Presentation is loading. Please wait.

Presentation is loading. Please wait.

DATA MASKING SOLUTIONS Microsoft and not so much

Published byShauna Davis Modified over 6 years ago

Similar presentations

Presentation on theme: "DATA MASKING SOLUTIONS Microsoft and not so much"— Presentation transcript:

1 DATA MASKING SOLUTIONS Microsoft and not so much

2 PROCESS Mask Personally Identifiable Information: IDENTIFY MASK PROOF

3 FIRST : DEFINE THE MODEL PII DEFINITION OR WHAT DEFINES PERSON IDENTITY?
The term “PII,” as defined in OMB Memorandum M refers to information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual US General Services Administration Personally Identifiable Information is a sensitive and critical organizational resource. Credit Card Numbers Names DOBs

4 WHY MASK? COMPLIANCE: HIPAA, GLBA, PCI, PIPEDA, STATE LAWS
the Privacy Rule, the Transactions and Code Sets Rule, the Security Rule, the Unique Identifiers Rule, the Enforcement Rule. DYNAMIC DATA MASKING (Section ) Information access management's implementation specifications: Implement policies and procedures for granting access to electronic, protected health information, for example, through access to a workstation, transaction, program, process, or other mechanism.  STATIC DATA MASKING (Section ) …When using or disclosing protected health information or when requesting protected health information from another covered entity, a covered entity must make reasonable efforts to limit protected health information to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request.

5 DIFFERENT SCENARIOS – DIFFERENT PROTECTION METHODS
Insider’s trade Selling PII on the “black market” Rare Selling PII, sabotage CxO Production user DBA Developer

6 INTERNAL THREAT SOLUTIONS
EXTERNAL: ENCRYPTION INTERNAL: DATA MASKING Method Media Protects against Role SDM Disk –at rest Developer, outsourcers DDM Application –in real time Business Roles, third parties

7 OR… MICROSOFT FINALLY SUCCUMBS TO THE MARKET NEEDS
Oracle Informatica IBM

8 SQL SERVER AZURE AND 2016 DYNAMIC DATA MASKING

9 DATA MASKING DEFINITION
The process of masking specific data elements while preserving data look and feel and usability in applications. ALGORITHMIC CHALLENGE DATA INTEGRITY CHALLENGE STATISTICAL CHALLENGE

10 QUICK INTRO TO ALGORITHMS
VARIETY OF ALGORITHMS SUBSTITUTION: random -DDM, SDM in fields without Primary/Foreign Key Constraints preserving RI –DDM, SDM CHARACTER PERMUTATION CHARACTER SUBSTITUTION random –DDM, SDM in fields without Primary/Foreign Key Constriants preserving RI – DDM, SDM Format Preserving Encryption (patented) – is a variation of preserving RI substitution SHUFFLE – SDM mainly due to performance Time and Number Variance –DDM mainly, in some cases - SDM Nulling –DDM, not suitable for SDM fields with Primary/Foreign keys constraints

11 UNIQUE IDENTIFYING ELEMENTS
UNIQUE DATA Social security number ( ) Passport number (С ) Credit card ( ) Driver’s license ( ) Etc. SDM: MASKED DATA A DDM: MICROSOFT WAY SSN: xxx-xx-6789 CC: xxxx-xxxx-xxxx-4567

12 HANDS ON IDENTIFY PROBLEMS FOR STATIC

13 PROBLEM: STATISTICS AS AN ENEMY
10002 : 100,000 people F – 50,000 04/3/1996 – 5,000 DDM: MICROSOFT WAY Does not know anything about statistics: as it is one records at a time Need different way Common Name Noah Uncommon Broderich

14 DIFFERENT WAY: STATIC DATA MASKING
Development Module should be Test Environment, Train Environment, QA Environment (3 squares) Creating Custom Test Data Solution Takes up to 4-5 man-months

15 DATA LIFECYCLE AND MASKING
PRODUCTION SYSTEMS REPORTING SYSTEMS ETL MASK Yes, promote to production Transactional Data Master Data Yes, promote to Staging Yes, promote to the QA QA: Move new master data Run test cases Staging/UAT:Move New Master data, test for deployment Do UAT SANDBOX: Create master data and test cases. test NO errors? NO errors? NO errors? DATABASE Create a DDL script in the source control Create DML Scripts - optional Production Now, users are “testers” ERRORS CLEAR ALL THE TEST CASES LEAVE MASTER DATA Get Delta Mask Sensitive Data Move Staging Apply a Transform To Accommodate DDL change Move To Sandbox Move To QA ETL Package Identity Access Management Pass Through

16 GAP FIX MOVE DATA WITH HUSH-HUSH COMPONENTS
Development Modules should be Test Environment, Train Environment, QA Environment (3 squares) Move Schema – Check Mark Move Code – Check Mark Move Data – Stop Sign

17 Virginia Mushkatblat HushHush info@mask-me.net 1.855.YOU.HUSH

18 SCHEDULE POST SQL SAT Hi there,
Virginia Mushkatblat is inviting you to a scheduled Zoom meeting. Join from PC, Mac, Linux, iOS or Android: Or iPhone one-tap: , # or , # Or Telephone: Dial: (US Toll) or (US Toll) Meeting ID: International numbers available:

Download ppt "DATA MASKING SOLUTIONS Microsoft and not so much"

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.

RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Helping you protect your customers against fraud Division of Finance and Corporate Securities.

Helping you protect your customers against fraud Division of Finance and Corporate Securities.
Information Security Policies and Standards

Information Security Policies and Standards
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
© 2007 The MITRE Corporation. MITRE Privacy Practice W3C Government Linked Data Working Group Michael Aisenberg, Esq. 29 June 2011 Predicate for Privacy.

© 2007 The MITRE Corporation. MITRE Privacy Practice W3C Government Linked Data Working Group Michael Aisenberg, Esq. 29 June 2011 Predicate for Privacy.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
An Investigation of Oracle and SQL Server with respect to Integrity, and SQL Language standards Presented by: Paul Tarwireyi Supervisor: John Ebden Date:

An Investigation of Oracle and SQL Server with respect to Integrity, and SQL Language standards Presented by: Paul Tarwireyi Supervisor: John Ebden Date:
Privacy and Security Laws for Health Care Organizations www.ScottandScottllp.com Presented by Robert J. Scott Scott & Scott, LLP 800-596-6176.

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.

1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
Arkansas State Law Which Governs Sensitive Information…… Part 3B

Arkansas State Law Which Governs Sensitive Information…… Part 3B
Data Integrity Lesson 12. Skills Matrix Maintaining Data Integrity Maintaining data integrity is your most important responsibility. –Performing backups.

Data Integrity Lesson 12. Skills Matrix Maintaining Data Integrity Maintaining data integrity is your most important responsibility. –Performing backups.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
5-1 McGraw-Hill/Irwin Copyright © 2007 by The McGraw-Hill Companies, Inc. All rights reserved.

5-1 McGraw-Hill/Irwin Copyright © 2007 by The McGraw-Hill Companies, Inc. All rights reserved.

Similar presentations

Ads by Google