information obfuscation: protecting corporate data
DESCRIPTION
With corporate data breaches occurring at an ever-alarming rate, all levels of organizations are struggling with ways to protect corporate data assets. Rather than choosing one or two of the many options available, Michael Jay Freer believes that the best approach is a combination of tools and practices to address the specific threats. To get you started, Michael Jay introduces the myriad of information security tools companies are using today: firewalls, virus controls, access and authentication controls, separation of duties, multi-factor authentication, data masking, banning user-developed MS-Access databases, encrypting data (both in-flight and at-rest), encrypting emails and folders, disabling jump drives, limiting web access, and more. Then, he dives deeper into data masking and describes a powerful data-masking language. Explore how to develop standard masking business-rules and the best industry practices for manipulating masked data. You can get started slowly with information obfuscation without attempting to "boil the ocean."TRANSCRIPT
BT10 Concurrent Session 11/8/2012 3:45 PM
"Information Obfuscation: Protecting Corporate Data"
Presented by:
Michael Jay Freer Quality Business Intelligence
Brought to you by:
340 Corporate Way, Suite 300, Orange Park, FL 32073 888‐268‐8770 ∙ 904‐278‐0524 ∙ [email protected] ∙ www.sqe.com
Michael Jay Freer Quality Business Intelligence
Michael Jay Freer is a consultant specializing in business intelligence solutions. He has provided thought leadership and consulting services to Fortune 500 companies including MetLife, Tyco Safety Products, Capital One, Brinks Home Security, Rite Aid, and Zales. With more than twenty years of experience, Michael Jay has worked with business sponsors to provide solutions in financial, marketing, manufacturing, supply chain management, retail, and hospitality/cruise/tourism industries. A member of the PMI, IIBA, and ASQ, Michael Jay serves on the board of the South Florida Chapter of the Data Warehouse Institute.
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 1
Protecting Corporate Data-Assets
Presented by Michael Jay Freer
Information Obfuscation(Data Masking)
Michael Jay Freer, SSGB, ITIL(v3), -Information Management professional providing
thought leadership to fortune 500 companies
including MetLife Bank, Tyco Safety Products,
Capital One, Brinks Home Security, and Zales.
Over his 25+ years experience he has worked with
business executives providing solutions in
financial management, manufacturing, supply
chain management, retail, marketing, and hospitality industries.
As an Enterprise Architect at MetLife Bank, Michael Jay specialized in
Information Obfuscation facilitating project solutions for protecting
business Confidential and Restricted data.
Michael Jay Freer - Presenter Bio
Slide# 2
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 2
Presentation Ground Rules
� Start and Finish on time
� Questions at anytime
� Parking lot for longer discussion points
� “Electronics on Stun”
� Respect your peers
� No phone calls or email in the room
Slide# 3
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation
(Data Masking)
Protecting Corporate Data-assets
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 3
Slide# 5
All rights reserved
Agenda
� Outlining the Problem
� Data Masking Golden Rule
� Defining Information Obfuscation
� Information Classification
� Who is Responsible
� Defining a Common Language
� Data-Centric Development
(954) 249-1530 Michael Jay Freer
Outlining the Problem
Problem StatementCorporate Data breaches are occurring at an alarming rate.
1) It is incumbent on organizations to protect the customer,
partner, and employee data with which they are entrusted.
2) Ease of access to sensitive information in business systems.
3) Using unmasked Confidential and Restricted data in non-
production environments exposes risks to company reputation.
Business Rationale for Obfuscating Data• Reduce Data Breach Risks
• Heightened Legal and Regulatory Scrutiny of Data Protection
Services (i.e.: SOX, HIPAA, GLBA, NPPI, FFIEC, PCI-DSS)
• Company Policies and Standards
• Fundamental assumption on the part of customers that their data
is already de-identified in non-production systemsSlide# 6
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 4
Outlining the Problem
Problem StatementCorporate Data breaches are occurring at an alarming rate.
1) It is incumbent on organizations to protect the customer,
partner, and employee data with which they are entrusted.
