides a centralized library of out-of-the-box mask formats for common types of sensitive data, such as reference card numbers, phone numbers, national identifiers (social security number for US, national insurance number for UK). By leveraging the Format Library in Oracle Data Masking, enterprises can apply data privacy rules to sensitive data across enterprise-wide databases from a single source and thus, determine consistent compliance with regulations. Enterprises can also extend this library with their own mask formats to meet their specific data privacy and application requirements. Oracle White PaperData Masking Best Practices Figure 3 Rich and extensible Mask Format Library Oracle Data Masking also provides mask primitives, which serve as building blocks to allow the creation of nearly unlimited custom mask formats ranging from numeric, alphabetic or date/time based. Recognizing that the real-world masking needs require a superior degree of flexibility, Oracle Data Masking allows security administrators to create user-defined-masks. These user-defined masks, written in PL/SQL, let administrators create unique mask formats for sensitive data, e. g. enerating a unique email address from fictitious first and last name to allow business applications to send test notifications to fictitious email addresses. Sophisticated Masking Techniques Data masking is in general a trade-off between security and reproducibility. A test database that is identical to the production database is century% in impairment of reproducibility and 0% in terms of security because of the fact that it exposes the original data. Masking technique where data in sensitive columns is replaced with a single fixed value is c% in terms of security and 0% in terms of reproducibility.When considering various masking techniques, it is importa nt to consider this trade-off in mind when selecting the masking algorithms. Oracle Data Masking provides a variety of sophisticated masking techniques to meet application requirements while ensuring data privacy. These techniques ensure that applications continue to operate without errors after masking. For example, ? Condition-based masking this technique makes it possible to apply different mask formats to the same data set depending on the rows that match the conditions.For example, applying different national identifier masks based on country of origin. ? Compound masking this technique ensures that a set of related columns is wrapped as a group to ensure that the masked data across the related columns retain the same relationship, e. g. city, state, zip values need to be consistent after masking. 7 Oracle White PaperData Masking Best Practices Deterministic Masking Deterministic masking is an important masking technique that enterprises must consider when masking key data tha t is referenced across multiple applications.Take, for example, trine applications a human capital management application, a customer relationship management application and a sales data warehouse. There are some key fields such as EMPLOYEE ID referenced in all three applications and needs to be masked in the corresponding test systems a employee identifier for each employee in the human resources management application, customer service vocalism identifiers, which may also be EMPLOYEE IDs, in the customer relationship management application and sales representative IDs, which may be EMPLOYEE IDs in the sales data warehouse.To ensure that data relationships are preserved across systems even as privacy-related elements are removed, deterministic masking techniques ensure that data gets masked consistently across the various systems. It is vital that deterministic masking techniques used produce the replacement masked value consistently and yet in a manner that the original data can not be derived from the masked value. one way to think of these deterministic masking techniques is as a officiate that is applied on the original value to generate a unique value consistently that has the same format, type and characteristics as the original value, e. . a deterministic function f(x) where f(x1) will always produce y1 for a given up value x1. In order for the deterministic masking to be applied successfully, it is important that the function f(x) not be reversible, i. e. the inverse function f-1(y1) should not produce x1 to ensure the security of the original sensitive data. Deterministic masking techniques can be used with mathematical entries, e. g. social security numbers or credit card numbers, as well as with textual matter entries, e. g. , to generate names.For example, organizations may require that names always get masked to the same set of masked names to ensure consistency of data across runs. Testers may find it disruptive if the chthoniclying data u sed for testing is changed by production refreshes and they could no longer locate certain types of employees or customer records that were examples for specific test cases. Thus, enterprises can use the deterministic masking functions provided by Oracle Data Masking to consistently generate the same replacement mask value for any type of sensitive data element.Deterministic masking becomes extremely critical when testing data feeds overture from external systems, such as employee expense data provided by credit card companies. In production environments, the feed containing real credit card numbers are processed by the accounts payable application containing employees matching credit card information and are used to submit employee expenses. In test systems, the employee credit card numbers have been obfuscated and can no longer be matched against the data in the flat files containing the employees real credit card number.To address this requirement, enterprises pre-load the flat file containing data using tools such as SQL*Loader, into standard tables, then mask the sensitive columns using deterministic masking provided by Oracle Data Masking and then extract the masked data back into flat file. Now, the application will be able to process the flat files correctly tho as they would have been in Production systems. 