“I love my job,” you think to yourself.
You came up with the idea of targeting high-net worth clientele for your investment firm five years ago and floated it with the COO when you were back at corporate. They believed in you and sent you to a wealthy suburb in Silicon Valley, armed with money, resources, and a team to do just that.
Since then you’ve opened the office, brought in hundreds of clients and generated a huge amount of revenue for the firm. You’re feeling like a rising star these days — unstoppable!
The phone rings: it’s Aaron Coulter, VP of Operations from corporate. “How can we replicate this in other towns,” he asks. “We need to know more about these clients so that we can scale this business. Give me everything you’ve got and I’ll put you in charge of the next office.”
But here’s the problem. Your organization runs under different rules. You want to help but you know that your rules of engagement dictate that you can’t share your customers’ data, even with the rest of your own corporation. You have separate servers, separate storage, essentially a completely separate network from the rest of the company.
Getting the analytics done means handing the data over to your trusted colleagues at corporate. But this, in turn, means they will use their tried and true, (but not always meticulous and certainly not security-savvy) outside partner, Waltham Analytics, to do the number crunching.
Maybe Susan in IT will know a way to do this, you think to yourself.
You call Susan, your IT Director, and ask: “can’t we just take the names out and give the rest?”
“Well, what about addresses and phone numbers”? she says, “do you want to get rid of those too? The basic guidelines are that you can’t be capable of reconstructing their identity from the remaining information. At some point, if you remove enough of the data, you won’t get anything useful out the back end.”
“What is it that you want from the data?” she asks.
“Well, corporate wants to analyze the customers we have, where they live, who they work for, what they do for a living, what credit cards they have, their income, and what their net worth is….” Your voice trails off as you begin to feel silly about your request “…you know, basic stuff like that…”
Susan responds emphatically: “you know there’s no way this kind of information goes outside your four walls, right?”
“I don’t want to give any personal secrets away or anger any customers, and I understand we operate under strict data protection laws, but there must be a way to do this” you tell her.
As hope begins to dwindle, your heart sinks, knowing full well that if the business stops here with this one enclave, your career stops with it. No more growth, no aspirations for greater span of control. No more opening up new offices and feeling the thrill of conquest when you enter a new, untapped market.
“Not with our current technology,” she says. “What you’re asking for is data that can be analyzed to form useful conclusions — based on very personal information — but without actually sharing that information. It’s kind of a catch 22. Basically, you’re asking us to send over data that’s not actual, specific data…but acts like real data.” It sounds like what you’re trying to do is data masking.” After a long pause, she adds “Try Oracle…I think they may have a way to do this.”
Over the last 5 years we have gotten many requests like this here at Oracle. While every story doesn’t necessarily end with the hero being sent to Oracle (wink), the fact is, many financial institutions, healthcare organizations, oil exploration companies, and information stores need this capability as a matter of routine in order to run their business.
It could be that they are working with a partner, as in the story above. Or it could be that they need to provide their Development and Test teams with real-world data so that they can get the next software product out successfully; without risking customers’ private information or breaking data protection laws.
This is why we created Data Safe. Our customers needed a way to grow their business and partner with other groups (even 3rd parties) without risking data leakage.
With the average data breach costing $3.86M and an ever-expanding list of compliance and privacy mandates, organizations need to not only secure the database, but must also ensure that the data remains secure while in use.
Data Safe, released last month at Oracle Open World, helps organizations identify sensitive data and mask it for use in partner or development environments. It also alerts on risky users and unsafe system configurations; and monitors database activity to let organizations quickly discover suspicious attempts to access their data.
Data Safe was requested by some of our largest, most long-standing customers, and we’re happy to offer this cloud-based service to meet that need.
It's been our pleasure to bring you this 5-part series on Data Safe. If you'd like to read Part-1, the introduction, click here.
To find out how Data Safe can help your organization, visit our Data Safe product page. And if you'd like to learn more about how masking and it's benefits, view our webinar on demand called Eliminating Risk from Non-production Databases.