2) Ease of access to sensitive information in business systems.
3) Using unmasked Confidential and Restricted data in non-
production environments exposes risks to company reputation.
Business Rationale for Obfuscating Data• Reduce Data Breach Risks
• Heightened Legal and Regulatory Scrutiny of Data Protection
Services (i.e.: SOX, HIPAA, GLBA, NPPI, FFIEC, PCI-DSS)
• Company Policies and Standards
• Fundamental assumption on the part of customers that their data
is already de-identified in non-production systemsSlide# 7
All rights reserved
(954) 249-1530 Michael Jay Freer
Data Masking Golden Rule
To put Information-obfuscation (Data-masking) into
perspective simply think about yourself:
How many vendors or service-providers have your
personal information (banks, mortgage holders
physicians, pharmacies, retailers, schools you applied
to, utilities, cellular carriers, internet providers, etc.)?
Michael Jay’s Data Masking Golden Rule“Do unto your company’s corporate data assets as you
would have your banker, healthcare provider, or retailer
do unto your personal information.”
(Use this as your compass to navigate)
Slide# 8
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 5
Data Masking Golden Rule
To put Information-obfuscation (Data-masking) into
perspective simply think about yourself:
How many vendors or service-providers have your
personal information (banks, mortgage holders
physicians, pharmacies, retailers, schools you applied
to, utilities, cellular carriers, internet providers, etc.)?
Michael Jay’s Data Masking Golden Rule“Do unto your company’s corporate data-assets as you
would have your banker, healthcare provider, or retailer
do unto your personal information.”
(Use this as your compass to navigate)
Slide# 9
All rights reserved
(954) 249-1530 Michael Jay Freer
Defining Information Obfuscation
DefinitionInformation Obfuscation is the effort in both business
operations and non-production systems to protect business
confidential and restricted data from easy access or
visibility by unauthorized parties.
FrameworkFor our purposes, obfuscation includes access
management, data masking, encryption of data-at-rest
(DAR) and encryption of data-in-transit including
principles for protecting business communications.
Slide# 10
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 6
Information Classification
Sensitive Data “Sensitive” is a broad term for information considered to be
a business trade-secret; or consider “private” by regulatory
rule, legal act, or trade association (i.e.: GLBA, HIPAA,
FFIEC, PCI, PHI, PII).
Slide# 11
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Classification
Information Classification Levels �Public – non-sensitive data, disclosure will not violate
privacy rights
�Internal Use Only – generally available to employees and
approved non-employees. May require a non-disclosure
agreement.
�Confidential – intended for use only by specified employee
groups. Disclosure may compromise an organization,
customer, or employee.
�Restricted – very sensitive, intended for use only by named
individuals.
�Sealed – extremely sensitive, irreparable destruction of
confidence in and reputation of the organizationSlide# 12
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 7
Information Classification
Information Classification Levels �Public – non-sensitive data, disclosure will not violate
privacy rights
�Internal Use Only – generally available to employees and
approved non-employees. May require a non-disclosure
agreement.
�Confidential – intended for use only by specified employee
groups. Disclosure may compromise an organization,
customer, or employee.
�Restricted – very sensitive, intended for use only by named
individuals.
�Sealed – extremely sensitive, irreparable destruction of
confidence in and reputation of the organizationSlide# 13
All rights reserved
(954) 249-1530 Michael Jay Freer
PII (Personally Identifiable Information) will
vary based on your company, your industry,
government regulations, and jurisdiction.
Who is Responsible
Slide# 14
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 8
Who is Responsible
You are!No matter your role in the organization, you are
responsible for protecting the “corporate data-assets.”
Slide# 15
All rights reserved
(954) 249-1530 Michael Jay Freer
Who is Responsible
You are!No matter your role in the organization, you are
responsible for protecting the “corporate data-assets.”
Everyone else is also ResponsibleAll of your peers are also responsible for protecting the
Corporate Data-Assets.
However, you don’t have control over your peers, only
over your own vigilance and how you make your
management aware of any concerns, risk, or issues with the
security of the corporate data-assets.
