Data Masking Touted As Protection For Sensitive Info

Data security specialist Dataguise has suggested in a new report that data masking, or the de-identification of sensitive data, could dramatically improve the ability of an organisation to protect itself against security risks.

The company recommended creating test and development copies through an automated process to reduce the exposure of sensitive data and improve data security in non-production instances.

The company said leaving the data in the hands of employees could have “disastrous results.”

Data Masking

Of the available options, the study found those that provide actionable intelligence and enable information security, compliance officers and infrastructure managers to better understand shared responsibilities for protecting data are preferred.

Joe Feiman, a senior analyst at Gartner, said data-masking technologies can help protect organisations against security breaches as well as regulatory and other compliance failures in industries ranging from health care to government and private enterprises. “A clear understanding of the key trends in this still-evolving market is crucial to making the right implementation decisions.”

In addition, the Center for Democracy and Technology noted the increased flow of health care data posed a “significant” threat to privacy. “Among the many challenges that will require attention as health IT is promoted through implementation of the stimulus legislation and other means is how to strip health data of personal identifiers in order to eliminate or reduce privacy concerns, while still retaining useful information.”

Privacy Protection

“Much of the debate over the appropriate privacy protection solution can be settled by the proper alignment of key technologies such as tokenisation, encryption or masking with their respective applications,” said Allan Thompson, executive vp of operations at Dataguise.

“For data used outside of the production environment, such as Oracle, IBM DB2 and SQl Server copied databases used for test, development, quality assurance and business analytics, data masking provides a much more efficient and secure data sharing solution than the alternatives,” said Thompson. “Of the various data masking solutions, those that deploy quickly, are easy to use and manage, and scale to support a range of enterprise application data sets provide the greatest value.”

A similar report from data masking specialist Net 200 found inappropriate data exposure, whether accidental or malicious, can have devastating consequences for businesses and warned the risk of accidental exposure of information is often neglected when considering the security risks associated with real test data.

However, often just masking the most sensitive information (credit card numbers, customer email addresses) is enough to mitigate the damage associated with accidental exposure and the masked databases remain just as functional, the report concluded.