Database Vendors Should Push Data Masking for Enterprise Security
Database and application vendors may want to take a look at expanding their data masking capabilities as its relevance grows. While the market is currently small, Forrester Research expects it to grow in the years ahead.
That sentiment jibes with what Forrester has found. Yuhanna estimated about 14 percent of enterprises do data masking today, with the majority deploying a solution developed in-house. Many, however, use production data out in the open in test environments. A survey released by the Independent Oracle Users Group in September reported that more than 40 percent of organisations exposed live data in nonproduction databases.
“The key challenges in implementing data masking are often not technology related, but knowing what to mask, defining the policies, integrating with applications, testing with other apps, changing the data movement process, and getting business and management buy-in,” he said. “Unlike auditing, where you see the benefits of it right away after installing it, data masking projects often tend to take time and take anywhere between six to nine months to implement from the ground up for one or two large applications”.
There is also the economy to consider. Given the current situation, it is possible that the market may fall victim to economics if businesses slash their IT budgets, Yuhanna said.
“Data masking is definitely a good solution for test and development databases, but most organisations still struggle in securing their production databases – forget about test and dev ones – which is why data masking often gets a lower priority,” he said.
