Secondary Use of Organizational Data Facilitated with Data Masking as Part of Risk-Based Data Protection Strategy
Fremont, CA, August 25, 2011 – Dataguise (http://ping.fm/8Ye9K), a leading innovator of data security intelligence and protection solutions, today highlighted recent research and analysis showing that de-identification through data masking is an important aspect of a company’s overall risk assessment framework. Masked data is used in application development, testing, qualityassurance, support and business analysis by a range of private and governmental entities.
Data masking is the process of obscuring (masking) specific data elements within data stores. It ensures that sensitive data is replaced with realistic but not real data. The goal is that sensitive customer information is not available outside of the authorized environment. Data masking is typically done while provisioning non-production environments so that copies created to support test and development processes are not exposing sensitive information and thus avoiding risks of leaking. Masking algorithms are designed to be repeatable so referential integrity is maintained.*
Common business applications require constant patch and upgrade cycles and require that 6-8 copies of the application and data be made for testing. While organizations typically have strict controls on production systems, data security in non-production instances is often left up to trusting the employee, with potentially disastrous results.*
Creating test and development copies in an automated process reduces the exposure of sensitive data. Database layout often changes, it is useful to maintain a list of sensitive columns in a without rewriting application code. Data masking is an effective strategy in reducing the risk of data exposurefrom inside and outside of an organization and should be considered a best practice for curing non-production databases.* With the volume of information rising among organizations in every category, data masking provides the best avenue for conducting information dependent operations without putting the data at risk of exposure.
Industry experts and organizations concerned with data privacy continue to cite the importance of data masking as a key approach to ensuring compliance with industry regulations. According to the CDT (Center for Democracy and Technology), “The trend towards adoption of health information technology (health IT) offers substantial benefits not only to individuals in terms ofimproving health care quality and increasing efficiency, but also to medical research, public health and other functions that derive value from large sets of health-related data. At the same time, increased electronic flows of health data pose significant risks to privacy. Among the many challenges that willrequire attention as health IT is promoted through implementation of the stimulus legislation and other means is how to strip health data of personal identifiers in order to eliminate or reduce privacy concerns, while still retaining useful information.”
“Data-masking technologies can help protect organizations against security breaches as well as regulatory and other compliance failures,” said Joe Feiman, Senior Analyst, Gartner, “A clear understanding of the key trends in this still-evolving market is crucial to making the right implementationdecisions.”[1]
To secure sensitive data, masking technologies that provide optimalsensitive data privacy risk management, automate the identification, categorization and periodic review of sensitive data holdings are advantageous. Of the available options, those that provide actionable intelligence and enable information security, compliance officers and infrastructure managers to better understand shared responsibilities for protecting data are preferred. Theseprovide an integrated solution for better risk management, improved operational efficiencies and reduced regulatory compliance costs.
“Much of the debate over the appropriate privacy protection solution can be settled by the proper alignment of key technologies such as tokenization, encryption or masking with their respective applications,” said Allan Thompson, EVP, Operations, Dataguise. “For data used outside of the production environment, such as Oracle, IBM DB2 and SQl Server copied databases used for test, development, quality assurance and business analytics, data masking provides a much more efficient and secure data sharing solution than the alternatives. Of the various data masking solutions, those that deploy quickly, are easy to use and manage, and scale to support a range of enterprise application data sets provide the greatest value.”
For additional resources on data de-identification, data masking and data privacy, visit:
http://ping.fm/HLCo0/resources/index.html
Tweet this: Experts Cite Importance of DataDe-Identification as Part of Overall RiskAssessment Framework
Follow Dataguise on Twitter at: http://ping.fm/LQ4FU
About Dataguise
Dataguise helps organizations safely leverage their enterprise datawith a comprehensive risk-based data protection solution. By automatically locating sensitive data, transparently protecting it with high performance Masking on-Demand™, and providing enterprise security intelligence to managers, Dataguise improves data risk management, operational efficiencies and regulatory compliance costs. For more information, call 510-824-1036 or visit www.dataguise.com
[1] Gartner, Key Trends in Securing Sensitive Data with Data Masking Technologies, March 18, 2011
Agency Contact:
Joe Austin
Ventana PR
(818) 332-6166
Joe.austin@ventanapr.com
[1] Gartner, Key Trends in Securing Sensitive Data with Data Masking Technologies, March 18, 2011
No comments:
Post a Comment