Category Archives: Data masking
Your Biggest IT Security Nightmare – Non-Production Data
Everyone is worried about data security and privacy as they should be; for data to be trusted, users and management need confidence in not just knowing that data is correct, but also in knowing that it is secure and that access is permitted only in controlled situations. There is no shortage of security disaster stories, but I’m not worried about production data since it is at the heart of application management disciplines which, while still not perfect, have had 50 years to mature. This perspective is stated succinctly by Ronald Reagan when he spoke about the economy and said “I am not worried about the deficit. It is big enough to take care of itself.” (more…)
Why Making Data “Worthless” Is Useful
The Healthcare industry is facing more challenges today than ever regarding data security as a result of increased Healthcare compliance initiatives. The most vulnerable area for data security is in non-production environments. How can Healthcare IT organizations ensure secure data, while providing non-production environments that meet testing and development needs?
I recently wrote a guest blog for SearchHealthIT. It reviews some of the technologies available to address these challenges, the most effective being Data Masking. Data Masking is a method of replacing sensitive data in test and development environments with contextually accurate benign data that meets the requirements of both test and development teams.
Check out Why Making Data “Worthless” Is Useful: Best practices for ensuring the privacy and security of health care data and let me know your thoughts.
ROI Tool To Help Make The Business Case For Database Archiving, Application Retirement, Test Data Management, And Data Masking
Though the benefits of containing the size of your databases by archiving seems obvious in terms of saving costs and improving performance, quantifying those benefits in terms of dollar savings requires more thought. The same is true when it comes to the costs that can be eliminated by retiring redundant legacy applications. Some of the savings may come from hard dollar costs such as:
- Storage
- Backup devices
- Maintenance contracts
- Software licenses (more…)
Information Security: Many Companies Are Missing The Big Picture
We often assume information security can be assured if we throw layers and layers of technology at potential vulnerabilities. That assumption is partially correct. However, even the most securely locked-down database in the world won’t shield data in an environment that lacks the awareness or political will to meet information security issues head-on. Two new industry surveys reveal how organizational and management issues create data security vulnerabilities. (more…)
Elevate The Data Masking Conversation – Richard Clarke At Informatica World 2010
Recently at Informatica World, 2010 in Washington, DC, Richard Clark was a featured speaker during one of the general sessions. He was the former Counterterrorism Czar, serving multiple presidencies in the White House, working for the Pentagon and the Intelligence Community, and is currently the Chairman of Good Harbor Consulting Services, LLC – a 360° Security Risk Management firm. There was no one better suited to discuss corporate information security and risk management where the entire theme of the event was Beyond Boundaries.
(more…)
Powering Financial Services Beyond ETL And Data Warehousing At Informatica World 2010
I just returned from Informatica World 2010 and wanted to share the numerous stories and experiences from some of our banking and capital markets customers using Informatica beyond Extract/Transform/Load (E.T.L) and beyond data warehousing. More importantly, how Informatica is helping these companies combat fraud, manage risk and compliance, accelerate M&A integrations, attract and retain customers, and improve operational efficiencies. Take a look at what I learned! (more…)
A Data Masking Conversation
I recently visited a client running multiple SAP applications with three non-production copies per environment - a separate copy for Test, Development, and Training. When asked what data they were using for the non-production copies, they stated they preferred to use data from production because they were guaranteed to have the latest, up to date information which should eliminate any testing issues associated with the data itself.
The Settlements Are Coming, The Settlements Are Coming …
As I discussed in a prior blog related to data privacy, one option is to sit it out, do nothing, see if you get caught, plead ignorance and hope for the best.
Guess what? That option doesn’t look so promising if the recent Health Net settlement is any indication.
As Richard L. Santalesa, Senior Counsel for The Information Law Group, details here not only will Health Net pay $250,000 for its violations, Health Net must put in place an extensive (and no doubt costly) “Corrective Action Plan” (CAP) to ensure a data security breach doesn’t happen again.
Doing nothing could turn out to be an expensive option … perhaps substantially more than accounted for. To date Health Net has already spent over $7 Million to investigate the breach, notify Health Net members and offer credit monitoring services. (more…)
Subsetting Oracle And SAP Applications
In my previous blog, we talked about the benefit of making subsets of test data from live production applications and masking them to address cost and security issues. When the applications have simple data models where subsets can be made using a simple query on a few tables, the need to implement or purchase a solution may not be warranted. When dealing with complex custom or packaged applications such as Oracle E-Business Suite or SAP, functional test cases are typically organized by business processes, organization, time, or a combination of each.
Complex custom applications or packaged applications contain data for multiple business processes, such as Accounts Payables or Receivables, Sales & Distribution, or Payroll. Developing a SQL query that selects a complete subset for each of these processes for a particular business unit or geography and then masks the data while insuring the test application will continue to function is NOT a trivial task. It requires a detailed knowledge of the data model – including all database constraints, primary and foreign key relationships, data dependencies on programs running in the application tier and any inter-application dependencies via database links or other interfaces. It is possible to develop internally, but the time and effort required to develop and test makes the cost benefit of subsetting moot. (more…)
Creating Subsets Of Test Data For Database Applications Addresses Key Issues
Test data sets need to be created to validate or confirm specific use cases during testing and development phases for packaged or custom database applications. Most companies use full copies of production data to seed test data sets. Using live, up to date data is preferable by Quality Assurance teams to increase confidence in the testing results. Two key issues with using full live data sets are increasing costs as well as introducing security risks.
Full Copies of Production Data Sets Increase Cost
As the data volumes grow, so does each copy of the data used in each test environment, increasing the cost of infrastructure required to store and maintain performance with larger data volumes and increasing the time it takes to complete testing cycles. According to the Enterprise Strategy Group, the number of secondary copies of production data sets required for development, testing and training is four (at a minimum). Multiply the size of the production data sets for each copy to get the total cost of ownership. With larger data sets, queries and reports take longer to complete. Many times, functional tests only require a small segment of data to validate a test. Subsets of test data would be adequate for most testing scenarios. (more…)
Loading ...