Data Masking for Adabas. Becky Albin Chief IT Architect

(1)

Becky Albin

Chief IT Architect

(2)

Find Your Inner Genius at

ProcessWorld 2012!

www.processworld.com

Get smarter about using IT to

improve business performance

Discover inspiring solutions to

your pressing business challenges

Open your mind to new

approaches, new tools and new

people

Save the Date

ProcessWorld 2012

Orlando, Florida

October 15 -17

(3)

"Moving Forward with Adabas 8" Duration 3.0 hours

Audience: DBA's and Programmers. Speaker: Jim Poole (Verizon)

Adabas 8 has been a whirlwind of changes where there is a fear that shops have

overlooked the incredible range of new features and possibilities. With Adabas 8.2

alone, there were over 40 changes that provide opportunities for DBA and programmers alike. In this fast-paced technical presentation, many of the Adabas 8 changes are

explained and how they impact the ways we do business. Enroute, recent benchmark performance studies were done on Adabas caching, changing some long-held paradigms. Those results are presented.

Topics include:

-Adabas Caching (what, when, why) -Date/Time System Fields

-Spanned Records, prevent future risk -Logical removal of fields and descriptors -Improvements to PLOG and WORK

-Event Log

(4)

" Legacy Natural GUI Application Modernization using ONE" Duration 3.0 hours

Audience: DBA's and Programmers.

Speaker: Steve Robinson of S.L. Robinson and Associates Inc.

Many Adabas/Natural applications are being transferred to other platforms or software based on a misconception, namely, that Natural is not capable of producing many of the GUI effects seen on web and PC software. This is an erroneous rationale. Natural has many facilities that most Natural programmers are unaware of. Natural has screen scrapping commands, colored bar charts, animation, and many other facilities. The net effect of using such facilities are systems which closely resemble web and PC systems. Natural can provide the same GUI

“bling” that one finds on a web based application? There are many new and existing tools to do this. So why not leave the Adabas/Natural world?

Topics include:

NaturalONE Overview - Introduce attendees to NaturalOne; the component parts, the rationale for using NaturalOne, the advantages to using NaturalOne for application modernization.

(5)

Adabas and Natural Sessions for Process World 2012

Customer Presentations

Presenter

Managing DMV Pictures & Signatures with Adabas Large Object (LOB) Fields – State of South Dakota

Alan Peterson What’s Next for Adabas and Natural? The Strategic Direction –

Software AG

Guido Falkenberg Active Data Warehousing Made Easy with Adabas SQL Gateway –

Royal Bank of Canada

Nikolai Chmatov Achieve Significant Quality Improvements by using Better Test Data

with Data Masking for Adabas – Pennsylvania State University

Carl Seybold EntireX Broker Centralizes Drivers License Management State-wide –

State of Virginia

Pam Schwartz Natural Remote Data Collector (RDC); Monitoring and much more –

State of Washington Retirement System

Darrell Davenport Case Study – FSCJ: College Inventory Management using a Mobile

Application

Chris Martin Adabas Replication: How we do it at NYC DoITT – New York City

Department of Information Technology

George Wolff

(6)

Data Masking - What the Analysts say

Forrester Group (Noel Yuhanna) states:

“All enterprises dealing with private data in test environments should

mask or generate test data to comply with regulations such as PCI,

HIPAA, SOX and European Union (EU)”

80% of all threats come from inside and 65% are undetected

Accenture and Information Week

Security breaches are increasingly coming from inside an organization

Gartner

70% of all security incidents come from insiders

Ernst & Young

An insider attack against a large company causes an average of $2.7

million US in damages, whereas the average outside attack costs only

$57,000

(7)

Data Masking – Why would you use it?

• Improve application quality - artificially generated test data is

usually insufficient

• Secure sensitive data in

Development environments

Test centers

Offshore activities

• Provide a real business data training environment without publishing

sensitive data

(8)

Data Masking - Value Proposition

-

Ability to consistently create reduced and secured test data

-

Rapid masking of production data from across the enterprise to, deliver

“de-identified” data for testing

-

Provides a repeatable and automated solution to reduce the resources

needed to create test data

-

Easily create high quality training data with a low cost investment

-

Facilitates an essential and safe training environment for end-users,

when using live production data for training

(9)

Data Masking – Current Status

-

General Availability end of 1

st

_{quarter 2012}

-

Trial copies can be obtained; contact your Software AG Account

Representative

-

Supported Source Databases:

Adabas Oracle

DB2 (UDB and z/OS) Microsoft SQL Server MySQL Sybase Ingres SQLAnywhere Informix Cache VSAM Flat Files

(10)

Data Masking – Hype or Requirement?

• Challenge

High quality test data is required for:

Improved application quality

Test and training environments

Most organizations use home-grown scrambling methods

or even Production data

Legal regulations do not allow use of production data

Scrambling methods do not always consider semantics

Applications do not always function using such data

Preparation is a time consuming and inconsistent manual process Cross references are not often considered/maintained

(11)

Data Masking – Hype or Requirement?