Slide# 16
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 9
Defining a Common Language
Information ObfuscationInformation Obfuscation (or Data Masking) is the practice
of concealing, restricting, fabricating, encrypting, or
otherwise obscuring sensitive data.
This is usually thought of in the context of non-production
systems but it really encompasses the full information
management lifecycle from on boarding of data to
developing new functionality to archiving and purging
historical data.
Slide# 17
All rights reserved
(954) 249-1530 Michael Jay Freer
Defining a Common Language
CommunicationThe Business-Information Owner, Project Stakeholders,
Development Teams, and Support Teams need to use a
common language when discussing the various obfuscation
methods and where in the environment lifecycle an action
will occur.
Slide# 18
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 10
Defining a Common Language
CommunicationThe Business-Information Owner, Project Stakeholders,
Development Teams, and Support Teams need to use a
common language when discussing the various obfuscation
methods and where in the environment lifecycle an action
will occur.
Slide# 19
All rights reserved
(954) 249-1530 Michael Jay Freer
The simple phrase ‘Just mask the data’ does
not address what to mask, how to mask, where to
mask, or who is responsible for understanding
the impact masking will have on business
functionality.
Common Language – Environment Lifecycle
Common Environments
1. Development – Code is created, modified and unit tested
2. Testing / QA – System, integration, & regression testing
3. User Acceptance (UAT) – Business-user validation
Test new business requirements and regression test
existing functionality
4. Business Operations – Day-to-day business
environment
5. Business Support – Replicate and troubleshoot business
issues
Slide# 20
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 11
Common Language – Environment Lifecycle
Common Environments
1. Development – Code is created, modified and unit tested
2. Testing / QA – System, integration, & regression testing
3. User Acceptance (UAT) – Business-user validation
Test new business requirements and regression test
existing functionality
4. Business Operations – Day-to-day business
environment
5. Business Support – Replicate and troubleshoot business
issues
Question for Another Time
“Which of these environments will hold some
level of “sensitive-data” and which are
maintained as “Production Environments?”
Slide# 21
All rights reserved
(954) 249-1530 Michael Jay Freer
Common Language – Environment Lifecycle
Other Possible Environments
� Isolated On-boarding – When data from 3rd party
partners are transitioned in, there may requirements for a
secured environment to cleanse and prepare data for
integration into the business operations environments
� Isolated Data-Masking – Unmasked Confidential and
Restricted Data should not be transferred to non-
production environments. A separate secure environment
allows for standardized data masking in-place
Slide# 22
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 12
Common Language – Environment Lifecycle
Other Possible Environments
� Isolated On-boarding – When data from 3rd party
partners are transitioned in, there may requirements for a
secured environment to cleanse and prepare data for
integration into the business operations environments
� Isolated Data-Masking – Unmasked Confidential and
Restricted Data should not be transferred to non-
production environments. A separate secure environment
allows for standardized data masking in-place
Slide# 23
All rights reserved
(954) 249-1530 Michael Jay Freer
Common Language – Environment Lifecycle
Other Possible Environments
� Isolated On-boarding – When data from 3rd party
partners are transitioned in, there may requirements for a
secured environment to cleanse and prepare data for
integration into the business operations environments.
� Isolated Data-Masking – Unmasked Confidential and
Restricted Data should not be transferred to non-
production environments. A separate secure environment
allows for standardized data masking in-place
Slide# 24
All rights reserved
(954) 249-1530 Michael Jay Freer
A mortgage service provider staging loans when
the servicing responsibility has not officially
transferred.
Example
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 13
Common Language – Environment Lifecycle
Other Possible Environments
� Isolated On-boarding – When data from 3rd party
partners are transitioned in, there may requirements for a
secured environment to cleanse and prepare data for
integration into the business operations environments.
� Isolated Data-Masking – Unmasked Confidential and
Restricted Data should not be transferred to non-
production environments. A separate secure environment
allows for standardized data masking in-place
Slide# 25
All rights reserved
(954) 249-1530 Michael Jay Freer
A mortgage service provider staging loans when
the servicing responsibility has not officially
transferred.
