The document discusses keeping private data private through various data security techniques. It focuses on data masking, which involves replacing sensitive data with realistic but non-sensitive substitutes. Various methods for data masking are described, including data substitution, truncation, randomization, and dynamic or real-time masking. The document emphasizes that data masking helps enable testing and analytics while protecting sensitive production data.
Organizational compliance and security SQL 2012-2019 by George Walters
Keeping Private Data Private
1. Keeping Private Data Private Avoiding your 15 Minutes on CNN Tony Cannizzo | PresidentSilos-Connect Technologies
2. Identity Management Authorization (Roles) Authentication (Users) Admin Control Separation of Duties (SoD) Configuration and Change Management Auditing / Monitoring Who is Accessing What, When, Where and How Identify Unusual User Behaviors Encryption Protect Stored Data (Backups, Drives) Protect Data in Transit (Network, Wireless) Data Masking Protect Test Data Protect Production Data Comprehensive Data Security
4. 80% of high-cost security incidents occur when data from inside the organization gets out Most data leakage occurs by accident or because of poor business processes Whether accidental or malicious, security breaches from inside the company aren't addressed by the bulk of security dollars spent on technology that addresses the perimeter of the network. Gartner:
5. They don’t talk about the 3-foot thick granite wallsor the 22-ton blast-proof doors They worry about who is watching the GOLD! When they talk about Fort Knox
6. Survival:Protect the Business Legal: Required by law Masking protects sensitive data while simultaneously enabling users to have the appropriate data access to complete business processes. Why Mask Data?
7. What Was the Original Purpose? To give Dev/Test teams realistic test data to work with, and not expose Production data. Concept came up in reaction to the limitations of other test data generation strategies: Cloned Production Databases Image Copies from Backup Selective Subset Random Test Data Generators Iterative Executions of Applications Keyed in from Scratch
11. Confidential & Sensitive data values in a Non-secured environmentReadily available RI is already established Will eventually need to run volume test anyway “If it runs against production . . .. . . it will run against anything”(Right?)
12. How Real is THIS? You better not do surgery on ME! HA! My son is a SYSDBA.
13. Encryption Protects data at rest, or while in transit Data must be Decrypted to be used Does not prevent abuse at the final destination Can often be identified because it is encrypted Hackers will target encrypted or marked data as it says “I am valuable data” Masked Data Protects data in-motion and in-use Never gets un-masked If it can’t be seen, it can’t be abused Same as Encryption?
14. What Needs to be Masked: PCI DSS Payment Card Information Data Security Standard Cardholder Information Primary Account Number (PAN) Cardholder Name Service Code Expiration Date Authentication Data Full Magnetic Stripe Data CAV2/CVC2/CVV2/CID PIN/PIN Block No IP address/Mac address Application/Service User accounts/groups Ensure that each entity only has access to own cardholder data environment
29. Oracle Data Masking Pack Clone Import Masking Build Mapping Table orig_value mask_value Disable Constraints Rename Table Recreate & Reload from renamed table and mapping table Enable Constraints Collect Statistics Drop Renamed Table and Mapping Table CloneClone Production Database to Staging Area Export/Import Export Masked Database Import Database into Test
30. Extract from Source Subset with Selection Criteria Optional but recommended Mask Extracted Data During Extract? During Load? Load to Target Test, QA, Etc. Load? Insert/Updates? ETL Solutions Prod Takes Longer to run Masks Loadable File Extract Loadable File Exposes Loadable File Easier to Refresh Ins/Upd Load Test Dev
31. Data substitution replacing a value in the column with fictionalized data Truncating, hiding or nullifying which replaces column values with NULL or ‘****” Randomization replacing the value with random data Skewing which alters the numeric data by a random variance Scrambling Smart Functions created in PL/SQL Character substring masking Shows a portion of the actual value and hides the rest Shuffling Uses values from other rows Algorithms for Masking Sensitive Data
32. Remember, this is Static Data Masking Values are physically stored in the tables/columns One size may not fit all Look Out For: Mutually-exclusive test cases Referential Integrity Data Distribution Cardinality Frequency/Duration of Extracts Frequency/Variety of Target Environments Be sure to delete all copies of Un-masked Extracts Key Considerations
41. And so does this one… Mask ‘salary’ values in all tables Hide ‘job name’ in all tables Scramble ‘name’ in all tables 26
42. Quick Example of ourRules Editor Matches Any SQL Masking Actions How Did You Do That?
43. Dynamic Data Masking ApplicationWebDev. tools, SQL*plus, DBlinks etc., ActiveBase Security User rules apply ‘Rewrite’ or Block actions on incoming SQL requests Oracle Database Before After Example: Rewrite Rule replaced: select .., ‘****’,..from.. Rule Original SQL: select ..,name,..from.. Hiding Rules: Blocking Rules: Scrambling Rules: Masking Rules: Original SQL: Original SQL: Original SQL: Original SQL: Select name,..from.. Select name,..from.. Select name,..from.. Select name,..from.. After Rule: After Rule: After Rule: After Rule: Select scrmbl(name).. Select substr(name,1,2)||’***’ select ..,’’,..from.. Returned message: You are not allowed to access this personal information! Result: Result: Result: 28
47. End-uservs IT StaffOther Actions: Block the request Send alertto business and/or notification to user Quarantine - block sessions and new connections from the same machine or user for ‘X’ minutes Apply delays between each subsequent request Killsession(s) Log audit trail of activity More than Just Masking Data
48.
49. Block specific DB activities from either authorized or unauthorized users: locks, drop table, drop synonym, drop grant
56. Copy production data to other environments Dev Test Staging Irreversible process Replaces sensitive data with realistic-looking But scrubbed data based on masking rules The original data cannot be retrieved, recovered or restored. OEM 10g Data Masking Pack
57. Format Library for Out-of-the-Box formats Credit Card Numbers Phone Numbers National Identifiers SSN (US) National Ins Number (UK) Mask Formats built on Mask Primitives Random Numbers Random Digits Random Dates Constants Masking Functions Shuffle: column values used in different rows Useful when the range of values in a column is not known User-defined Formats Defined using PL/SQL Example – complexly formulated account numbers can be generated using fictitious values but providing functionality for the application Deterministic Masks For maintaining RI when masking across application environments Consistent mask in CRM/ERP and DW Centralized Mask Formats
58. A Built-in Search Function on Data Dictionary Helps identify all tables and columns containing SPI Maps to appropriate mask formats Related Application Column Capability Automatically identifies RI based on Foreign Keys that are maintained in the Data Dictionary Application-defined relationships that are not maintained in the Data Dictionary can be added Portable Masking Definition
59. Assign multiple mask formats to a column dependent on specific conditions Example: Multi-national HR System and National Identifiers depending on Country of employee: If employee is US, use SSN mask If employee is UK, use National Insurance mask If employee is Canadian, use Social Insurance mask Condition-based Masking
60. For multiple related columns within a row Example: Must have a valid address City for State Zip for City Compound Masking
61. XML File containing all masking definitions Created via the Export Masking Definition capability Can be loaded into other databases Can be used to restore the original masking definitions if a mask definition is improperly altered Application Masking Template
62.
63. ODMP integrates with OEM Database Cloning Separate from the Standalone Process Can Add Data Masking to the Clone Process Point the PRD Database to a Staging Environment Specify the Masking Definitions to be run AFTER Cloning Cloned Database is brought up in RESTRICTED mode to prevent non-administrative access to the database Executes the Masking Script Then opens the database for unrestricted use ONLY UPON VERIFYING THAT THE MASKING PROCESS HAS COMPLETED SUCCESSFULLY. Secure Clone-and-Mask Workflow