The topic of data security has been low on the strategic agenda for most businesses in decades gone by but nowadays it is a worthy news item that grabs the attention as organisations regularly report data breach incidents and clamber to meet privacy regulations like GDPR or CCPA. Companies big or small have to take the subject seriously – the rules for handling data is now clearly defined.
Why Mask Data?
One area of data security that now receives a great deal of attention is the handling of data within the enterprise. There are tens/hundreds/thousands of production datasets used to service the business, with sensitive data contained in most if not all. In the enterprise, where there often exists a large I.T. department, there also exists a large number of copies of those production datasets in non-production environments. It is estimated that 82% of organisations have 10 or more copies of their production datasets. The I.T. department needs these copies to keep up with the relentless demand for innovation, used for development, testing, quality assurance and reporting.
Providing production copies to the trusted internal consumers has previously been ignored as a low security risk and so the raw untouched data is copied with little or no consideration of where it could possibly end up. Those days are gone.
What is Data Masking?
Data masking aka de-identifying, de-sensitising or obfuscation, must be employed to ensure the non-production copy of data is managed responsibly. With data masking the original data values are replaced with fictitious but realistic data, which provides a secure but usable dataset to those who need it – the innovators. By defining processes that include masking, using the right tools, the flow of data can still run freely but securely. The CIO/CDO can be assured they are meeting their data security responsibilities without impeding on innovation.
How to Mask Data
Modern data masking tools are an essential element in the intra-organisational data flow process.
The Legacy Solution
Home grown scripts, although adequate for the odd small dataset, are not a modern enterprise solution. Each data source requires its own script or set of scripts, probably written in a specific language for that source and quickly become out of date. The management and maintenance of potentially hundreds of scripts becomes impossible.
A common scenario – a request is made to update an aged data masking script to accommodate a database schema change. The DBA or application specialist who wrote the script is no longer working in the team and no one else understands it, so someone new is tasked with the job. They have to reverse engineer the scripts to understand them before they can make the change. This takes time and stops the flow of data while the new guy catches up. Another schema change happens six months later and the same scenario occurs again.
One Enterprise Tool
Using a single tool to perform all the data masking across the enterprise provides a rapid and much more manageable solution. Rather than requiring intimate knowledge of disparate solutions the organisation can learn and embrace a single method for all data sources resulting in a large pool of experts with the ability to mask numerous data sources without needing the deep knowledge of the source technology.
In the scenario described previously, if the organisation is using a single common solution there will be a unified pool of experts who can quickly and easily make the update without any knowledge of the application it applies to or the underlying data technology. The flow of data remains unhindered.
Integration
Integration with existing workflows like SDLC or DevOps processes is another benefit of selecting a modern single tool for the enterprise. By exposing a common API each team can quickly and simply plug-in the masking process to their existing workflows once again ensuring the flow of data remains as fluid as possible.
Of course, masking the data is one thing but delivery of data is another. Both should be seamlessly integrated to achieve the speed and agility required by the modern I.T. department. By having the data masking and data delivery tool as part of the same complete platform, the potential for high speed, highly secure data consumption becomes a reality.
Kuzo Data is a Delphix partner and established provider of consultancy and training for the Delphix Dynamic Data Platform, which virtualizes, secures, and manages data on-premise, in the cloud, and in hybrid IT environments.