Do you consider this to be “production data?”
Example
Common Language – Environment Lifecycle
Other Possible Environments
� Isolated On-boarding – When data from 3rd party
partners are transitioned in, there may requirements for a
secured environment to cleanse and prepare data for
integration into the business operations environments
� Isolated Data-Masking – Unmasked Confidential and
Restricted Data should not be transferred to non-
production environments. A separate secure environment
allows for standardized data masking in-place
Slide# 26
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 14
Common Language – Environment Lifecycle
Other Possible Environments
� Isolated On-boarding – When data from 3rd party
partners are transitioned in, there may requirements for a
secured environment to cleanse and prepare data for
integration into the business operations environments
� Isolated Data-Masking – Unmasked Confidential and
Restricted Data should not be transferred to non-
production environments. A separate secure environment
allows for standardized data masking in-place
Slide# 27
All rights reserved
(954) 249-1530 Michael Jay Freer
Company policies often state sensitive data may
not be stored in non-production environments.
Moving data to “development” or “test” environments
before masking would violate such company policies.
Example
Common Language – Environment Lifecycle
Other Possible Environments
� Isolated On-boarding – When data from 3rd party
partners are transitioned in, there may requirements for a
secured environment to cleanse and prepare data for
integration into the business operations environments
� Isolated Data-Masking – Unmasked Confidential and
Restricted Data should not be transferred to non-
production environments. A separate secure environment
allows for standardized data masking in-place
Slide# 28
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 15
Common Language – Masking Taxonomy
Methods of Obfuscating Information
� Pruning Data
� Concealing Data
� Fabricating Data
� Trimming Data
� Encrypting Data
� Separating Data
Slide# 29
All rights reserved
(954) 249-1530 Michael Jay Freer
Common Language – Masking Taxonomy
Methods of Obfuscating Information
� Pruning Data
� Concealing Data
� Fabricating Data
� Trimming Data
� Encrypting Data
� Separating Data
Slide# 30
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 16
Common Language – Where to Obfuscate
� Data Movement – Data can be removed, shorten, or encrypted
� Data Stores – Data can be encrypted , data-at-rest (DAR)
� Interactive User Interfaces – Only show required data or portions
of attributes for identification (i.e. account#, license#, SS#)
� Static Reporting – More restrictive than Interactive User Interfaces
Dev
elopm
ent Environm
ent
Data
Sto
rag
e
Encrypted
Encrypted
Data
Mov
emen
t
Encrypted
Slide# 31
All rights reserved
(954) 249-1530 Michael Jay Freer
Common Language – Where to Obfuscate
� Data Movement – Data can be removed, shorten, or encrypted
� Data Stores – Data can be encrypted , data-at-rest (DAR)
� Interactive User Interfaces – Only show required data or portions
of attributes for identification (i.e. account#, license#, SS#)
� Static Reporting – More restrictive than Interactive User Interfaces
Dev
elopm
ent Environm
ent
Data
Sto
rag
e
Encrypted
Encrypted
Data
Mov
emen
t
Encrypted
Slide# 32
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 17
Common Language – Where to Obfuscate
� Data Movement – Data can be removed, shorten, or encrypted
� Data Stores – Data can be encrypted , data-at-rest (DAR)
� Interactive User Interfaces – Only show required data or portions
of attributes for identification (i.e. account#, license#, SS#)
� Static Reporting – More restrictive than Interactive User Interfaces
Dev
elopm
ent Environm
ent
Data
Sto
rag
e
Encrypted
Encrypted
Data
Mov
emen
t
Encrypted
Slide# 33
All rights reserved
(954) 249-1530 Michael Jay Freer
Common Language – Where to Obfuscate
� Data Movement – Data can be removed, shorten, or encrypted
