Masking Data on the Web (HTTP Masking)

Data MaskingOne of the primary problems faced by Enterprises these days is “Data Security”. Below is a hypothetical conversation with a prospective customer who is on the lookout for a Data Masking solution that would work seamlessly as per their needs without amalgamating into their business logic.

Customer: Our organization has lots of data and we need ways to protect it from unauthorized access.

Informatica: One of the best ways to do so is data masking. Masking will de-identify, de-sensitize and anonymize sensitive data from unauthorized access.

Customer: We store our data that includes sensitive information of our customers (SSN, orders, financial transaction details, etc). This information should not be disclosed to people who do not need it.

Informatica: Are you saying that people with different roles must see only information that they need to see?

Customer: Exactly. For example, a technical support personnel would only need to access the customer’s name and their contact number, but not their Personally Identifiable Information. However, the sales personnel would definitely need all the information. So, the application should show full/partial/no information to users based on their role/username.

Informatica: We can help you abstract out this rule configuration from your product which will make your life easier and at the same time make it easy to maintain the data-access rules.

Customer: That’s interesting. But we retrieve data from different data sources, like relational databases, NoSQL data sources, web services which return structured (HTML) or semi-structured (JSON, XML) data. All this data will be displayed on our web application. We do not want to configure rules at different places and create different rules for each data source.

Informatica: Our solution, Informatica Dynamic Data Masking helps you do exactly that. You can configure rules based on what your web application displays rather than what is in your datasource. It does not matter where you fetch your data from.

Customer: That’s quite interesting. Can we also configure rules based on user context?

Informatica: Yes! You can configure rules based on user-context and in addition to that you can configure different rule sets (Policies) for different applications.

Customer: What are the steps to create a rule?

Informatica: There is a hierarchy of objects that forms a Policy:

PolicyGroup -> Policy -> Rule -> {Condition & Action}

  • A Condition can be on user context or DataDomain (DataDomain is the way to identify the data based on exact data or regular expressions)
  • An Action defines how to mask a given DataDomain
  • A Rule would comprise of one or more Conditions and one or more Actions
  • A Policy can contain policy-wide conditions and one or more Rules
  • PolicyGroup can contain one or more Policies

Customer: That’s well-structured. How about configuring rules for XML data?

Informatica: Identify the XPath to the data in the XML document and provide that in the DataDomain. The rest of the steps of creating a Policy do not change.

Customer: That’s cool. What if my XML has both data and UI elements? That is, our product retrieves the XML from server-side and then the data and UI parts are separated on the client side with JavaScript.

Informatica: That is supported too! Such an XML is called Text/XML content type.

Customer: Can you also mask HTML elements on a Form?

Informatica: Yes! Masking of Labels, Textfields, HTML table data is supported.

Customer: Great! We have data in HTML tables with data spanned across several rows and columns (rowSpan and colSpan). Can you still mask it?

Informatica: Yes! That’s supported too! We even support masking of HTML tables, where data and their corresponding Headers are in different tables. We call them disjoint tables.

Customer:We think it exactly matches our requirement and can’t wait to see a demo!



Note: The product and the features explained above are part of the Informatica Dynamic Data Masking.