The Business Challenge
Over the past 25 years I worked for various clients in the Defence, Aerospace and Finance industries, one business challenge which I frequently come across is ‘Data Masking’. During many engagements I frequently have to consider the management and use of many different security classifications and types of data, my experiences suggest that even though everyone agrees and acknowledges the need for ‘Data Masking’ it’s largely been parked or ignored, I believe this could be due to many factors including:
- Required time to implement traditional Data Masking solutions
- Experience of failed Data Masking projects
- Unknown impact on existing process and productivity
- Lack of application and data knowledge
- No Data Masking tools and or skills
- Undocumented database interdependencies, schemas and tables
Historically the approach taken by many of these organisations to mitigate the lack of Data Masking and the associated risk of data loss was to rely on Physical and Network security.
Organisations have and continue to invest heavily in physical and network security implementing physical and organisational access control system and ‘Hardening’ the outer shell of their corporate networks by deploying Firewalls, De-militarised (DMZ’s), Intrusion Detection Systems (IDS) and Anti Virus (AV) solutions. The Application and Data access layers have remained the poor relation.
As we can see from my Security Onion this approach has only addressed part of the problem, the biggest cause of data loss continues to be internal incidents, be that intentional or accidental. This problem has grown considerable over the last few years with a high number of very public data breaches and will only increase as organisations embrace the ‘Cloud’ and migrate more and more development and test activities to partners, 3rd parties and off-shore teams.
Remember we should need to consider all the layers of data access, do you know everyone who has access to your non-Production data, are you part of their HR on-boarding process ?
This is where Data Masking has a significant role to play in Risk mitigation for Data Loss
Delphix Agile Data Masking
During the summer Delphix announced the Delphix Compliance Engine so I thought I would get the top down and take it out for a Test Drive against an Oracle Vision R12.1 database to see how easy it is to get up and running.
Having worked on Defence ‘Black’ projects I have seen data security issues with Project descriptions, so I thought I would try masking Project descriptions for this posting.
A quick query of the PA_PROJECTS_ALL table before I applied any Masking rules.
After logging onto the Agile Data Masking UI I configuring my database connection, I uploaded some masked data (a text file with DESCRIPTION1 to DESCRIPTION600) I then selected the ‘PA’ schema and navigated to the ‘PA_PROJECTS_ALL’ table and selected the ‘DESCRIPTION’ column, provided Domain and Algorithm and was ready to create and run my Masking Job
Now a couple of clicks to create the Masking Job
A check of Job completion summary screen
Now lets validate that the Oracle EBS R12 form shows the Masked Project description.
Now lets re-run the PA_PROJECTS_ALL query to see the Data Masking results in SQL*Plus
Conclusion
The Delphix Agile Data Masking feature when combined with Database Virtualisation provides a solution that is able to address all the previous concerns and issues with rolling out an Enterprise Data Masking project.
With the Delphix Agile Masking, Delphix Replication and Amazon Web Services (AWS) support you now have all the tools you need to take your Oracle EBS R12 environment up into the Clouds allowing you to share your data with partners, 3rd parties and anyone else you need to collaborate with.
Check out the Delphix Agile Data Masking solution to see how Delphix can address your Data Governance, Data Protection and Security requirements.
Leave a Reply