� Data Stores – Data can be encrypted , data-at-rest (DAR)
� Interactive User Interfaces – Only show required data or portions
of attributes for identification (i.e. account#, license#, SS#)
� Static Reporting – More restrictive than Interactive User Interfaces
Dev
elopm
ent Environm
ent
Data
Sto
rag
e
Encrypted
Encrypted
Data
Mov
emen
t
Encrypted
Slide# 34
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 18
Common Language – Where to Obfuscate
� Data Movement – Data can be removed, shorten, or encrypted
� Data Stores – Data can be encrypted , data-at-rest (DAR)
� Interactive User Interfaces – Only show required data or portions
of attributes for identification (i.e. account#, license#, SS#)
� Static Reporting – More restrictive than Interactive User Interfaces
Dev
elopm
ent Environm
ent
Data
Sto
rag
e
Encrypted
Encrypted
Data
Mov
emen
t
Encrypted
Slide# 35
All rights reserved
(954) 249-1530 Michael Jay Freer
Common Language – Masking Taxonomy
Methods of Obfuscating Information
� Pruning Data
� Concealing Data
� Fabricating Data
� Trimming Data
� Encrypting Data
� Separating Data
Slide# 36
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 19
Common Language – Pruning Data
Pruning Data: Removes sensitive data from attributes
in non-production environments. The attribute will still
appear on data entry screens and reporting but be left blank.
Dev
elopm
ent Environm
ent
Data
Sto
rage
Encrypted
Encrypted
Da
ta M
ov
emen
t
Encrypted
Slide# 37
All rights reserved
(954) 249-1530 Michael Jay Freer
Common Language – Pruning Data
Pruning Data: Removes sensitive data from attributes
in non-production environments. The attribute will still
appear on data entry screens and reporting but be left blank.
Dev
elopm
ent Environm
ent
Data
Sto
rage
Encrypted
Encrypted
Da
ta M
ov
emen
t
Encrypted
Slide# 38
All rights reserved
(954) 249-1530 Michael Jay Freer
Executive Salaries: Employee personnel records
can de-identify by changing Emp#, SS#, & names but
executive management records are easily tied back to
the organizational hierarchy (e.g., top 10 salaries).
Example
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 20
Common Language – Concealing Data
Concealing Data: Removes sensitive data from user
access and visibility. For data entry screens and reports, the
attribute does not appear at all versus being Pruned (blank).Concealing data depends on clear rules for Access, Authentication, and
Accountability.
Dev
elopm
ent Environm
ent
Data
Sto
rage
Encrypted
Encrypted
Da
ta M
ov
emen
t
Encrypted
Slide# 39
All rights reserved
(954) 249-1530 Michael Jay Freer
Common Language – Concealing Data
Concealing Data: Removes sensitive data from user
access and visibility. For data entry screens and reports, the
attribute does not appear at all versus being Pruned (blank).Concealing data depends on clear rules for Access, Authentication, and
Accountability.
Dev
elopm
ent Environm
ent
Data
Sto
rage
Encrypted
Encrypted
Da
ta M
ov
emen
t
Encrypted
Slide# 40
All rights reserved
(954) 249-1530 Michael Jay Freer
Bank / Loan Account#: Bank web sites generally
do not display account numbers even to the account
holder.
Example
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 21
Common Language – Fabricating Data
Fabricating Data:1) Creating data to replace sensitive data
2) Creating data to facilitate full functional testing
3) Creating date for negative testing (error handling)
Dev
elopm
ent Environm
ent
Data
Sto
rag
e
Encrypted
Encrypted
Data
Mov
emen
t
Encrypted
Slide# 41
All rights reserved
(954) 249-1530 Michael Jay Freer
Common Language – Fabricating Data
Fabricating Data:1) Creating data to replace sensitive data
2) Creating data to facilitate full functional testing
3) Creating date for negative testing (error handling)
Dev
elopm
ent Environm
ent
Data
Sto
rag
e
Encrypted
Encrypted
Data
Mov
emen
t
Encrypted
Slide# 42
All rights reserved
(954) 249-1530 Michael Jay Freer
Contact >ame or ID#:Replacing contact name and ID# is the standard
method for de-identifying customer and employee
records.
