Mastering Data Management

More in MDM

• Best Practices in Test Data Management: Discovering and Subsetting
• TDWI Chicago Preview: Data Warehousing, Analytics & More
• Who’s Afraid of the Big Bad Data?
• MDM for Chief Privacy Officers: A healthcare provider example

More from Kim Madia

• IBM X-Force Declares 2011 the “Year of the Security Breach”
• Establishing a Valid Business “Need to Know” for Sensitive Data
• 6 Essential Elements of Data Security
• Tales of the Disgruntled DBA

Share this Post

Recent Comments

• ICMCC News Page » Where East Meets West: ehealth in China and the US on Where East Meets West: ehealth in China and the US
• Kim’s Training Podcast on Training as a Safety Net: Kim May
• TDWI Chicago Preview: Data Warehousing, Analytics & More | Mastering Data Management on New ebook: Understanding Big Data

Masking your data can help protect it in the cloud

If I asked you what IT mandate is keeping you up at night, chances are, you would mention something about the cloud and then quickly joke that there is no sunshine in the forecast.

Take comfort in knowing you are not alone. Organizations are struggling with this. Depending on who you talk to, cloud computing is either the biggest thing since the Internet or just a silly marketing buzzword. Regardless of how you personally feel, chances are you are affected by some type of executive mandate to shift thinking towards the cloud, despite a hazy forecast.

Most organizations are taking baby steps, taking time to think about where to invest resources to make cloud computing viable and useful. Most aren’t investing in big public cloud offerings such as Amazon EC2 or cloud services from Google just yet. Rather, they are looking at their virtualized environments and trying to find ways to make them more accessible to stakeholders to relieve IT stress and enable business growth. This means organizations are experimenting with private clouds to facilitate business and IT functions.

One of the most popular implementations of private clouds is for application testing. Moving testing to the cloud is a good way to improve quality, manage costs and improve time to market. Private clouds reduce the infrastructure required to test applications, increase resource flexibility and availability, improve asset utilization and provide rapid delivery of self service with on-demand access to test data.

However, one of the stumbling blocks is data security. How can organizations be sure their private cloud for application testing doesn’t represent a security risk?

Of course, you have likely implemented firewalls and intrusion prevention devices. While these are important elements of any security strategy, there is more that can and should be done. Perimeters can be breached, so organizations shouldn’t be using actual data for testing purposes.

Does this happen in your organization? Does your DBA take a subset of production data and send it to the testing teams? It’s OK to admit it; unfortunately, many organizations are doing this today.

Realistic data is essential for testing application functionality and to ensure accuracy and reliability. However, using real data increases the risk of that data falling into the wrong hands. A better approach is to mask data in these private cloud environments.

Data masking enables developers, testers and trainers to use realistic data and produce valid results, while still complying with privacy protection rules. Data that has been scrubbed or cleansed in such a manner is generally considered acceptable to use in non-production environments and ensures that even if the data is stolen, exposed or lost, it will be of no use to anyone.

The ideal data masking solution must provide a variety of easy-to-use masking techniques. Some of the simplest techniques may mask character or numeric data, or generate random or sequential numbers. More advanced masking routines can be used to support complex data privacy requirements.

When picking a data masking solution keep these criteria in mind:

• Referential integrity should be preserved
• Must be scalable across applications, databases, operating systems and hardware platforms to adapt to your changing requirements in the cloud
• Comprehensive masking techniques
• Customizations for application specific data types

To learn more about how to mask your data in the private cloud, check out this whitepaper: Closing the Data Privacy Gap White Paper: Protecting Sensitive Data in Non-Production Environments.

This post is part of the Dinner Table Data Security series. Catch up on the full series.