• Business aspect

Business needs high quality applications

Online shops are open for 24 hours a day The competition is one click away

Pressure to reduce cost

Creating artificial test data is expensive

Manual process

Each project team does more or less the same Not all use cases can be built

References across tables are difficult to handle Difficult to create the same values every time

Creating test data can delay projects which affects business negatively

Software ‘package’ needs to fulfill all requirements and have an early ROI Create repeatable processes/procedures

Copy production data Mask data According to rules Copied production data Masked production data Select production data D e fi n e ru le s

(12)

Data Masking – Software that fulfills the requirements

• Criteria for a solution

Ease-of-use

Almost no training needed on the software Easy to exchange obfuscation rules with non-IT staff

First results needed quickly (<1 day)

Results that are key

Masked data must look like production data Semantics must be maintained

Reverse engineering must not be possible

(13)

Data Masking – Software that fulfills the Requirements

• Criteria for a solution

Data source coverage

One tool, not one per database type

Adabas, all market relevant RDBMS and flat files need to be supported

Platform coverage

Mainframe

Distributed environments (LUW)

(14)

Data Masking – Software that fulfills the Requirements

• Criteria for a solution

A rich set of rules need to be available

Replacement

Custom functions/Seed tables Hashing

Translation Substitution

Multi-table columns ZIP code

Credit cards number manipulation Social security number manipulation Random numeric/text Etc. Copy production data Mask data According to rules Copied production data Masked production data Select production data D e fi n e ru le s

(15)

Data Masking – Data Masking for Adabas

• A solution that fulfills the criteria

Supports the requested rules

Extended features are available

Cross reference masking beyond Referential Integrity

Reference data can be used Using “where” clauses

Ease to learn and run

Use a sophisticated user interface to define rules and run-time option

Non-IT professionals understand rules easily Run the masking process as a background task

(16)

Data Masking – Data Masking for Adabas

• A successful approach requires knowledge of your data

Which data is sensitive and need to be masked?

Which columns contain what?

Which relationship consists between data,

maybe across tables?

Are there invalid data in your data sources?

What is the goal?

Test a new part of an application Achieve legal compliance

Ready to start?

(17)

Close a Gap

Provide what’s required – Hide what’s necessary

Production Application

Data

Mapping

Data

Masking

Production Rules Run-time parameter Meta-data

Protect sensitive production data

Use

Adabas Tools to create

Enhance

Provide high quality test data

Test Application

(18)

Data Masking for Adabas Architecture

Production Masked Production Rules Run-time Options Copy Production Meta-data Repository Adabas Tools to create Adabas SQL Gateway Data Server Adabas SQL Gateway SQL Engine Adabas Nucleus

Masking

Engine

Mapping

Tool

Mainframe / Distributed Environments Distribut

Mainframe / Distributed Environments Distributed Environmentsed Environments

Production Application Test Application Adabas Nucleus

(19)

Prepare your Database Environment

• Create a copy of the ‘production’ Adabas database

• Define the file/table “GTSRC_XREF” for cross reference masking

Masking data consistently across different tables

(20)

Getting familiar with the SDM Environment

• Structure after installation

Windows/Linux/Unix

Main directory contains

The software

“connect” file

A number of home-grown test cases

Sub-directories

Audits result file if defined Backups backup of rule files

DDM Natural DDMs

Errorlogs

Logs run logs

(21)

Getting familiar with the SDM Environment

Start Mapping Process

GTMAPPER is the tool to define masking rules and

run-time options

Start the Mapper, select the appropriate connect

file and “Connect”

“connect” parameter file

The connectAdabas file is used to connect to the Adabas SQL Gateway User name, password, default schema are defined in the Adabas SQL Gateway meta-data repository (CDD)

Host refers to the JDBC definition made through the “DSNRegistry” tool

(22)

Simple Data Masking – Getting Started

Connect to the Meta data

repository of the Adabas SQL

Gateway

Open rules file if available

Define rules

Define run-time options

Save rules and options in files

Run the masking process

(23)

Getting familiar with the SDM Environment

Define Rules - Main Functions

Select a Table

Select a Column

Select a Rule

Open an existing File

or

(24)

Getting familiar with the SDM Environment

Define Run-time Options

Define Audit Option

Define Reference File

Cross Connection File

Define Reference

Table

Open an existing File

or

(25)

Getting familiar with the SDM Environment

Define Rules - Main Functions

Save Definitions

Close the GTMAPPER

Check Parameter

Check Results

Run Masking

The save operation creates

A file containing

- Rules

- Run-time Options

- Start Script

(26)

SDM – Auditing and Logging Options

Depending on the option

An audit file is generated containing all actions along with the original and the new values

Log files are written which contain information about the masking run and possible errors