The new Privacy Amendment (Notifiable Data Breaches) Act 2017 in Australia has established the Notifiable Data Breaches (NDB) scheme making the database features such as Data Masking even more compelling. Public and private firms that operate in the European Union will also be subject to the General Data Protection Regulation starting in May 2018.
These schemes oblige organisations to notify authorities of a serious breach, as well as those individuals whose personal information was involved. Non-compliance carries serious penalties.
Read more about the new Australian regulations and European situation.
The bottom line is that everyone involved in data security and risk governance needs to be aware of the tools and techniques that can be deployed to avoid a breach in the first place.
Welcome to Data Masking
Data Masking (also often referred to as Data Redaction) is essentially the process of removing authentic sensitive data from the database and replacing it with alternate data that appears to be real data, but is not real data. The benefits of Data Masking are many:
- reduces the risk of a data breach in multiple situations
- helps organisations avoid unwanted data access
- reduces exposure of sensitive data
- protects the real data against unauthorised access
- improves compliance
Consider these Scenarios
Your organisation may want to consider Data Masking for the following scenarios:
Software Development
The development and testing of new software applications requires multiple developers potentially located anywhere in the world to be using actual data in testing prior to production versions. Data Masking is used here to enable the utilisation of real data structures, without the need to expose personal information.
Outsourcing
It is common place today to be outsourcing a range of services to 3rd parties for training, testing or development (as above). These are often performed offshore. In this situation, Data Masking can enable these services to be delivered without exposing sensitive personal data to even authorised personnel.
Analytics
Business analytics such as standard business intelligence processes where business analysts, researchers, marketers, sales managers, CEO/CFO and more will typically aggregate data to analyse for business metrics and forecasts. In this situation, Data Masking can enable the analysis to continue without the need for specific individual sensitive data to be exposed.
How is Data Masking different to Encryption?
Data Masking is a process whereby data is transformed in one direction, whereas encryption scrambles data and then unscrambles it once accessed. In addition, Data Masking changes the values of data, not the structure. For example, where a credit card number may be a set of 16 numbers, in Data Masking, that structure remains the same, however the actual value of the numbers will be changed.
The Data Masking feature is a substantial reason to consider upgrading to Fujitsu Enterprise Postgres from the community edition of PostgreSQL. It has been developed with the following considerations:
- Non-reversible
- Flexible and easy to use
- Maintenance of original representation
- Maintenance of referential integrity
- Repeatable representation
Whatever the reasons, the situation remains the same. You need to do all you can to avoid a breach of personal sensitive data from your database, and Data Masking can help.
If you have data security concerns or are looking for a more robust, secure and scalable database, then contact one of our experts on +612 9452 9191.