Example
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 22
Common Language – Trimming Data
Trimming Data: Removes part of an attribute’s value
versus Pruning which removes the entire attribute value.
Dev
elopm
ent Environm
ent
Da
ta S
tora
ge
Encrypted
Encrypted
Da
ta M
ovem
ent
Encrypted
Slide# 43
All rights reserved
(954) 249-1530 Michael Jay Freer
Common Language – Trimming Data
Trimming Data: Removes part of an attribute’s value
versus Pruning which removes the entire attribute value.
Dev
elopm
ent Environm
ent
Da
ta S
tora
ge
Encrypted
Encrypted
Da
ta M
ovem
ent
Encrypted
Slide# 44
All rights reserved
(954) 249-1530 Michael Jay Freer
Social Security# and Credit Card#:
Changing SSN# from 123-45-6789 to XXX-XX-6789
(or a new attribute = 6789) so that only part of the
information is available, usually for identification.
Example
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 23
Common Language – Encrypting Data
Encrypting Data: Encryption can be done at the
attribute, table, or database levels
(Encrypted data can be decrypted back to the original value)
Dev
elopm
ent Environm
ent
Data
Sto
rag
e
Encrypted
Encrypted
Data
Mov
emen
t
Encrypted
Slide# 45
All rights reserved
(954) 249-1530 Michael Jay Freer
Common Language – Encrypting Data
Encrypting Data: Encryption can be done at the
attribute, table, or database levels
(Encrypted data can be decrypted back to the original value)
Dev
elopm
ent Environm
ent
Data
Sto
rag
e
Encrypted
Encrypted
Data
Mov
emen
t
Encrypted
Slide# 46
All rights reserved
(954) 249-1530 Michael Jay Freer
Credit Card#: Credit card numbers are often encrypted
for data transmission for PCI DSS compliance.
Encrypting credit card numbers at rest (DAR) provides
additional security.
Example
Credit Card# is an example of an attribute that often falls into
multiple Obfuscation Methods.
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 24
Move
Sen
sitive
Dat
a to
a S
ecure
d T
able
Data Separation: Moves sensitive data into multiple
tables. Data can still be joined but Sensitive and Non-
sensitive attributes do not reside in a single record.
Common Language – Separating Data
Slide# 47
All rights reserved
(954) 249-1530 Michael Jay Freer
Move
Sen
sitive
Dat
a to
a S
ecure
d T
able
Data Separation: Moves sensitive data into multiple
tables. Data can still be joined but Sensitive and Non-
sensitive attributes do not reside in a single record.
Common Language – Separating Data
Slide# 48
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 25
Move
Sen
sitive
Dat
a to
a S
ecure
d T
able
Data Separation: Moves sensitive data into multiple
tables. Data can still be joined but Sensitive and Non-
sensitive attributes do not reside in a single record.
Common Language – Separating Data
Slide# 49
All rights reserved
(954) 249-1530 Michael Jay Freer
Move
Sen
sitive
Dat
a to
a S
ecure
d T
able
Data Separation: Moves sensitive data into multiple
tables. Data can still be joined but Sensitive and Non-
sensitive attributes do not reside in a single record.
Common Language – Separating Data
Slide# 50
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 26
Move
Sen
sitive
Dat
a to
a S
ecure
d T
able
Data Separation: Moves sensitive data into multiple
tables. Data can still be joined but Sensitive and Non-
sensitive attributes do not reside in a single record.
Common Language – Separating Data
Slide# 51
All rights reserved
(954) 249-1530 Michael Jay Freer
Data Separation: Moves sensitive data into multiple
tables. Data can still be joined but Sensitive and Non-
sensitive attributes do not reside in a single record.
Move
Sen
sitive
Dat
a to
a S
ecure
d T
able
Common Language – Separating Data
Slide# 52
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 27
Data Separation: Moves sensitive data into multiple
tables. Data can still be joined but Sensitive and Non-
sensitive attributes do not reside in a single record.
