• No results found

DATA MASKING A WHITE PAPER BY K2VIEW. ABSTRACT K2VIEW DATA MASKING

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "DATA MASKING A WHITE PAPER BY K2VIEW. ABSTRACT K2VIEW DATA MASKING"

Copied!
7
0
0

Loading.... (view fulltext now)

Download now ( 7 Page )

Full text

(1)

DATA MASKING

A WHITE PAPER BY K2VIEW.

ABSTRACT

In today’s world, data breaches are continually making the headlines. Sony Pictures, JP Morgan Chase, eBay, Target, Home Depot just to name a few have all recently suffered from data breaches, lost millions of dollars and put their clientele at risk.

While software and databases are getting more and more secure, one of the most efficient way to prevent data breaches is to store sensitive data only where it is absolutely necessary (i.e. only on certain data stores and for certain users) and mask this data everywhere else. This data masking must not only make the data unreadable, it must also be compliant software using this data and consistent across every piece of the IT eco -system which can be a cumbersome and costly task. This white paper demonstrates how K2View Data Masking solution solves these data masking needs easily, quickly and consistently.

K2VIEW DATA

MASKING

K2View cutting-edge data masking solution has been solving data masking issues across every type of industry from Telecom, Insurance or Banking, making it one of the most flexible and rapidly implemented masking solution on the market.

(2)

AT THE HEART OF K2VIEW:

THE LOGICAL UNIT

In order to provide full data masking capabilities, K2View Data Masking uses a game-changing data model to retrieve and mask data: the Logical Unit. Most data masking systems retrieve data and mask data system by system, table by table (e.g. masking all customer data stored in the CRM system, then masking all financial data stored in the billing system, etc.); this model translates slower and not easily distributed processes because so much data is being queried, retrieved, transformed and loaded at once. It also infers possible inconsistency between systems post masking (e.g. key field like SSN being masked one way in the CRM system and another in the billing system).

K2View’s solutions look at data a different way: retrieving and processing it in-memory based on business logic, hence the name Logical Unit. This allows the business to dictate how their data must me masked across their IT ecosystem.

Indeed, in K2View, every business related object (e.g. Customer, Merchant) is represented by a Logical Unit Type.

Each Logical Unit Type is then associated with a representation (or Logical Unit DataBase, LUDB). Within the LUDB is where you define the relevant input objects associated with one Logical Unit Type. This process is either automated using K2View Auto -Discovery module or done manually using K2View drag-and-drop style graphical configuration dashboard, LU Studio. The result is a business oriented structure containing tables and objects from as many systems as needed (e.g. for a Customer Logical Unit Type, 3 tables from the CRM system running on MySQL and 5 tables from the billing system residing on Oracle).

This LUDB structure is used to execute data masking: every Logical Unit Instance is masked independently ensuring full consistency across platforms. Moreover, the K2View engines can use this model to fully distribute this execution and achieve in-memory Massive Parallel Processing (MPP) performance.

As such, the Logical Unit concept is a bridge between discrepant, hard to transform data and consistent, business-oriented data.

(3)

As the following diagram illustrates, K2View Data

Masking Solution is composed of two main elements:

 The LUDB CONFIGURATION  The EXECUTION SERVER(S)

The LUDB configuration is a versioned configuration that contains every details relevant to the data masking deployment:

 Connection parameters for source and target  Masking rules definition (see more details in the

DATA MASKING FEATURES section)

 Extract, Transform, and Load (ETL) rules; these rules include any data enrichment, validation, reporting, or integrity checks. For more details about K2View ETL capabilities, please consult our Data Migration documentation.

The LUDB configuration is configured via K2View state-of-the-art configuration GUI: the LU Studio. The LU Studio enables concurrent development and versioning of the LUDB configuration as well as execution orchestration and monitoring. Every version of the LUDB configuration is maintained via K2View Admin manager which manages repository creation and access control.

