Posts Tagged ‘privacy protection’

Business Processes, Privacy Leaks and Data Masking

Business Processes, Privacy Leaks and Data Masking

Data Masking is a simple and a lightweight technical solution for a fundamental business problem of data leaks

By Vitaly Dubravin

Data Masking is a simple and a lightweight technical solution for a fundamental business problem of data leaks. Yes, data leaks, contrary to a common misperception, are triggered not by the holes in our security systems, but by the business processes and  mysterious “business needs”.   Business decisions, often spontaneous, are responsible for most privacy violations and personal data leak disasters of the 21stcentury.

Amount of data accumulated in the computer systems worldwide is doubled every 11 hours (per IBM research) and it would be rational to blame IT for the inability to manage and protect big data. IT security budgets are exploding, corporate strategists put data protection on the top of CxO’s score card, and privacy challenges are getting into board meeting agendas.  You’d assume that spotlighting privacy protection should bring some tangible results, but the issue is only getting worse. Either corporate IT is managed by mentally retarded people worldwide, that is hard to believe, or we are looking for a solution in the wrong place. The Sony privacy disaster sequel is most recognizable by the public, but is not the only one. Wikileaks has vividly demonstrated how sensitive information can easily be obtained without hacking though whistleblowers and simple social engineering attacks. But the people being targeted in such attacks should not, for any practical reason, have access to datasets they’ve disclosed.

Read more…


Is Data Masking better than Encryption?

November 11, 2011 Leave a comment
Is Data Masking better than Encryption?

Data masking vs Encryption. Is one better than another? No, they are two parts of a whole

By Vitaly Dubravin

Strange question, isn’t it? Data masking and encryption are like apples and oranges, but the question is not strange at all. There are many similarities between both technologies, though the differences are substantial. Each of them is designed to ensure data protection, which can be substantially improved when both are used in synergy.

Data encryption is the process of transforming information using some algorithm (a cipher) to make it unreadable to anyone except those possessing a key. It is widely used to protect files on a local, network or cloud disk drives (EFS, PIE), Network communications (IPSEC, VPN) or just a web/email traffic protection (TLS/SSL). All these technologies are designed to secure communication/storage media from the intruders, though provide limited ability to control data privacy on a very granular level (like a database record). There are known methods to make an encrypted document accessible by the multiple people with individual keys, but it requires an expensive investment into the security infrastructure and becomes impractical when applied to the database. Data encryption ensures that only people who should have access to the data will gain safe access to the datasets, including the ones they are not suppose to see. Data encryption is not designed to address a role based security problem.

Read more…

Dynamic Data Masking Inside Out

Dynamic Data Masking Engine plays an essential role in the Enterprise Security and Data Privacy frameworks

By Vitaly Dubravin

Dynamic Data Masking has grown over the years into a robust and mature product. It has become one of the primary tools to combat private information leaks from production environments. It limits, if not completely eliminates, all sensitive data exposures due to the application security design flaws, inadequate testing, ever changing regulatory requirements and aggressive production release schedule.

It is important to understand that Dynamic Data Masking (DDM) is not a replacement for a traditional data protection and security measures. It was designed to address a very specific but extremely damaging situation when private data gets in the wrong hands. Data Masking works as a proxy that secures only data communication channel and should be deeply integrated with the Enterprise Authentication and Authorization infrastructure as well as network security tools to gain maximum advantage and significantly reduce implementation and operation costs. Read more…

Dynamic Data Masking Engine as an Enterprise Security Proxy

Dynamic Data Masking Engine as an Enterprise Security Proxy

How to reduce application development costs by including dynamic data masking in the data security infrastructure.

By Vitaly Dubravin

Data leaks happen, it’s a fact. These leaks cause reputational damage, they impact day-to-day operations and trigger costly litigation processes for non-compliance. Although there is no solution that guarantees 100% assurance against data leaks there are data protection systems available to help minimize the probability of such an event. Here I’ll explain how a Dynamic Data Masking engine can operate as an Enterprise Security Proxy for all enterprise applications and why it should be a part of system and application design from day one.

Physical database server access should be prohibited and a decent firewall with intrusion detection is a necessary part of design; I’m not going to even consider the possibility of their absence. Most databases expose only one port to applications for data exchange and that single port is the source of most data leaks. Read more…

DW/BI: Cost Reduction for Better Security

Data Warehouse implementation: Cost reduction for better security

Dynamic Data Masking can help drastically reduce Data Warehouse development cost while improving overall data security.

By Vitaly Dubravin

Data Warehouse and Business Intelligence (DW/BI) implementation is frequently considered a black hole for the IT budget.  It is hard (almost impossible) to run a business without one, but requires substantial investment to reshape your existing transactional systems to clean “dirty” data, fix existing (but broken) business processes and formalize analytical needs for different departments. Vast majority of these costs have nothing to do with the Data Warehouse, but become noticeable during DW/BI project.

My team at GRT Corporation has deployed tens of Data Warehouses for Fortune 50, as well as smaller size companies.  One of the most common challenges for DW/BI implementation is loose definition of business requirements by the business. This is not something that can be fixed, for a simple reason – it’s very hard to tell what you need for the system until you start using it every day. Good Data Warehouses are built in phases not because the scope is huge, but because user requirements are changing while the business is getting hands-on experience analyzing real data. Read more…

The Mystery of Data Masking for Business Managers

January 21, 2011 3 comments
The Mystery of Data Masking for Business Managers

Who and how should initiate and lead Data Masking projects in the enterprise.

By Vitaly Dubravin

Data Masking has recently become a well-recognized buzz word. All major IT players have released their own products to support this initiative. Oracle, IBM and Camouflage are just a few vendors with smart and flexible masking products. However there are not that many stories of a successful masking adoption (not just implementation!). There is a good reason for that.

Read more…