Australian agencies and organisations are obliged under the Privacy Act 1988 (Cth) to deploy safeguards that protect personal information from misuse, interference and loss, or unauthorised access, modification or disclosure. Public and private firms that operate in the European Union will also be subject to the General Data Protection Regulation starting in May 2018. Data Masking can help.
In Australia, this legislative regime has become even more rigorous since 22 February 2018 when legislation was extended to include a mandatory notification scheme in the event of a breach of sensitive personal data. Relevant organisations in Australia now need to have a process in place to notify the Office of the Australian Information Commissioner (OAIC) and any impacted individuals of any qualifying data breach. Other countries also have significant penalties for data breaches.
Failure to do so can incur substantial civil penalties.
Data Masking Can Help
Sensitive data can be revealed unwittingly when provided to people with unrestricted access including various staff or the staff of third parties in the event of training, business analysis, or software development. These often non-production environments are prone to potential data breach and can expose an organisation to commercial risk.
That's why developers and DBAs aware of security issues often deploy an approach and technology that can protect sensitive data in these types of situations. It's called Data Masking, and it is a key security feature inside FUJITSU Enterprise Postgres.
Data Masking allows you to retain the actual structure of the data when sharing a database, while masking the original true content to protect it from unauthorised access. This means sensitive customer information is rendered unavailable beyond the permitted production environment, or permitted user type.
FUJITSU Enterprise Postgres Contains Data Masking
Data Masking is one of the security-based features found in FUJITSU Enterprise Postgres. It's been implemented using a flexible and easy-to-use policy approach to implement a set of sensitive data policies developed not only for different classifications of data, but also different classifications of people, all without getting too caught up in the complexity of the technology.
For example, you can create a rule that if a person accessing the database is in a particular group of users, then the data coming from a specific field is replaced with "nonsense" data (even though the structure remains the same). The data can look relevant to your application in every way, except for the fact that it is not authentic nor original.
There are three different types of Data Masking in FUJITSU Enterprise Postgres:
Full Masking - this refers to a whole column value that can be obfuscated with alternate values
Partial Masking - which is where a part of the column value can be obfuscated with alternate values
Regular Expression Masking - which refers to the value of a column being obfuscated via a regular expression statement.
Ultimately, your organisation needs to decide on the process and technology to best manage risk and sensitive data in a world where legislative compliance and the need to build customer trust are both critical to business success.
Fujitsu's Data Masking is a great start as an easy to use feature designed to help you ensure only the right amount of sensitive data is provided to the right number, and type, of people as defined by you and your security practices.
If you have any concerns about the security in your database, or would like to see Data Masking inside FUJITSU Enterprise Postgres in action, then contact our experts on +612 9452 9191.