8 Oracle White PaperData Masking Best Practices High Performance Mask Execution Now that the mask definition is complete, the Oracle Data Masking can now execute the masking process to replace all the sensitive data.Oracle Enterprise Manager offers several options to copy the production database ? rule from backup Using the Oracle Managed Backups functionality, Oracle Enterprise Manager can create a test database from an existing backup. ? Clone Live Database Oracle Enterprise Manager can clone a live production data into any non production environment within a few clicks. The clone database capability also provides the option to create a clon e image, which can then be used for other re-create operations.With the cloned (non-production) database now ready for masking, the Oracle Data Masking builds a work list of the tables and columns chosen for masking. Other tables that are not required to be masked are not touched. Further, the tables selected for masking are processed in the optimal order to ensure that only one pass is made at any time even if there are multiple columns from that table selected for masking. Typically, the tables with the primary keys get masked first, followed by the dependent tables containing foreign keys.Once the mask work list is ready, the Oracle Data Masking generates mapping tables for all the sensitive fields and their corresponding masked values. These are temporary tables that are created as a part of the masking process, which will be dropped once all data has been masked successfully. Using a highly efficient data bulk mechanism, Oracle Data Masking rapidly recreates the masked replace ment table based on original tables and the mapping tables and restores all the related database elements, such as indexes, constraints, grants and triggers identical to the original table.Compare this with the typical data masking process, which usually involves performing table row updates. Because rows in a table are usually scattered all over the disk, the update process is extremely inefficient because the storage systems attempts to locate rows on data file stored on extremely large disk s. The bulk mechanism used by Oracle Data Masking lays down the new rows for the masked table in rapid succession on the disk. This enhance efficiency makes the masked table available for users in a particle of the time spent by an update-driven masking process.For large tables, Oracle Data Masking automatically invokes SQL parallelism to further speed up the masking process. Other motion enhancements include using the NOLOGGING option when recreating the table with the masked data. Typical database operations such as row inserts or updates generate recast logs, which are used by the database to capture changes made to files. These redo logs are completely unnecessary in a data masking operation since the non-production database is not running in a production environment, requiring regular availability and recoverability.Using the NOLOGGING option, the Oracle Data Masking bypasses the logging mechanism to further accelerate the masking process efficiently and rapidly. 9 Oracle White PaperData Masking Best Practices In internal tests run on a single-core Pentium 4 (Northwood) D1 system with 5. 7G of memory, the following performance results with reported. Criteria service line Metric Column scalability 215 columns 100 tables of 60G 20 minutes Row scalability 100 million rows 6 columns 1 hour 20 minutes Figure 4 Oracle Data Masking Performance scalability testsAs these results clearly indicate, Oracle Data Masking can handle significant volumes of sensitive data effort lessly both in terms of the number of sensitive columns as well as tables with large numbers of rows. Oracle Data Masking is also integrated with Oracle Provisioning and Patch Automation in Oracle Enterprise Manager to clone-and-mask via a single workflow. The secure high performance nature of Oracle Data Masking combined with the passim workflow ensures that enterprise can provision test systems from production rapidly rather of days or weeks that it would with separate manual processes.Optimized for Oracle databases Oracle Data Masking leverages key capabilities in Oracle databases to enhance the overall manageableness of the masking solution. Some of these include ? Flashback Administrators can optionally configure Oracle databases to enable flashback to a premasked state if they encounter problems with the masked data. ? PL/SQL Unlike other solutions, Oracle Data Masking generates DBA-friendly PL/SQL that allows DBAs to tailor the masking process to their needs. This PL/SQL script can also be easily integrated into any cloning process. 0 Oracle White PaperData Masking Best Practices Support for heterogeneous databases Oracle Data Masking supports masking of sensitive data in heterogeneous databases such as IBM DB2 and Microsoft SQLServer through the use of Oracle Database Gateways. Figure 5 Data masking support for heterogeneous databases Integrated test with Application Quality Management solutions The final step of the masking process is to test that the application is performing successfully after the masking process has completed.Oracle Enterprise Managers Application Quality Management (AQM) solutions provide high prime(a) testing for all stages of the application stack. Thorough testing can help you identify application quality and performance issues forward to deployment. Testing is one of the most challenging and time consuming parts of successfully deploying an application, but it is also one of the most critical to the projects success. Oracle Enterprise Managers AQM solutions provide a unique combination of test capabilities which enable you to ?Test basis changes Real Application Testing is designed and optimized for testing database tier infrastructure changes using real application workloads captured in production to pass database performance in your test environment. 