Move
Sen
sitive
Dat
a to
a S
ecure
d T
able
Common Language – Separating Data
Slide# 53
All rights reserved
(954) 249-1530 Michael Jay Freer
Data Separation: Moves sensitive data into multiple
tables. Data can still be joined but Sensitive and Non-
sensitive attributes do not reside in a single record.
Move
Sen
sitive
Dat
a to
a S
ecure
d T
able
Common Language – Separating Data
Slide# 54
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 28
Data Separation: Moves sensitive data into multiple
tables. Data can still be joined but Sensitive and Non-
sensitive attributes do not reside in a single record.
Move
Sen
sitive
Dat
a to
a S
ecure
d T
able
Common Language – Separating Data
Slide# 55
All rights reserved
(954) 249-1530 Michael Jay Freer
Data Separation: Moves sensitive data into multiple
tables. Data can still be joined but Sensitive and Non-
sensitive attributes do not reside in a single record.
Move
Sen
sitive
Dat
a to
a S
ecure
d T
able
Common Language – Separating Data
Slide# 56
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 29
Common Language – Masking Taxonomy
� Prune – Removes values from non-production systems. Attribute
appears on data entry screens and reporting but are blank.
� Conceal – Removes sensitive data from user access or visibility. For
data entry screens and reports, the attribute may not appear at all or be
obscured versus being Pruned (blank).
� Fabricate – Creating data to replace sensitive data and facilitate
proper application testing.
� Trim – Removes part of a data attribute’s value (Pruning removes the
entire attribute value)
� Encrypt – Unlike Fabricated Data, encrypted data can be decrypted
back to the original value.
� Data Separation – Moves specific segments of data or individual
datum into separate tables / databases to limit user access or visibility
Slide# 57
All rights reserved
(954) 249-1530 Michael Jay Freer
Busines
s End-U
ser A
cces
sIs
sue
Support S
taff
Qual
ity A
ssura
nce
Devel
opm
ent Sta
ff
Matrix – Method, Environment, Access
Slide# 58
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 30
Busines
s End-U
ser A
cces
sIs
sue
Support S
taff
Qual
ity A
ssura
nce
Devel
opm
ent Sta
ff
Matrix – Method, Environment, Access
Slide# 59
All rights reserved
(954) 249-1530 Michael Jay Freer
Use
r G
roups
Environments
Obfuscation Method
Busi
ness
End-U
ser A
cce
ssIs
sue
Support S
taff
Qual
ity A
ssura
nce
Dev
elopm
ent Sta
ff
Matrix – Method, Environment, Access
Slide# 60
All rights reserved
(954) 249-1530 Michael Jay Freer
No Access to Data
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 31
Busi
ness
End-U
ser A
cce
ssIs
sue
Support S
taff
Qual
ity A
ssura
nce
Dev
elopm
ent Sta
ff
Matrix – Method, Environment, Access
Slide# 61
All rights reserved
(954) 249-1530 Michael Jay Freer
Last Four Digits
Busi
ness
End-U
ser A
cce
ssIs
sue
Support S
taff
Qual
ity A
ssura
nce
Dev
elopm
ent Sta
ff
Matrix – Method, Environment, Access
Slide# 62
All rights reserved
(954) 249-1530 Michael Jay Freer
Fabricate Data
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 32
Busi
ness
End-U
ser A
cce
ssIs
sue
Support S
taff
Qual
ity A
ssura
nce
Dev
elopm
ent Sta
ff
Matrix – Method, Environment, Access
Slide# 63
All rights reserved
(954) 249-1530 Michael Jay Freer
Not Acknowledged
Busi
ness
End-U
ser A
cce
ssIs
sue
Support S
taff
Qual
ity A
ssura
nce
Dev
elopm
ent Sta
ff
Matrix – Method, Environment, Access
Slide# 64
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 33
Data-Centric Development
Projects that center around data analysis (i.e.: dashboards, BI,
data-marts / warehouses, etc.) often claim that they must have
“production data” to develop the solution.
