1 / 32

Securing Enterprise Data

Securing Enterprise Data. September 13 th , 2007 Farhan Mohammad – Sr. Sales Engineer. Introduction to Applimation . Data growth management software company Focus on enterprise applications Unified, integrated product suite Founded in 1998 150 + customers using Informia Solutions.

frederique
Download Presentation

Securing Enterprise Data

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing Enterprise Data September 13th, 2007 Farhan Mohammad – Sr. Sales Engineer

  2. Introduction to Applimation • Data growth management software company • Focus on enterprise applications • Unified, integrated product suite • Founded in 1998 • 150 + customers using Informia Solutions

  3. Presentation Agenda • Overview of data privacy • Definitions • Terminology • Use cases/business drivers for data masking • Production/non-production? • Motivations • Data privacy solution best practices • Functionality • Features

  4. What is Data Privacy? Data privacy refers to the evolving relationship between technology and the legal right to, or expectation of, privacy in the collection and sharing of data.

  5. Sensitive Information – Definition • Non-public private information (NPPI) – details about an individual • Information protected by government regulations • Information protected by industry regulations • Intellectual property • Anything classified as confidential or private

  6. Why the focus on data privacy? • Data breaches • Legal consequences • Loss of trust (customers, vendors, partners, etc.) • Negative publicity • Damage to reputation • Government Regulations • Federal Information Security Management Act of 2002 • Gramm-Leach-Bliley Act • Personal Data Protection Directive (EU) • HIPAA • Data Protection Act (UK)

  7. U.S. Data Breaches • There have been over 100 million individual data breaches since ChoicePoint (Feb 2005) • Plague all verticals, but most common in: • Education: University of Notre Dame (1/8/07) • Gov’t: Wisconsin Department of Revenue (12/29/06) • Finance/banking: Moneygram (1/12/07) • Mostly malicious actions • Hacking or stealing systems with information

  8. Privacy Regulations – More Detail

  9. 30% 26% 24% 25% 21% 20% 17% 15% 8% 10% 4% 5% 0% 1% to 10% of 11% to 25% of 26% to 50% of 51% to 75% of More than 75% Don't know our data is our data is our data is our data is of our data is confidential confidential confidential confidential confidential How much of your data is confidential? SOURCE: ESG Research Report: Protecting Confidential Data, March, 2006. Confidential Data Stats

  10. Why is data privacy required? • Production environment security model to control access • Non-production environment security is opened up to enable development and testing Non-production business drivers • Development • Testing • Support • Outsourcing

  11. Production Non-Production Example – Prod vs Non-Prod

  12. What is Data Masking? Protecting sensitive information by hiding or altering data so that an original value is unknowable. Also known as: • De-identifying • Protecting • Camouflaging • Data masking • Data scrubbing

  13. Data Privacy Software – Data Masking Best Practices

  14. Best Practice # 1 – Enterprise Solution • Single installation • Connect to multiple databases • Single Masking Engine • Unified Architecture • Reusable and repeatable policies

  15. Best Practice # 2 – Built in Masking Methods • Substitute • Randomize • Shuffle • Nullify • Scramble • Skew • Encrypt • Custom SQL • Mathematical Formulae

  16. Example - Skew Method Taking an existing value and altering it within a defined range

  17. Example - Substitute Method

  18. Best Practice # 3 – Easy to Use / Learn • Navigation Tree – modules and rule sets • Designer Canvas – Drag and drop; auto discovery • Rule Creator – group rules logically

  19. Best Practice # 4 - Content Substitute - Replace existing values with new values that follow the format of the original • Male and Female Names • Last names • Male and female titles/suffixes • Credit card numbers – Visa, MasterCard, Amex • Country, state, county, town names • Zip codes • Phone numbers • Email addresses

  20. Best Practice # 5 - Data Format Validation Ensuring that the structure of a piece of data is maintained after masking

  21. Best Practice # 6 - Data Consistency

  22. Additional Best Practices # 7 - Relational integrity # 8 - Policy simulation # 9 - Auditability

  23. Best Practice # 10 – Application Awareness What is sensitive? Where is it? How to mask it? What’s it related to?

  24. Example – Application Awareness

  25. Summary – Data Masking Best Practices • Enterprise solution • Built-in Data Masking Methods • Easy to use / learn • Content • Data Format Validation • Data Consistency • Relational Integrity • Policy Simulation • Auditability • Application Awareness (Accelerators)

  26. Informia Secure and Oracle Applimation is an Oracle Certified Advantage Partner, and has developed application specific data masking “accelerators” for the Oracle E-Business Suite. The Informia Secure accelerators streamline the data masking effort by providing functionality focused data masking algorithms. The application data has been analyzed to identify likely data fields and potential masking algorithms defined. The user can then choose the specifics.

  27. Informia Secure and Oracle Accelerator Example • Client wishes to mask the name field. • Client selects Name for masking. • Behind the scenes, Informia Secure knows the related fields to also mask, such as First Name, Last Name, etc. • Client chooses the method, e.g. Substitution. • Informia Secure executes the data masking by • selecting replacement values from a substitution table • inserting the replacement values into the primary table • creating new values for the related fields on the table • cascading the new value set to other tables using these fields

  28. Creating a Secure Oracle Instance Careful planning is needed to properly create a secure Oracle E-Business Suite environment. The following items should be defined upfront: • Goals for data masking • Uses of the secured environment • Level of functionality to maintain. • Level of data integrity to maintain • Users of the secured environment and their access levels.

  29. Creating a Secure Oracle Instance Goals for data masking • Protect confidential personal information, such as social security number, addresses, phone. • Protect confidential employment information, such as salary, employee review data. Uses of the secured environment • Development – Online & Batch • Testing – Configuration, Online, Batch, Production • Training & Demonstrations

  30. Creating a Secure Oracle Instance Level of Functionality to maintain • Which modules will be used in the secure environment? • To what level does the functionality need to function. Level of data integrity to maintain • Current Data • Historical Data • Intermodule relationships Users of the secured environment and their access levels. • Types of user: functional users, technical users. • Access levels: expanded user menu access, “back door” (SQL) access.

  31. Creating a Secure Oracle Instance Using Applimation Informia Secure, you can easily create a secure Oracle E-Business Suite environment that protects your data, while allowing you to productively use your secure environment to meet your business needs.

  32. Questions……

More Related