Business Processes, Privacy Leaks and Data Masking

Business Processes, Privacy Leaks and Data Masking

Data Masking is a simple and a lightweight technical solution for a fundamental business problem of data leaks

By Vitaly Dubravin

Data Masking is a simple and a lightweight technical solution for a fundamental business problem of data leaks. Yes, data leaks, contrary to a common misperception, are triggered not by the holes in our security systems, but by the business processes and  mysterious “business needs”.   Business decisions, often spontaneous, are responsible for most privacy violations and personal data leak disasters of the 21stcentury.

Amount of data accumulated in the computer systems worldwide is doubled every 11 hours (per IBM research) and it would be rational to blame IT for the inability to manage and protect big data. IT security budgets are exploding, corporate strategists put data protection on the top of CxO’s score card, and privacy challenges are getting into board meeting agendas.  You’d assume that spotlighting privacy protection should bring some tangible results, but the issue is only getting worse. Either corporate IT is managed by mentally retarded people worldwide, that is hard to believe, or we are looking for a solution in the wrong place. The Sony privacy disaster sequel is most recognizable by the public, but is not the only one. Wikileaks has vividly demonstrated how sensitive information can easily be obtained without hacking though whistleblowers and simple social engineering attacks. But the people being targeted in such attacks should not, for any practical reason, have access to datasets they’ve disclosed.

Read more…


Is Data Masking better than Encryption?

November 11, 2011 Leave a comment
Is Data Masking better than Encryption?

Data masking vs Encryption. Is one better than another? No, they are two parts of a whole

By Vitaly Dubravin

Strange question, isn’t it? Data masking and encryption are like apples and oranges, but the question is not strange at all. There are many similarities between both technologies, though the differences are substantial. Each of them is designed to ensure data protection, which can be substantially improved when both are used in synergy.

Data encryption is the process of transforming information using some algorithm (a cipher) to make it unreadable to anyone except those possessing a key. It is widely used to protect files on a local, network or cloud disk drives (EFS, PIE), Network communications (IPSEC, VPN) or just a web/email traffic protection (TLS/SSL). All these technologies are designed to secure communication/storage media from the intruders, though provide limited ability to control data privacy on a very granular level (like a database record). There are known methods to make an encrypted document accessible by the multiple people with individual keys, but it requires an expensive investment into the security infrastructure and becomes impractical when applied to the database. Data encryption ensures that only people who should have access to the data will gain safe access to the datasets, including the ones they are not suppose to see. Data encryption is not designed to address a role based security problem.

Read more…

Gartner’s Joseph Feiman talks about Data Masking

Joseph Feiman, Ph.D., is a research vice president and Gartner Fellow in Gartner Research. Mr. Feiman focuses on applications’ security: technologies and methodologies enabling secure software life cycle, data privacy, security of large systems and packaged applications, legacies, SOA, Web 2.0, cloud computing security, and security as a service.

Read more…

Dynamic Data Masking Inside Out

Dynamic Data Masking Engine plays an essential role in the Enterprise Security and Data Privacy frameworks

By Vitaly Dubravin

Dynamic Data Masking has grown over the years into a robust and mature product. It has become one of the primary tools to combat private information leaks from production environments. It limits, if not completely eliminates, all sensitive data exposures due to the application security design flaws, inadequate testing, ever changing regulatory requirements and aggressive production release schedule.

It is important to understand that Dynamic Data Masking (DDM) is not a replacement for a traditional data protection and security measures. It was designed to address a very specific but extremely damaging situation when private data gets in the wrong hands. Data Masking works as a proxy that secures only data communication channel and should be deeply integrated with the Enterprise Authentication and Authorization infrastructure as well as network security tools to gain maximum advantage and significantly reduce implementation and operation costs. Read more…

7 Corrosive Factors of Micromanagement

Why micromanagement is counter-productive and dangerous.

By Vitaly Dubravin

Micromanagement is defined by Merriam-Webster’s Online Dictionary as “manage[ment] especially with excessive control or attention to details“. This definition sounds soft and neutral, but is often become the most noticeable symptom of a serious psychological problem. Micromanagement is very distractive and time consuming, not just for the manager himself, but for his/her subordinates.

Micromanagement may be almost unnoticeable or tolerable at the early stages of the project. But it becomes especially destructive for a team working under the pressure of approaching project deadline, facing budget constraint or tense work situations.

Read more…

Dynamic Data Masking Engine as an Enterprise Security Proxy

Dynamic Data Masking Engine as an Enterprise Security Proxy

How to reduce application development costs by including dynamic data masking in the data security infrastructure.

By Vitaly Dubravin

Data leaks happen, it’s a fact. These leaks cause reputational damage, they impact day-to-day operations and trigger costly litigation processes for non-compliance. Although there is no solution that guarantees 100% assurance against data leaks there are data protection systems available to help minimize the probability of such an event. Here I’ll explain how a Dynamic Data Masking engine can operate as an Enterprise Security Proxy for all enterprise applications and why it should be a part of system and application design from day one.

Physical database server access should be prohibited and a decent firewall with intrusion detection is a necessary part of design; I’m not going to even consider the possibility of their absence. Most databases expose only one port to applications for data exchange and that single port is the source of most data leaks. Read more…

DO’s and DON’Ts of Motivational Management

April 24, 2011 2 comments
DO’s and DON’Ts of Motivational Management

Practical tips for project team motivation and common pitfalls to avoid

By Vitaly Dubravin

Motivational management has been around for a quite some time, since slavery has proved its inefficiency and process management did everything to suppress initiative and creativity. What is motivational management? Here is a very simple case that explains it.

Imagine you are at the very end of a project, the acceptance day is approaching rapidly and your team is a few days behind the schedule. There are most common management behaviors shown in such case. The first is a childish questioning every team member “Are we there yet?” hourly to demonstrate that you are in control and ready to respond to “How we doing?” from the stakeholder instantaneously. And the second approach is where you have a short morning briefing with the team, once again reemphasize why the importance for “all of us” to catch up, checking who may need help and provide the most comfortable and non-stressful atmosphere for the team to continue cracking the challenge. Read more…