DATA MASKING SOLUTIONS Microsoft and not so much

Slides:



Advertisements
Similar presentations
Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Advertisements

RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Helping you protect your customers against fraud Division of Finance and Corporate Securities.
Information Security Policies and Standards
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
© 2007 The MITRE Corporation. MITRE Privacy Practice W3C Government Linked Data Working Group Michael Aisenberg, Esq. 29 June 2011 Predicate for Privacy.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
An Investigation of Oracle and SQL Server with respect to Integrity, and SQL Language standards Presented by: Paul Tarwireyi Supervisor: John Ebden Date:
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
Arkansas State Law Which Governs Sensitive Information…… Part 3B
Data Integrity Lesson 12. Skills Matrix Maintaining Data Integrity Maintaining data integrity is your most important responsibility. –Performing backups.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
5-1 McGraw-Hill/Irwin Copyright © 2007 by The McGraw-Hill Companies, Inc. All rights reserved.
Lecture # 3 & 4 Chapter # 2 Database System Concepts and Architecture Muhammad Emran Database Systems 1.
C4HCO Security and Privacy Discussion Bill Jenkins C4HCO Security and Privacy Officer 16 October 2013.
HIPAA Training Workshop #1 Council of Community Clinics – San Diego February 7, 2003 by Kaye L. Rankin Rankin Healthcare Consultants, Inc.
MudiamPCI provide the solution for SAP credit card processing, payment card and card tokenization with aes 256 encryption.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.
Juvenile Legislative Update 2013 Confidential Records and Protected Disclosures.
ORACLE's Approach ORALCE uses a proprietary mechanism for security. They user OLS.... ORACLE Labeling Security. They do data confidentiality They do adjudication.
POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.
Reviewed by: Gunther Kohn Chief Information Officer, UB School of Dental Medicine Date: October 20, 2015 Approved by: Sarah L. Augustynek Compliance Officer,
Introduction to Databases Transparencies
Azure SQL Database Updates
Data Loss Prevention in Office 365
Hiding Data from Prying eyes: Using SQL Server 2016 Always Encrypted
DBA 5/20/2018 Like a policeman or teacher
Database Security and Authorization
Florida Information Protection Act of 2014 (FIPA)
Understanding HIPAA Dr. Jennifer Lu.
Introduction to Databases Transparencies
Introduction to Databases
IS4680 Security Auditing for Compliance
Introduction to Databases
Fundamentals of Information Systems
Instructor Materials Chapter 5: The Art of Ensuring Integrity
Florida Information Protection Act of 2014 (FIPA)
Microsoft Dumps Question Answer - Dumps4download
DATA PRIVACY EMERGING TECHNOLOGIES by Virginia Mushkatblat
DATA PRIVACY EMERGING TECHNOLOGIES by Virginia Mushkatblat
Engineering Processes
ELIMINATING COMPLINCE RISKS - DATA MASKING WITH AZURE
Introduction to Databases
ELIMINATING COMPLIANCE RISKS - DATA MASKING WITH AZURE
AN SSIS DATA MASKING SOLUTION
Lecture 2 - SQL Injection
Instructor Materials Chapter 5: The Art of Ensuring Integrity
HIPAA Security Standards Final Rule
Introduction to Databases
The General Data Protection Regulation: Are You Ready?
Implementation of security elements in database
Introduction to Databases Transparencies
SQL Server 2016 Security Features
HIPAA Privacy and Security Update - 5 Years After Implementation
Strategies to Comply with the HPAA Privacy Rule Before the HIPAA Security and Enforcement Rules are Final Presented by: Steven S. Lazarus, PhD, FHIMSS.
Instructor Materials Chapter 5: Ensuring Integrity
Introduction to the PACS Security
Colorado “Protections For Consumer Data Privacy” Law
Best Practices in Higher Education Student Data Warehousing Forum
ENCRYPTION with Oracle Advanced Security
Presentation transcript:

DATA MASKING SOLUTIONS Microsoft and not so much

PROCESS Mask Personally Identifiable Information: IDENTIFY MASK PROOF

FIRST : DEFINE THE MODEL PII DEFINITION OR WHAT DEFINES PERSON IDENTITY? The term “PII,” as defined in OMB Memorandum M-07-1616 refers to information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual . US General Services Administration Personally Identifiable Information is a sensitive and critical organizational resource. Credit Card Numbers Names DOBs

WHY MASK? COMPLIANCE: HIPAA, GLBA, PCI, PIPEDA, STATE LAWS the Privacy Rule, the Transactions and Code Sets Rule, the Security Rule, the Unique Identifiers Rule, the Enforcement Rule. DYNAMIC DATA MASKING (Section 164.308) Information access management's implementation specifications: Implement policies and procedures for granting access to electronic, protected health information, for example, through access to a workstation, transaction, program, process, or other mechanism.  STATIC DATA MASKING (Section 164.502) …When using or disclosing protected health information or when requesting protected health information from another covered entity, a covered entity must make reasonable efforts to limit protected health information to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request.

