Protect Your Sensitive Data and Reputation with DataVeil
With a never-ending stream of data breach headlines affecting everyone from small organizations through to major corporations and government, it would be a good idea for an organization to review its own in-house data security safeguards to prevent itself from becoming a data breach headline.
Although an organization’s production environment may be well-secured, an overlooked vulnerability is when sensitive data is copied into less-secure environments, such as Dev, Test, QA, Analytics or Training environments. In these environments there tends to be a greater reliance on trust of staff and less rigorous security as in production.
Among the most common causes of data breach are human error and malevolent insiders.
- Improperly secured servers that become publicly accessible over the internet
- Poorly configured accounts that are easily hackable, such as weak passwords
- Providing access to third-party vendors who may themselves have inadequate security
- Malicious employees or contractors who gain access to sensitive data.
Another vulnerability is the reliance on dynamic data masking as a protective layer in a less-secure environment. The problem is that the sensitive data still actually exists in the less-secure environment. There have been many well-known cases of dynamic masking software being bypassed and leaving the raw sensitive data exposed. Therefore, a data breach is still a very real possibility.
Also, when dynamic masking is used in Dev and Test environments, the masked data may be less useful because staff may need detailed access to the data value characteristics to verify that their tests are successful. Dynamic masking typically uses simple redaction-type masking that destroys the required characteristics. What’s worse, in response to such requirements, the dynamic masking configuration may eventually be relaxed and consequently start exposing sensitive data.
Clearly, the simple existence of sensitive data in less-secure environments is a data breach waiting to happen.
The challenge is therefore: How can the valuable properties of sensitive production data be safely used in non-secure environments, without the risk of a data breach and comply with data security and privacy laws and regulations?
A practical solution is static data masking such as the DataVeil software.
Unlike dynamic data masking, static data masking permanently overwrites sensitive data. Furthermore, static data masking can produce far more sophisticated replacement data. This means that the masked data values can be consistent and closely match the characteristics of the original sensitive data but without revealing sensitive information.
Using a copy of production data, DataVeil can replace only the sensitive data, such as person names, addresses, social security numbers, account numbers, telephone numbers, etc, with realistic and fictitious data.
All other non-sensitive, yet important characteristics, can be preserved. For examples, the various statistical distributions of data can be preserved. Original complex data relationships can be preserved that could otherwise be extremely difficult, if not impossible, to realistically re-create using other strategies such as synthetic data generation.
Therefore, after DataVeil has permanently overwritten the sensitive data, the masked database can be safely moved to non-secure environments, such as Dev and Test.
There is no longer any risk of a data breach simply because sensitive data no longer exists in the masked database.
Features & Benefits
Ease of Use
- Since inception, one of the main design goals was to make DataVeil as easy to use as possible while delivering maximum masking flexibility and performance.
- Virtually no learning curve. Most users are productive within their first hour.
- A few examples:
- Person Names
- Company Names
- Street Addresses
- National Identifiers (SSN. SIN, NINO, etc)
- Realistic data can increase the usability of the masked data.
Format Preserving Masks
- This type of mask can preserve the characteristics of each original sensitive value. For example, upper case characters are replaced with upper case, lower case with lower case, digits with digits.
- This is especially useful in cases where it is required to preserve the exact original format of each sensitive data value, even if the format varies among values, while still effectively masking the original value.
- Masks can be used in deterministic or non-deterministic mode.
- Deterministic mode means that the same masked value will be used wherever the same original value appears. For example, if “Smith” is masked to “Williams” then all occurrences of “Smith” will get masked to “Williams”. This will be true across multiple databases and across multiple masking executions provided that the same masking parameters are used.
- Consistent masking will ensure that referential integrity is maintained, even when there are no foreign keys defined, even across multiple databases that are masked at different times on different servers.
- Masks can preserve part of an original sensitive value, such as telephone area codes, card prefixes, domain names, etc. Sophisticated pattern matching makes it easy to define ranges that can appear in different places and different lengths within individual values.
- Easy to preserve statistical distributions of original data. E.g. keep exact same distribution of credit card types as in production.
- Can be very useful for developers and testers to see original partial values.
- DataVeil automatically manages all affected indexes, constraints and triggers. These are enabled/disabled, dropped/rebuilt as and when needed.
- Execution order of dependent masks are automatically determined and performed in the correct order of dependency.
- This is highly beneficial because the user does not need to worry about such critical steps that can be error-prone when performed manually by users.
Reusable Components & Macros
- The user can define masking components and macros that can be placed in a central repository and reused across many masking projects across the enterprise.
- This ensures masking definition consistency across projects as well as simplifying maintenance and accelerated development of future masking projects.
- The discovery feature offers a suite of built-in smart patterns that are designed to reduce false positives. For example, numbers that look like credit card numbers will be further checked whether they have the correct check-digit.
- The discovery pattern library is extensible with user-defined patterns that can also contain preconfigured masks. These can be put in a repository and shared across projects.
- The discovery feature helps quickly find sensitive data that may otherwise be overlooked. The discovery result will also propose masks that helps speed the creation of a masking project.
- Reports are automatically generated for masking and discovery executions.
- A copy of the actual masking project executed is saved together with a masking report.
- This provides a detailed audit trail of what was masked, how and when.
Community Free License
A free DataVeil license is also available.
The Community license shall never expire. It is the same software as the commercial software and all features are enabled. The main difference is that there are limits on which masks can be used and the database size cannot exceed 10GB.
Please refer to the DataVeil Community License for full details.
If the free community license is not enough for your needs and would like to trial DataVeil on an unlimited basis then please contact us for a free 30 day unlimited trial license.
DataVeil is a comprehensive and elegant static data masking solution with unrivaled ease-of-use. It provides high performance and very high ROI.
If you have any questions or would like to discuss your specific requirements then please feel free to contact us.