The execution server(s) are a set of servers which, orchestrated via the LU Studio, will extract, mask, transform and load data from source to target. Each server executes multiple threads of the ETL + MASKING ENGINE, allowing full distribution of the data masking execution thus incredible performances (see more details in the

DISTRIBUTED EXECUTION section)

ARCHITECTURE OVERVIEW

(4)

Relying upon the Logical Unit model, K2View Data

Masking solution is completely flexible and can be adapted to implement any masking rule. This section highlights the most common requirements that our solution solves out of the box.

FULL DATA USABILITY

Whether it is maintaining an encryption algorithm, using the right algorithm of population of a Social Security Number, ensuring that the checksum of a masked Credit Card Number is valid or making sure that the masked city and state are consistent with their corresponding masked zip code, K2View embedded data masking library ensure that the masked data will be recognized and usable by your target applications. And if our out-of -the-box libraries aren’t sufficient, K2View can interface with any API and implement any custom data masking function.

RAPID IMPLEMENTATION

Using K2View LU Studio, the implementation of masking rules for a full range of different systems can and has been implemented in a matter of hours. Indeed, configuring masking rule in K2View is as easy as filling out a spreadsheet (with auto completion features). Furthermore, our solution offers key features like auto-discovery for the LUDB schema creation, query builders and a full offline debugging suite that reduce drastically your implementation efforts, even without advanced development knowledge.

KEYS INTEGRITY PRESERVATION Some of the most sensitive fields are often used as keys to link different platforms, because of their uniqueness (e.g. phone number, SSN, customer ID, etc.). Because every piece of data is represented as a Logical Unit, it is extremely easy for K2View to mask these fields in the same manner across platforms.

FLEXIBLE EXECUTION

K2View Data Masking solution allows masking over a full population of customer, or in phases based on any phasing criteria (e.g. business lines, source systems, etc.) all the while maintaining full consistency of any masked data, including keys. Moreover, extract and load engine allows masking of data without any downtime on source or target systems.

ZERO EXPOSURE

Knowing that exposure to data breaches is your main concern, every K2View masking execution thread is fully encrypted, in-memory for no data exposure. Even the masking rules can be retrieved on-the-fly so that they are not even exposed to the persons in charge of their implementation.

(5)

As depicted in the figure above,

K2View Data Masking Solution distributed execution and parallelization is done by Logical Unit Instance.

Indeed, at the time of execution, and for every Logical Unit Instance a thread will be executed and distributed across K2View’s execution servers. In this example, the data is masked from six different source systems into six different target systems. For each logical unit instance (i.e. thread), the following simple steps are executed:

1. Extraction from source systems using source connectors (e.g. DB connectors, flat files, or web services) into a Logical Unit Instance. This extraction is done from the connector into memory without any I/O involved.

2. Masking of the Logical Unit Instance using pre-configured masking rules.

3. Transformation of the masked data to comply to the target data format (often one to one in masking executions).

4. Load of the transformed and Masked data onto target systems using target connectors.

This execution model, radically different from most execution models currently on the market that execute masking system by system and table by table, offers many inherent advantages:

 No disruption of source or target system using non disruptive connectors

 Massive Parallel Processing performance

 Real time orchestration (e.g. pause/resume, real time load balancing, etc.)

 Full control of the population to be masked

(6)

Full Population Data Masking Data Masking in Phases

No-Downtime Execution Keys Integrity Preservation

Extremely Rapid Implementation (few hours) Easy Execution Process Orchestration

In-Memory Massive Parallel Processing

EMBEDDED DATA

MASKING FEATURES

Traditional Solutions K2VIEW

FREQUENTLY ASKED QUESTIONS

Can K2View data masking be triggered automatically?

Yes, K2View data masking solution can be implemented to be triggered automatically by any event.

What is the level of granularity for K2View masking rules?

Data masking rules can be implemented, enabled and disabled independently for every field in the scope of your data masking implementation.