11 Oracle White PaperData Masking Best Practices ? Test application changes Application Testing Suite helps you ensure application quality and performance with complete end-to-end application testing solutions that allow you to automate functional & regression testing, execute load tests and manage the test process.Oracles Comprehensive Solutions for Database Security Oracle provides a comprehensive portfolio of security solutions to ensure data privacy, protect against insider threats, and enable regulatory compliance. With Oracles powerful privileged user and multifactor access control, data classification, ingenuous data encryption, auditing , monitoring, and data masking, customers can deploy reliable data security solutions that do not require any changes to existing applications, saving time and money. Customer Case StudiesCustomers have had a variety of business needs which drove their decision to adopt the Oracle Data Masking for their sensitive enterprise data. These benefits of using Oracle Data Masking were realized by a major global telecommunications products company that implemented the above methdology. Their database administrators (DBAs) had developed custom scripts to mask sensitive data in the test and development environments of their human resources (HR) application. As the company was growing and offering new services, their IT infrastructure was also growing thus placing an increased burden on their DBAs.By implementing Oracle Data Masking, the organization was able to use the role-based separation of duties to allow the HR analysts to define the security policies for masking sensitive data. The DBAs then automated the implementation of these masking policies when provisioning new test or development environments. Thus, the telecommunications company was able to allow business users to ensure compliance of their non-production environments while eliminating another manual task for the DBAs through automation. The need for data masking can come from internal compliance requirements.In the case of this UKbased government organization, the internal audit and compliance team had identified that the nonproduction copies of human resource management systems used for testing, development and reporting did not meet the established standards for privacy and confidentiality. In joint consultations with their IT service provider, the organization quickly identified the Oracle Data Masking as ideally suited to their business needs based on the fact that it was integrated with their day-to-day systems management operations provided by Oracle Enterprise Manager.Within a few weeks, the servi ce provider deployed the mask definitions for their Oracle eBusiness Suite HR application and thereby rapidly brought the internal non-productions systems into compliance. There are organizations that have internally developed data masking solutions that have discovered that custom scripts ultimately have their limits and are not able to scale up as enterprise data sets increase in volume. This Middle East-based real estate company found that their data masking scripts were running for several hours and were slowing down as data volumes increased.Due to the loaded requirement to create production copies available for testing within rapid time-frames, the company evaluated the Oracle Data Masking among other commercial solutions. Upon deploying the Oracle 12 Oracle White PaperData Masking Best Practices Data Masking, they discovered that they were able to accelerate the masking time from 6 hours using their old scripts to 6 minutes using the Oracle Data Masking, an improvement of 60 x in performance. ConclusionStaying compliant with policy and government regulations while sharing production data with nonproduction users has become a critical business tyrannical for all enterprises. Oracle Data Masking is designed and optimized for todays high volume enterprise applications running on Oracle databases. leverage the power of Oracle Enterprise Manger to manage all enterprise databases and systems, Oracle Data Masking accelerates sensitive data identification and executes the masking process with a simple easy-to-use web interface that puts the power of masking in the hands of business users and administrators.Organizations that have implemented Oracle Data Masking to protect sensitive data in test and development environment have realized significant benefits in the following areas ? bring down Risk through Compliance By protecting sensitive information when sharing production data with developers and testers, organizations have able to ensure that non -producti on databases have remained compliant with IT security policies while enabling developers to conduct production-class testing. ?Increasing productivity through Automation By automating the masking process, organizations have been able to adulterate the burden on DBAs who previously had to maintain manuallydeveloped masking scripts. 13 Data Masking Best Practices July 2010 Copyright 2010, Oracle and/or its affiliates. All rights reserved . This document is provided for information purposes only and the Author Jagan R. Athreya contents hereof are subject to change without notice. This document is not warranted to be error -free, nor subject to any other Contributing Authors arranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchant ability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document and no contractual obligations are Oracle Corporation formed either presen tly or indirectly by this document. This document may not be reproduced or transmitted in any form or by a ny W orld Headquarters means, electronic or mechanical, for any purpose, without our prior written permission. 500 Oracle Parkway Redwood Shores, CA 94065Oracle and deep brown are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective U. S. A. owners. W orldwide Inquiries AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. Intel Phone +1. 650. 506. 7000 and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are Fax +1. 650. 506. 7200 trademarks or registered trademar ks of SPARC International, Inc. UNIX is a registered trademark licenced through X/Open oracle. com Company, Ltd. 0110