Archive

Posts Tagged ‘privacy’

Is Data Masking better than Encryption?

November 11, 2011 Leave a comment
Is Data Masking better than Encryption?

Data masking vs Encryption. Is one better than another? No, they are two parts of a whole

By Vitaly Dubravin

Strange question, isn’t it? Data masking and encryption are like apples and oranges, but the question is not strange at all. There are many similarities between both technologies, though the differences are substantial. Each of them is designed to ensure data protection, which can be substantially improved when both are used in synergy.

Data encryption is the process of transforming information using some algorithm (a cipher) to make it unreadable to anyone except those possessing a key. It is widely used to protect files on a local, network or cloud disk drives (EFS, PIE), Network communications (IPSEC, VPN) or just a web/email traffic protection (TLS/SSL). All these technologies are designed to secure communication/storage media from the intruders, though provide limited ability to control data privacy on a very granular level (like a database record). There are known methods to make an encrypted document accessible by the multiple people with individual keys, but it requires an expensive investment into the security infrastructure and becomes impractical when applied to the database. Data encryption ensures that only people who should have access to the data will gain safe access to the datasets, including the ones they are not suppose to see. Data encryption is not designed to address a role based security problem.

Read more…

Dynamic Data Masking Inside Out

Dynamic Data Masking Engine plays an essential role in the Enterprise Security and Data Privacy frameworks

By Vitaly Dubravin

Dynamic Data Masking has grown over the years into a robust and mature product. It has become one of the primary tools to combat private information leaks from production environments. It limits, if not completely eliminates, all sensitive data exposures due to the application security design flaws, inadequate testing, ever changing regulatory requirements and aggressive production release schedule.

It is important to understand that Dynamic Data Masking (DDM) is not a replacement for a traditional data protection and security measures. It was designed to address a very specific but extremely damaging situation when private data gets in the wrong hands. Data Masking works as a proxy that secures only data communication channel and should be deeply integrated with the Enterprise Authentication and Authorization infrastructure as well as network security tools to gain maximum advantage and significantly reduce implementation and operation costs. Read more…