What kind of masking algorithm can be applied when masking data?

Any type of algorithm can be defined and applied while masking data. For example the first name of a person can be masked by using a character substation algorithm, generating a random character for each letter of the first name, encrypted using AES or replaced by a random first name in the existing population to be masked.

What OS does K2View masking solution support?

K2View servers can run on all major Unix, Linux and Windows operating systems. The LU studio requires a 64-bit version of Windows. For more details about system requirements, please refer to our technical documentation.

Can K2View mask already existing data from and to the same system? Yes, K2View can retrieve mask and update data from the same system.

(7)

CONFIDENTIALITY

This document contains copyrighted work and proprietary information belonging to K2View. This document and information contained herein are delivered to you as is, and K2View makes no warranty whatsoever as to its accuracy, completeness, fitness for a particular purpose, or use. Any use of the documentation and/or the information contained herein, is at the user's risk, and K2View is not responsible for any direct, indirect, special, incidental, or consequential damages arising out of such use of the documentation. Technical or other inaccuracies, as well as typographical errors, may occur in this Guide.

This document and the information contained herein and any part thereof are confidential and proprietary to K2View. All intellectual property rights (including, without limitation, copyrights, trade secrets, trademarks, etc.) evidenced by or embodied in and/or attached, connected, or related to this Guide, as well as any information contained herein, are and shall be owned solely by K2View. K2View does not convey to you an interest in or to this Guide, to information contained herein, or to its intellectual property rights, but only a personal, limited, fully revocable right to use the Guide solely for reviewing purposes. Unless explicitly set forth otherwise, you may not reproduce by any means any document and/or copyright contained herein.

Information in this Guide is subject to change without notice. Corporate and individual names and data used in examples herein are fictitious unless otherwise noted.

Copyright © 2015 K2View Ltd./K2VIEW LLC. All rights reserved. The following are trademark of K2View:

K2View logo, K2View's platform.

K2View reserves the right to update this list from time to time.

Other company and brand products and service names in this Guide are trademarks or registered trademarks of their respective holders.

CONTACT INFORMATION

www.k2view.com info@k2view.com +1-844-438-2443

References

Download now ( PDF - 7 Page - 0.98 MB )

Related documents

Informatica Dynamic Data Masking

Informatica Dynamic Data Masking is high-performance, robust, and scalable data security software that prevents unauthorized users from viewing sensitive information by masking

ACTIVE DESIGN. Trends In Healthcare 12 March 2015 DVRPC 12 MARCH 2015 ACTIVE DESIGN 1

AIA Design & Health Topics: Six Approaches To Achieving Health Through Built Environment Design & Policy.. AMERICAN INSTITUTE

Thermodynamics of a bad metal-Mott insulator transition in the presence of frustration

In this Letter, we study a range of thermodynamic properties (charge susceptibility, specific heat, entropy, and spin susceptibility) of the Hubbard model on the anisotropic

The Relationship between Amman Stock Exchange (ASE) Market and Real Gross Domestic Product (GDP)

Zamil and Areiqat (2011) study used Amman Stock Exchange data 2001- 2008 to investigate the relationship between the real estate market and Amman Stock Exchange, through

CROSS-BORDER INVESTMENTS WITH GERMANY- TAX, LEGAL AND ACCOUNTING

Inheritance and Gift Tax Planning Strategies for Individuals Subject to. N onresident Taxation

San Miguel Corporation

Potential investments to develop existing businesses include building additional service and micro-filling stations, constructing new power plants, expanding our power

A Study on Bank Card Acceptance Business of Bank

Then with introducing the concept of profit model, the paper tries to find out the factors that influence the profit model and explicates two patterns from which the bank

Diarrhea Constipation

colon mucosa and may cause especially severe abdominal pain with tenderness mimicking acute appendicitis. SYSTEMIC MANIFESTATIONS ASSOCIATED WITH INFECTIOUS