Oracle Data Masking with DataVeil
Data masking has become an important part of managing the use of sensitive data in non-secure environments. This means that the sensitive data, such as Personally Identifiable Information (PII), is redacted or replaced with fictitious data before it is moved into non-secure environments such as for testing. For example, people’s names are replaced with realistic but fake names, phone numbers are changed, email addresses are changed and so on.
This article will focus on static data masking which is the permanent replacement of sensitive data in the database with non-sensitive data.
More specifically, this article will discuss DataVeil static data masking software, how it is optimized for Oracle data masking and some general comparisons to other masking tools.
Optimized for Oracle Data Masking
DataVeil contains many optimizations for Oracle data masking.
For instance, we occasionally get enquires along the lines of “Since DataVeil connects to databases using JDBC, why doesn’t DataVeil support any type of DBMS that supports JDBC?” The answer is that to exclusively rely on the database-agnostic features of the JDBC API would often yield prohibitively poor performance for mass data modification that is part of static data masking.
For example, just retrieving the schema using the JDBC built-in metadata handling can yield very poor performance for some types of databases. Instead, DataVeil uses custom queries that are optimized to retrieve schema metadata directly from the DBMS system tables. For comparison, using JDBC built-in metadata handling could take over 20 minutes for a large database schema compared to only 20 seconds for DataVeil because it uses custom queries optimized for the specific DBMS.
There are also many other DBMS-specific settings and features that need to be queried or updated that would be impractical or impossible if using only the JDBC API. For example, in Oracle database data masking, materialized views may depend on base tables that have been masked. Therefore, all such dependent materialized views need to be identified and refreshed which is something that DataVeil also does automatically.
Another example is the specialized handling of masking columns that have constraints or indexes. For instance, if the user chooses to mask a primary key column of an Index Organized Table (IOT) then DataVeil will use a specific process that is optimized for Oracle data masking to achieve this task in a manageable and efficient manner.
DataVeil supports data masking in Oracle 11g, 12c, 18c, 19c and is committed to also support newer versions as they become available.
Ease of Use
We often receive feedback that DataVeil is easy to use. In fact, “extremely easy to use”. This is no surprise because since the inception of DataVeil, one of the main and ongoing design goals has been ease of use.
For example, the DataVeil GUI provides a highly intuitive environment where the process of configuring masks and executing a masking project is readily apparent. Importantly, DataVeil provides a high degree of visibility of the database schema, data and relationships. Detailed masking reports are automatically generated. This gives the user confidence that the sensitive data has been identified and properly masked as intended. A new user can be productive within minutes.
Compare this to other tools that may have a GUI but still require the user to have a substantial knowledge of tool’s underlying processes and operation. This can leave the user unsure of whether they have forgotten or overlooked something somewhere, especially if it has been some time since they last used the tool.
Integrated Data Browser
DataVeil provides an integrated data browser within the GUI. This lets the user preview Before and After masked data values using actual values from the database. This can also show how related values in other columns and tables will be affected.
The user can configure how the previewed values are to be displayed, such as which columns to show or hide, and the ordering of the columns. This reduces irrelevant clutter and presents the data to the user in the most useful way.
Another very useful feature is that rules can be defined on a per-table basis as to which rows are to be displayed in the Before and After sample. For example, to show only rows where ‘company IS NOT NULL AND pk >= 1000’. This provides an easy way of skipping sparse or meaningless sections of tables and so that only the most meaningful rows are shown to the user for review.
A screen capture of the DataVeil data browser is shown below:
High Performance Oracle Data Masking
DataVeil delivers fast Oracle data masking out-of-the-box using its default built-in and automatically managed library of PL/SQL masking functions.
In addition to this, DataVeil provides a Java JAR that can be optionally installed on the Oracle DBMS server that will double the DataVeil masking speed.
An important point of difference in the architecture of DataVeil compared to some other Oracle data masking tools is that DataVeil keeps the processing of the data as close to the origin of the data as possible. In other words, DataVeil delegates the masking processes to the DBMS server itself to generate the masked values.
In contrast, some other Oracle data masking tools will actually move the sensitive data away from the DBMS to their tool to perform the masking and then move the masked data back to the DBMS server to finally overwrite the original data. Clearly, this approach is inherently prone to bottlenecks, increased processing overheads and does not scale well.
Simple Installation and Maintenance
Installing and maintaining DataVeil is also very easy.
For a default installation, just download and unzip the delivered software ZIP file. That’s it. To run the software just run the launcher file.
To upgrade, just download the new ZIP and repeat the above.
Advanced Masking Features
In addition to typical masking capabilities such as shuffling and replacing values with realistic fictitious values, such as person names and street addresses, DataVeil offers additional advanced masking features, such as:
- Format preserving masks
- Partial masking with dynamic ranges
- Reusable Components and Macros
- Discovery with built-in and customizable Patterns and Masks
Download Now - Get Started in Minutes
The DataVeil static data masking software has been crafted and refined since 2010 to deliver an elegant solution that's simple to understand, easy to use and comprehensive in its masking capabilities.
DataVeil is optimized for Oracle data masking.