Secure Test Data Management with ORACLE Data Masking



Similar documents
Palo Open Source BI Suite

<Insert Picture Here> Application Change Management and Data Masking

Modern PL/SQL Code Checking and Dependency Analysis

Audit Management with DBMS_AUDIT_MGMT

SOUG-SIG Data Replication With Oracle GoldenGate Looking Behind The Scenes Robert Bialek Principal Consultant Partner

How To Ensure Data Security On Anor

Oracle Audit in a Nutshell - Database Audit but how?

Oracle Service Bus vs. Oracle Enterprise Service Bus vs. BPEL wann soll welche Komponente eingesetzt werden?

Oracle vs. SQL Server. Simon Pane & Steve Recsky First4 Database Partners Inc. September 20, 2012

Safeguard Sensitive Data in EBS: A Look at Oracle Database Vault, Transparent Data Encryption, and Data Masking. Lucy Feng

Kovaion Data Masking Solution

Using TimesTen between your Application and Oracle. between your Application and Oracle. DOAG Conference 2011

Oracle 1Z0-528 Exam Questions & Answers

DBMS / Business Intelligence, SQL Server

DBMS Questions. 3.) For which two constraints are indexes created when the constraint is added?

CUIT with Visual Studio and TFS

DBKDA 2012 : The Fourth International Conference on Advances in Databases, Knowledge, and Data Applications

Why Add Data Masking to Your IBM DB2 Application Environment

CERN, Information Technology Department

Oracle Database Security

Virtual Private Database Features in Oracle 10g.

1 File Processing Systems

Oracle Data Guard Fast Start Failover understood!

Test Data Management Concepts

Introduction to Databases

Optimizing the Performance of the Oracle BI Applications using Oracle Datawarehousing Features and Oracle DAC

Oracle Data Miner (Extension of SQL Developer 4.0)

Sichere Software- Entwicklung für Java Entwickler

Big Data. Marriage of RDBMS-DWH and Hadoop & Co. Author: Jan Ott Trivadis AG Trivadis. Big Data - Marriage of RDBMS-DWH and Hadoop & Co.

Instant SQL Programming

Lalit Mittal NIIT Technologies White Paper

All Things Oracle Database Encryption

<Insert Picture Here> Oracle Database Directions Fred Louis Principal Sales Consultant Ohio Valley Region

What is a database? COSC 304 Introduction to Database Systems. Database Introduction. Example Problem. Databases in the Real-World

CS2Bh: Current Technologies. Introduction to XML and Relational Databases. Introduction to Databases. Why databases? Why not use XML?

Data Security: Strategy and Tactics for Success

Basic Concepts of Database Systems

DBA Best Practices: A Primer on Managing Oracle Databases. Leng Leng Tan Vice President, Systems and Applications Management

SQL Server 2012 Gives You More Advanced Features (Out-Of-The-Box)

An Oracle White Paper July Data Masking Best Practices

Database Migration : An In Depth look!!

DBACockpit for Oracle. Dr. Ralf Hackmann SAP AG - CoE EMEA Tech Appl. Platf. DOAG St. Leon-Rot 02. July 2013

Oracle Database Security Solutions

Oracle 10g PL/SQL Training

Big Data Data-intensive Computing Methods, Tools, and Applications (CMSC 34900)

Green Migration from Oracle

David Dye. Extract, Transform, Load

Informatica Data Replication FAQs

Oracle Database 10g Express

Physical Design. Meeting the needs of the users is the gold standard against which we measure our success in creating a database.

Oracle Architecture, Concepts & Facilities

From Oracle Warehouse Builder to Oracle Data Integrator fast and safe.

