Oracle Data Masking
By Roxana Bradescu on Jan 29, 2008
Oracle recently sponsored a Ziff Davis eSeminar called Top Five Database Security and Compliance Resolutions for 2008. Rich Mogull was the speaker and we had such a great turn out (thank you everyone who participated!) that by the time I got to my presentation the servers were so overloaded I couldn't advance my slides. Despite my technical difficulties, the feedback on the event was very positive and I encourage you to view the recorded presentation if you missed it. And let me know what you think since planning the next one for March.
One of the topics we discussed was data masking. If you're not familiar with data masking it refers to "scrubbing" sensitive production data like personal identification information, credit card and social security numbers in order to share that data with development/test, analysis groups, business partners, etc. During the presentation we ran a poll on data masking and found that 58.7% of respondents did not perform any data masking when generating and development data, and 39.9% either did it on an ad-hoc basis or didn't use tools (which might as well be ad-hoc since manual data masking is very error-prone). This means that a whopping 98.6% of our poll participants are at risk of leaking sensitive production when they transfer data from secure product environments to non-secure environments.
The good news is that data masking is one of the easiest security measure to put in place given Oracle introduced a solution for data masking a few months back. Unlike other solutions on the market, with Oracle Data Masking, the data is masked as close to the production database as possible to prevent data breaches. Also the data masking process is automated using an extensible library of formats and templates that ensure consistent masking for referential integrity across databases. Most importantly Oracle Data Masking is part of Oracle Enterprise Manager and can be used to enforce data masking policies across all Oracle databases enterprise-wide to help address regulatory mandates like PCI and GLBA. Check out the Oracle Data Masking data sheet for more info.