DIFFERENT SCENARIOS – DIFFERENT PROTECTION METHODS Insider’s trade Selling PII on the “black market” Rare Selling PII, sabotage CxO Production user DBA Developer

INTERNAL THREAT SOLUTIONS EXTERNAL: ENCRYPTION INTERNAL: DATA MASKING Method Media Protects against Role SDM Disk –at rest Developer, outsourcers DDM Application –in real time Business Roles, third parties

OR… MICROSOFT FINALLY SUCCUMBS TO THE MARKET NEEDS Oracle Informatica IBM

SQL SERVER AZURE AND 2016 DYNAMIC DATA MASKING

DATA MASKING DEFINITION The process of masking specific data elements while preserving data look and feel and usability in applications. ALGORITHMIC CHALLENGE DATA INTEGRITY CHALLENGE STATISTICAL CHALLENGE

QUICK INTRO TO ALGORITHMS VARIETY OF ALGORITHMS SUBSTITUTION: random -DDM, SDM in fields without Primary/Foreign Key Constraints preserving RI –DDM, SDM CHARACTER PERMUTATION CHARACTER SUBSTITUTION random –DDM, SDM in fields without Primary/Foreign Key Constriants preserving RI – DDM, SDM Format Preserving Encryption (patented) – is a variation of preserving RI substitution SHUFFLE – SDM mainly due to performance Time and Number Variance –DDM mainly, in some cases - SDM Nulling –DDM, not suitable for SDM fields with Primary/Foreign keys constraints

UNIQUE IDENTIFYING ELEMENTS UNIQUE DATA Social security number (123-45-6789) Passport number (С00001234) Credit card (4234-5678-9123-4567) Driver’s license (123-456-789) Etc. SDM: MASKED DATA 987-65-4321 A00009876 4276-5432-1987-6543 654-987-321 DDM: MICROSOFT WAY SSN: xxx-xx-6789 CC: xxxx-xxxx-xxxx-4567

HANDS ON IDENTIFY PROBLEMS FOR STATIC

PROBLEM: STATISTICS AS AN ENEMY 10002 : 100,000 people F – 50,000 04/3/1996 – 5,000 DDM: MICROSOFT WAY Does not know anything about statistics: as it is one records at a time Need different way Common Name Noah Uncommon Broderich

DIFFERENT WAY: STATIC DATA MASKING Development Module should be Test Environment, Train Environment, QA Environment (3 squares) Creating Custom Test Data Solution Takes up to 4-5 man-months

DATA LIFECYCLE AND MASKING PRODUCTION SYSTEMS REPORTING SYSTEMS ETL MASK Yes, promote to production Transactional Data Master Data Yes, promote to Staging Yes, promote to the QA QA: Move new master data Run test cases Staging/UAT:Move New Master data, test for deployment Do UAT SANDBOX: Create master data and test cases. test NO errors? NO errors? NO errors? DATABASE Create a DDL script in the source control Create DML Scripts - optional Production Now, users are “testers” ERRORS CLEAR ALL THE TEST CASES LEAVE MASTER DATA Get Delta Mask Sensitive Data Move Staging Apply a Transform To Accommodate DDL change Move To Sandbox Move To QA ETL Package Identity Access Management Pass Through

GAP FIX MOVE DATA WITH HUSH-HUSH COMPONENTS Development Modules should be Test Environment, Train Environment, QA Environment (3 squares) Move Schema – Check Mark Move Code – Check Mark Move Data – Stop Sign

Virginia Mushkatblat HushHush info@mask-me.net 1.855.YOU.HUSH

SCHEDULE POST SQL SAT Hi there, Virginia Mushkatblat is inviting you to a scheduled Zoom meeting. Join from PC, Mac, Linux, iOS or Android: https://zoom.us/j/453310671 Or iPhone one-tap: 16465687788,453310671# or 14157629988,453310671# Or Telephone: Dial: +1 646 568 7788 (US Toll) or +1 415 762 9988 (US Toll) Meeting ID: 453 310 671 International numbers available: https://zoom.us/zoomconference?m=JcDmVzF8gcLRSQVBylvzw7B6bcFy38PW

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.