ETL Overview. Extract, Transform, Load (ETL) Refreshment Workflow. The ETL Process. General ETL issues. MS Integration Services

<Insert Picture Here> Oracle Database Security Overview

The Guru's Guide to Transact-SQL

Why Standardize on Oracle Database 11g Next Generation Database Management. Thomas Kyte

Oracle. Brief Course Content This course can be done in modular form as per the detail below. ORA-1 Oracle Database 10g: SQL 4 Weeks 4000/-

WELCOME. Where and When should I use the Oracle Service Bus (OSB) Guido Schmutz. UKOUG Conference

MySQL Security: Best Practices

Complete Database Security. Thomas Kyte

How to address top problems in test data management

How To Create A Table In Sql (Ahem)

LDAPCON Sébastien Bahloul

Oracle Database 11g SQL

Centralized Oracle Database Authentication and Authorization in a Directory

General DBA Best Practices

AV-004: Administering and Programming with ORACLE

Grails - Rapid Web Application Development for the Java Platform

IOT & Big Data: The Future Information Processing Architecture

IT2304: Database Systems 1 (DBS 1)

Oracle Failover Database Cluster with Grid Infrastructure 12c Release 1

Real-Time Database Protection and. Overview IBM Corporation

Encrypting Sensitive Data in Oracle E-Business Suite

Using SAS as a Relational Database

Basic Unix/Linux 1. Software Testing Interview Prep

IT2305 Database Systems I (Compulsory)

A basic create statement for a simple student table would look like the following.

Database Schema Deployment. Lukas Smith - lukas@liip.ch CodeWorks PHP on the ROAD

<Insert Picture Here> Introducing Data Modeling and Design with Oracle SQL Developer Data Modeler

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking

CSE 233. Database System Overview

Top 10 Oracle SQL Developer Tips and Tricks

An Oracle White Paper June An Introduction to Oracle SQL Developer Data Modeler

Oracle Database: SQL and PL/SQL Fundamentals NEW

Oracle Database Security. Paul Needham Senior Director, Product Management Database Security

BCA. Database Management System

database abstraction layer database abstraction layers in PHP Lukas Smith BackendMedia

Vendor: Crystal Decisions Product: Crystal Reports and Crystal Enterprise

SQL Server for developers. murach's TRAINING & REFERENCE. Bryan Syverson. Mike Murach & Associates, Inc. Joel Murach

1Z0-117 Oracle Database 11g Release 2: SQL Tuning. Oracle

Maintaining Stored Procedures in Database Application

Transcription:

Secure Test Data Management with ORACLE Data Masking Michael Schellin Consultant, OCM DOAG Regio München, Dec 2009 Baden Basel Bern Brugg Lausanne Zürich Düsseldorf Frankfurt/M. Freiburg i. Br. Hamburg München Stuttgart Wien Agenda Introduction Requirements and Expectations Oracle s Approach Data are always part of the game. Challenges and Solutions Summary 2 1

Agenda Introduction Requirements and Expectations Oracle s Approach Data are always part of the game. Challenges and Solutions Summary 3 Definition Data masking is the process of obscuring (masking) specific data elements within data stores. It ensures that sensitive data is replaced with realistic but not real data. The goal is that sensitive customer information is not available outside of the authorized environment. Data masking is typically done while provisioning non-production environments so that copies created to support test and development processes are not exposing sensitive information and thus avoiding risks of leaking. Masking algorithms are designed to be repeatable so referential integrity is maintained. 4 2

Why mask? Production Database are usually well secured Think of ASO, DB Vault, reliable passwords, proxy authentication Non-Production is not. Reasons: Licence cost savings Personnel savings developer = dba Ease of administration username = password Regulations: SOX, Basel II, EU Data Protection Directive, PCI-DSS 5 Agenda Introduction Requirements and Expectations Oracle s Approach Data are always part of the game. Challenges and Solutions Summary 6 3

Requirements and Expectations Fundamental Requirements Data Format Data Distribution Amount of Data Repeatable Process Extensibility 7 Requirements Fundamental Requirements Irreversibility no possibility of getting back to original data from masked data Complete masking apparently not relevant data needs to be masked if it could lead to sensitive data Referential integrity relations between data sets needs to be maintained 8 4

