Presentation is loading. Please wait.

Presentation is loading. Please wait.

AN SSIS DATA MASKING SOLUTION

Published byKelly Gordon Modified over 6 years ago

Similar presentations

Presentation on theme: "AN SSIS DATA MASKING SOLUTION"— Presentation transcript:

1 AN SSIS DATA MASKING SOLUTION

2 AVERAGE ORGANIZATIONS RISKS OF EXPOSED PII
Personally Identifiable Information sensitive and critical organizational resource Credit Card Numbers Social Security Numbers Names DOBs PII PII Data in non-production environments is exposed to domestic and international development personnel Of the 80 of internal fraud cases, 34 % involved Personally Identifiable Information

3 HIGH PROFILE PRIVACY BREACHES
MONEY GRAM $100,000,000 fine Involved in fraud due to PII exposure in 2009, 2012 Now uses IBM data masking software Optim per GLBA The software installation itself costs millions of $$$ HEARTLAND PAYMENT SYSTEMS 130M credit card numbers Albert Gonzalez used SQL injection in internal storage Now it implements end-to-end encryption

4 PRIVACY COMPLIANCE FINANCIAL HEALTH / PHARMA ECOMMERCE SOLUTION
The Gramm-Leach-Bliley Act (GLBA) , US Congress 1999. HEALTH / PHARMA Health Insurance Portability and Accountability Act(HIPAA/HITECH), US Congress 1996. ECOMMERCE Payment Card Industry Data Security Standard (PCI DSS), Payment Card Industry Security Standards Council. SOLUTION Masking data in non-production environments. Identity based masking in production environments.

5 DATA MASKING DEFINITION
The process of masking specific data elements within data store while preserving data look and feel and usability in applications. ALGORITHMIC CHALLENGE DATA INTEGRITY CHALLENGE

6 WHY HUSH HUSH? SIMPLE DRAG N DROP ALGORITHMS LOWERING OVERALL COST
Easy to use Little training required “Time to Market” DRAG N DROP ALGORITHMS Yet highly customizable. LOWERING OVERALL COST INTRODUCING JUST IN TIME PRIVACY PROTECTION

7 ESSENCE OF IMPLEMENTATIONS
VARIETY OF ALGORITHMS Format Preserving Encryption (FPE) variation: performance and less development time vs acceptable degrees of security risks (AES–like, Advanced Encrypion Standard) Random substitution: inability to decrypt due to randomness, yet much longer development, need to maintain additional structures HIGHLY CUSTOMIZABLE We can customize components per request and roll into the next version, providing support Changing City, State and Zip in conjunction for reporting Specific Credit Cards based on the Vendor Keeping a domain in preserved Gender Based First Names

8 AT EXTRA FEE: CONTACT US : Customization SSIS framework development
Integration into SDLC CONTACT US : Phone:

Download ppt "AN SSIS DATA MASKING SOLUTION"

Similar presentations

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP www.ScottandScottllp.com.

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP
IT Security Policy Framework

IT Security Policy Framework
What we all need to know. Approval Date: April 30, 2012 Approved by: President's Council.

What we all need to know. Approval Date: April 30, 2012 Approved by: President's Council.
Troy Leach April 2012 The PCI Security Standards Council.

Troy Leach April 2012 The PCI Security Standards Council.
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Helping you protect your customers against fraud Division of Finance and Corporate Securities.

Helping you protect your customers against fraud Division of Finance and Corporate Securities.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.

Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.
Information Security Policies Larry Conrad September 29, 2009.

Information Security Policies Larry Conrad September 29, 2009.
Security Controls – What Works

Security Controls – What Works
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.

Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.
Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.

Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.
Introduction to PCI DSS

Introduction to PCI DSS
Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger 515-237-5007.

Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger
PCI 3.0 Boot Camp Payment Card Industry Data Security Standards 3.0.

PCI 3.0 Boot Camp Payment Card Industry Data Security Standards 3.0.

Similar presentations

Ads by Google