Data Masking Best Practices

Transcription

1 Data Masking Best Practices 1

2 Information Security Risk The risk that sensitive information becomes public 2

3 Information Security Risk Government systems store a huge amount of sensitive information Vital Statistics Health Information Social Services Criminal Justice Financial Information 3

4 Information Security Risk Many people have access to the information for various different roles System End Users Application Administrators Data Consumers Application Support Staff Project Team Members External Vendors 4

5 Sensitive Information General Information Name, Address, Date of Birth, SIN, &c. Financial and Banking Information Credit Card, Bank Account, Salary, &c. Health Information MCP, E Health Records, Consent Management, &c. 5

6 Potential Repercussions In the event sensitive data becomes public Regulatory and Legal Liability Loss of Trust and Confidence Salary Reduction / Loss of Employment Damage to Reputation Subject to Investigation Cost of Incident Response 6

7 Risk Stakeholders Government Executive OCIO Executive Client Department Executive Project Manager and Project Team Application Support Infrastructure and Network Operations System Administrators and End Users 7

8 Risk Mitigation We use information security technologies to mitigate and control the risk User Authentication and Access Control Network Perimeter Defence Virtual Private Networking Intrusion Prevention & Detection Systems Antivirus Systems 8

9 Risk Mitigation We have information security processes to mitigate and control the risk Information Management Assessment Information Security Classification Privacy Impact Assessment Threat / Risk Assessment Vulnerability Assessment 9

10 Residual Risk Existing risk mitigation focuses primarily on the product of system development There is a significant residual risk related to the process of system development 10

11 Residual Risk Production data is often being used in Upgrade and Enhancement of existing systems Migration to replacement systems Development of Data Warehousing or Business Intelligence systems Application Support Training 11

12 Project Exposure Project Managers and other Project Team Members are exposed to this risk Non Disclosure Agreements recognize an awareness and intention to address the risk Are the strategies employed by your team and your organization sufficient? How much risk are you accepting? 12

13 Data Masking Avoids the Risk Removes the need for production data in non production environments Allows selected data to be obscured in production environments Supports development, testing, training, application support, &c. 13

14 Data Masking A set of techniques and technologies aimed at preventing the abuse of sensitive data by hiding it from users The process of concealing private data...such that application developers, testers, privileged users, and outsourcing vendors do not get exposed to such data 14

15 Static Data Masking Begins by taking production data as input Applies transformations to de identify records and remove sensitive information Preserves structure of data by maintaining referential integrity in and between databases Provides high quality, realistic test data for use in non production environments 15

16 Static Data Masking Non Production Database with Masked Data Non Production User Masked Values Static Data Masking creates non production data Production Database with Sensitive Data Production User Values in Database

17 Dynamic Data Masking Creates an additional layer of security between databases and applications Selectively masks sensitive information from users who do not require it to do their jobs Provides fine grained, role based security Allows security roles to be defined across multiple databases and applications 17

18 Dynamic Data Masking Authorized User Original Values Unauthorized User A Masked Values xxxx xxxx xxxx 0093 xxxx xxxx xxxx 7658 Unauthorized User B Scrambled Values Dynamic Data Masking applies rules based on user role Values in Database Database Containing Sensitive Data 18

19 19

20 Analyze Identify fields containing sensitive information in the production data Determine application level relationships Determine enterprise level relationships for other data sets in view Define security roles for dynamic masking 20

21 Model Choose the data fields to be masked Determine an appropriate masking strategy Static masking rules for each field Dynamic masking rules by field and role Map the internal and external dependencies for each target field 21

22 Develop Configure dynamic masking security roles Create data masking configurations Configure application level data relationships Configure enterprise level data relationships Setup target database environments Test and validate configurations 22

23 Execute Deploy dynamic masking security roles and masking rules Execute static masking process to create non production data sets Provide access to non production data Establish schedule for automated masking and refresh of non production data 23

24 Roles Engaged Data Masking Specialist Information Management Specialist Database Administrator Application Support Specialist Business Subject Matter Expert 24

25 Success Criteria OCIO Executive Masked data meets IM/IP requirements Application functionality preserved Internal stakeholders confirm masking success Application Services Application functionality preserved User friendliness Reusability 25

26 Success Criteria Database Management Ease of use Enterprise level strategy (cross platform) Information Protection Masking occurs in a secure and acceptable fashion Masking effectively removes sensitive information Process is well documented Process is repeatable 26

27 Conclusion Use static masking to remove risks associated with using production data in non production environments Use dynamic masking to reduce exposure with an additional layer of role based security offering fine grained access control Extend data masking across applications to leverage enterprise wide benefits 27

28 Questions 28