Published on: January 2011 Author: Immanuel J. Kingsley Hexaware Technologies. All rights reserved.
Table of Contents 1. Introduction 2. Subject Clarity 3. Problem Definition Re-Statement 4. Solution Proposition 5. Technology Proposition 6. Benefits 03 03 03 03 05 09 Hexaware Technologies. All rights reserved. 2
1. Introduction As information is a corporate asset across all organizations, the need for information security is the need of the hour. Data distributed across various phases of software development and testing creates vulnerability to unscrupulous access to vital information. Nearly all countries place a legal obligation on data holder which requires protection. 2. Subject Clarity The Need for Data Masking Information in a production environment is normally protected by restricting access to the underlying data. However, production system usually has one or more replicated development and test copies. Controls on such environments are necessarily much looser in nature. This greatly increases the risk of data being used inappropriately. 3. Problem Definition Restatement Enabling development and test consultants to access genuine production data introduces a host of business confidentiality and legal data protection issues, especially when the environment is shared with vendors and consultants outside the corporate. The test and development teams need to work with the enterprise system which is structurally correct functional copies of the live environment. However, they need not necessarily be able to view security sensitive information such as employee s SSN number, genuine credit card / bank account numbers. For the development and test purposes, as long as the data looks real, the actual record content is usually irrelevant. 4. Solution Proposition The Akiva Solution Akiva is a data masking tool build for PeopleSoft applications. It masks the sensitive information in non-production database, safe for wider visibility. Akiva architecture Akiva GUI Browser - Internet explorer Akiva apps App server - Tomcat / weblogc / websphere Akiva engine Database - Oracle (unicode / non unicode) OS - NT & Unix Akiva provides a GUI for the data security officers, to choose any of the sensitive information (Fields) in the enterprise for masking. This could be either from the vanilla PeopleSoft system or from the customized components of the application. Akiva provides number of algorithms which the data security officers can choose in order to mask the same. Data thus masked is not reversible. The tool does not have any feature to unmask the masked data in the enterprise application. Hexaware Technologies. All rights reserved. 3
Masking Peoplesoft Enterprise system Sensitive Zone Production environment Secured Customer environment Production copy Masking Akiva De sensitized Zone User training environment Development environment Unit testing environment User acceptance testing environment Offsite / cross border / vendor environment With number of data feeds / interface files coming into the system from various satellite / third party applications, there is also a need for masking the sensitive information present in the interface data files. Masking & Un masking Interface data files Sensitive Zone Satellite / Third party applications Secured Customer environment Inbound data file Masking Akiva Un Masking Outbound data file Satellite / Third party applications De sensitized Zone PeopleSoft Offsite / cross border / vendor environment Akiva also enables data security officers to mask sensitive information in the inbound / outbound data files. Akiva provides an unmasking option for the outbound data files when there is a need for the same to be sent to a third party application for testing. Hexaware Technologies. All rights reserved. 4
5. Technology Proposition Masking algorithms Akiva provides number of algorithms for the data security officer to pick and use against any of the sensitive information present in the enterprise application. Scramble Arithmetically generate new values in required field format based on the input token key Character field (address1) Char Input : Andrew Jones Char Output : Xaplno Kinal Character field (email) Char Input : Andrew.Jones@AX.com Char OutPut : Xaddnr.Pledd@JA.apy Character field (SSN) Char Input : 245-72-5698 Char Output : 304-43-2200 Numeric field (Pay Rate) Numeric Input : 7500.00 Numeric Output : 5872.75 Date field (Hire Date) Date Input : 01-Jan-2005 Date Output : 09-Jan-2005 Combo Shuffle Join a group fields and shuffle together based on a lookup table (e.g) Address1, Address2, Address3, City, State, Zip code. Input Address Address1 : 139, parkstone Bay Address2 : Address3 : Address4 : City : Marietta County : Cobb State : Georgia Postal : 30066 Country : USA Num1 : Num2 : House Type : Addr_field1 : Addr_field2 : Addr_field3 : Geo_code : In_City_Limit : Address1_ac : Address2_ac : Address3_ac : City_ac : Output Address Address1 : 204/12 Address2 : Suite 204 Address3 : Whilshire Blvd Address4 : City : Los Angeles County : State : California Postal : 90211 Country : USA Num1 : Num2 : House Type : Addr_field1 : Addr_field2 : Addr_field3 : Geo_code : In_City_Limit : Address1_ac : Address2_ac : Address3_ac : City_ac : Hexaware Technologies. All rights reserved. 5