Expectations Data Format Your application might expects a defined format Check constraints Data Distribution Among others, the CBO bases it s decisions on that attribute Amount of Data Must be able to mask large data sets Again, CBO 9 Expectations Repeatable Process We do not want to reinvent the wheel with every iteration Extensibility Applications change, schema design changes You need to change the masking definition according to these changes You want to do that incrementally 10 5

Agenda Introduction Requirements and Expectations Oracle s Approach Data are always part of the game. Challenges and Solutions Summary 11 Oracle s Way Oracle Data Masking Pack 12 6

ORACLE Data Masking Pack Available as an Enterprise Manager Pack Grid Control 10.2.0.4 10.2.0.5 Database Control 11.2.0.1 Database Version must be >= 9.2.0.x No Installation. Out-of-the-box usable Part of ORACLE s Maximum Security Architecture 13 ORACLE Data Masking Pack - Consists of 2 Parts Format Library Repository for named data format definitions create once, use many ORACLE delivers predefined formats Credit card numbers (VISA, AMEX, ) ISBN s UPC (EAN) Masking Definitions Interface for creating and editing definitions Generate masking scripts Schedule jobs Start the clone and mask workflow 14 7

ORACLE Data Masking Pack Suggested Workflow 15 ORACLE Data Masking Pack Masking Process Data Formats 1/2 Type Varchar2 Number Date Example Fixed Number X X 100 Fixed String X Mueller Substring X ueller Random Number X X 4711 Random Digit X 0047 Random String X lurelm Random Date X 02.10.1977 Array List X X X 1,2,3 Shuffle X X X Table Column X X X Subsitution X X X 16 8

ORACLE Data Masking Pack Masking Process Data Formats 2/2 User defined function Post-processing fuction Truncate NULL Value Delete Preserve original data Condition based masking Available since 10.2.0.5 Allows different masking options for logical data partitions Based on different WHERE-conditions 17 ORACLE Data Masking Pack Masking Process The Maskingprocess is always a Reorganization DDL, (almost) no DML Pure SQL is used as much as possible Control of options relevant for performance Logging / Nologging Parallel Degree Statistic Generation LOB s, XML types, LONG, RAW, object types, cluster can not be masked 18 9

ORACLE Data Masking Pack - Live Demo 19 Agenda Introduction Requirements and Expectations Oracle s Approach Data are always part of the game. Challenges and Solutions Summary 20 10

Challenges and Solutions Data Distribution Orphan Keys Recursive Select s 21 Challenges and Solutions Data Distribution Histograms are needed if data is not uniformly distributed Non-numeric data types needs special attention since only the leading 6 bytes are used Avoid leading constants Use substring for your masking definition 22 11

Challenges and Solutions Orphan Keys Childrecords without parent Result of: Incomplete data models Online Reorganizations Tuning by removing FK s Know your data Procedures to ensure data cleanliness Foreign keys are your friend 23 Challenges and Solutions Orphan Keys How does ORACLE Data Masking treat them? It depends on the version 10.2.0.4 Grid Control Automatic data cleansing 10.2.0.5 Grid Control Keeps orphaned values sets the child key to NULL 11.2.0.1 Database Control Let you choose Search for Sicheres Testdatenmanagement Best Practices on trivadis.com 24 12

Challenges and Solutions Recursive Select s How can Data Masking know about your data structure? Check constraints Uniqueness Relationships If a table contains orphan keys? How is sample data generated? some of them can cause Data Masking GUI to hang up 25 Agenda Introduction Requirements Oracle s Way Data are always part of the game. Challenges and Solutions Summary 27 13

Summary Fundamental Requirements Data Format Data Distribution Amount of Data Repeatable Process Extensibility 28 Core Messages Powerful SQL Generator Out-of-the-box masking possible Almost unlimited extensible Data are always part of the game. More advanced control features would help API for scripting needed Support for subsetting desireable 29 14

mehr zu 11g? TechnoCircle München, 20.01.2010 30 Oracle Database 11g New Security Features Thank you!? www.trivadis.com Baden Basel Bern Brugg Lausanne Zurich Düsseldorf Frankfurt/M. Freiburg i. Br. Hamburg Munich Stuttgart Vienna 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information