Selective Shuffle Replace sensitive values with meaningful, readable data based on a lookup table. Shuffle is based on a selection criteria (e.g) Shuffle female names and male names separately Input Female Name Name : Reade Jr. Casey Name initials : Name prefix : Ms Name suffix: Jr. Name royal prefix : Name royal suffix : Name title : Last name : Reade First name : Casey Middle name : Last name suffix : First name suffix : Second last name : Second last name search : Name ac : Preferred first name : Partner last name : Last name preferred (NLD) : Input Male Name Name : Redding, Bing Name initials : Name prefix : Mr Name suffix : Name royal prefix : Name royal suffix : Name title : Last name : Bing First name : Redding Middle name : Last name suffix : First name suffix : Second last name : Second last name search : Name ac : Preferred first name : Partner last name : Last name preferred (NLD) : Output Female Name Name : LaFerve, Nadine Name initials : Name prefix : Ms Name suffix : Name royal prefix : Name royal suffix : Name title : Last name : LaFerve First name : Nadine Middle name : Last name suffix : First name suffix : Second last name : Second last name search : Name ac : Preferred first name : Partner last name : Last name preferred (NLD) : Output Male Name Name : Lacasse Sr,Peter Name initials : Name prefix : Dr Name suffix : Jr. Name royal prefix : Name royal suffix : Name title : Last name : Lacasse First name : Peter Middle name : Last name suffix : First name suffix : Second last name : Second last name search : Name ac : Preferred first name : Partner last name : Last name preferred (NLD) : Hexaware Technologies. All rights reserved. 6
Replacement Simply replaces a field value with a static value provided. Character (email) Numeric (Pay rate) Date (Hire Date) Char Input : Andrew.Jones@AX.com Char Output : employee@ax.com Numeric Input : 7000.00 Numeric Output : 1000 Date Input : 01-Jan-2000 Date Output : 1-Jun-2005 Blank out Simply replaces a field value with a static value provided. Character (Remark field) Numeric (Pay rate) Date (Department entry date) Char Input : Project Manager Char Output : <Space> Numeric Input : 70034.48 Numeric Output : 0 <Zero> Date Input : 01-Jan-2005 Date Output : <Null> Ethnicity Shuffle Replaces sensitive values with meaningful data based on a lookup table. Input Ethnic Group White Black/African American Hispanic/Latino Asian American Indian/Alaska Native Not Specified Native Hawaiian/Oth Pac Island Output Ethnic Group American Indian/Alaska Native Hispanic/Latino Native Hawaiian/Oth Pac Island White Asian Black/African American Not Specified Sample screen shot of Akiva online used for selecting algorithms against each of the sensitive data element for masking. Hexaware Technologies. All rights reserved. 7
Akiva - Technical Features Data consistency Akiva masks data consistently across the PeopleSoft enterprise, so that the same entity relationship is maintained post masking Ability to choose any data element Enables data security officers to choose any of the sensitive data elements across PeopleSoft enterprise online using Akiva. This includes vanilla and customized components. Data security Data masking algorithm is not static in nature, Akiva accepts unique 16 digit numeric token key as input for masking Wide coverage Akiva supports all modules and pillars for PeopleSoft. Data security officers can use the same tool to mask sensitive information in their HRMS, NA Payroll, Benefits, SCM, financial applications. Data integrity Akiva masks PeopleSoft enterprise data without impacting any of the business process validations Secured Akiva does not store any of the masking information including the token key in the system MASKED DATA DEVELOPMENT AKIVA Business Innovation TRAINING UNIT TESTING AKIVA Business Innovation PRODUCTION DATABASE AKIVA Business Innovation USER ACCEPTANCE TESTING AKIVA Business Innovation MASKED DATA MASKET DATA Hexaware Technologies. All rights reserved. 8
6. Benefits Akiva provides the following benefits: Maintains data confidentiality Application level masking instead of table level to preserve the consistency Supports compliance with legislation / policies and safe harbor laws Increases protection against thefts Allows creation of disguised copies of production databases Maintains relational integrity after masking Provides high quality data for testing, development, outsourcing and training Ensures in providing realistic and fully functional databases without exposing confidentiality Enables outsourcing and enhances the profit margin Improves customers confidence Provides an additional level of data protection beyond firewall and encryption Business Benefits: Prevents data theft Protects confidential data Supports legislation compliance Enhances client confidence for outsourcing Hexaware Technologies. All rights reserved. 9
To learn more, visit http:///wp-pplsoft.htm Address 1095 Cranbury South River Road, Suite 10, Jamesburg, NJ 08831. Main: 609-409-6950 Fax: 609-409-6910 Safe Harbor Certain statements on this whitepaper concerning our future growth prospects are forward-looking statements, which involve a number of risks, and uncertainties that could cause actual results to differ materially from those in such forward-looking statements. The risks and uncertainties relating to these statements include, but are not limited to, risks and uncertainties regarding fluctuations in earnings, our ability to manage growth, intense competition in IT services including those factors which may affect our cost advantage, wage increases in India, our ability to attract and retain highly skilled professionals, time and cost overruns on fixed-price, fixed-time frame contracts, client concentration, restrictions on immigration, our ability to manage our international operations, reduced demand for technology in our key focus areas, disruptions in telecommunication networks, our ability to successfully complete and integrate potential acquisitions, liability for damages on our service contracts, the success of the companies in which Hexaware has made strategic investments, withdrawal of governmental fiscal incentives, political instability, legal restrictions on raising capital or acquiring companies outside India, and unauthorized use of our intellectual property and general economic conditions affecting our industry. Hexaware Technologies. All rights reserved. 10