It is true that the business will need production data for user
acceptance testing (UAT) but let’s consider a few other facts:
1) Negative testing will require fabricated data
2) New functionality will also likely require fabricated data
3) Existing production data may not contain all possible values
or permutations of data so full positive testing will also
require some level of fabricated data
4) Full regression testing will require a standardized test set
including the items above and is likely to be a combination of
fabricated and masked data
Slide# 65
All rights reserved
(954) 249-1530 Michael Jay Freer
Data-Centric Development
Projects that center around data analysis (i.e.: dashboards, BI,
data-marts / warehouses, etc.) often claim that they must have
“production data” to develop the solution.
It is true that the business will need production data for user
acceptance testing (UAT) but let’s consider a few other facts:
1) Negative testing will require fabricated data
2) New functionality will also likely require fabricated data
3) Existing production data may not contain all possible values
or permutations of data so full positive testing will also
require some level of fabricated data
4) Full regression testing will require a standardized test set
including the items above and is likely to be a combination of
fabricated and masked data
Slide# 66
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 34
Data-Centric Development
Projects that center around data analysis (i.e.: dashboards, BI,
data-marts / warehouses, etc.) often claim that they must have
“production data” to develop the solution.
It is true that the business will need production data for user
acceptance testing (UAT) but let’s consider a few other facts:
1) Negative testing will require fabricated data
2) New functionality will also likely require fabricated data
3) Existing production data may not contain all possible values
or permutations of data so full positive testing will also
require some level of fabricated data
4) Full regression testing will require a standardized test set
including the items above and is likely to be a combination of
fabricated and masked data
Slide# 67
All rights reserved
(954) 249-1530 Michael Jay Freer
Data-Centric Development
Projects that center around data analysis (i.e.: dashboards, BI,
data-marts / warehouses, etc.) often claim that they must have
“production data” to develop the solution.
It is true that the business will need production data for user
acceptance testing (UAT) but let’s consider a few other facts:
1) Negative testing will require fabricated data
2) New functionality will also likely require fabricated data
3) Existing production data may not contain all possible values
or permutations of data so full positive testing will also
require some level of fabricated data
4) Full regression testing will require a standardized test set
including the items above and is likely to be a combination of
fabricated and masked data
If your source data has already been cleansed, how would
you test for exceptions (negative testing)?
Based on functional-requirements, negative tests should
be created for everything outside expected ranges.
Slide# 68
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 35
Data-Centric Development
Projects that center around data analysis (i.e.: dashboards, BI,
data-marts / warehouses, etc.) often claim that they must have
“production data” to develop the solution.
It is true that the business will need production data for user
acceptance testing (UAT) but let’s consider a few other facts:
1) Negative testing will require fabricated data
2) New functionality will also likely require fabricated data
3) Existing production data may not contain all possible values
or permutations of data so full positive testing will also
require some level of fabricated data
4) Full regression testing will require a standardized test set
including the items above and is likely to be a combination of
fabricated and masked data
Slide# 69
All rights reserved
(954) 249-1530 Michael Jay Freer
Data-Centric Development
Projects that center around data analysis (i.e.: dashboards, BI,
data-marts / warehouses, etc.) often claim that they must have
“production data” to develop the solution.
It is true that the business will need production data for user
acceptance testing (UAT) but let’s consider a few other facts:
1) Negative testing will require fabricated data
2) New functionality will also likely require fabricated data
3) Existing production data may not contain all possible values
or permutations of data so full positive testing will also
require some level of fabricated data
4) Full regression testing will require a standardized test set
including the items above and is likely to be a combination of
fabricated and masked data
Slide# 70
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 36
Data-Centric Development
Projects that center around data analysis (i.e.: dashboards, BI,
data-marts / warehouses, etc.) often claim that they must have
“production data” to develop the solution.
It is true that the business will need production data for user
acceptance testing (UAT) but let’s consider a few other facts:
1) Negative testing will require fabricated data
2) New functionality will also likely require fabricated data
3) Existing production data may not contain all possible values
or permutations of data so full positive testing will also
require some level of fabricated data
4) Full regression testing will require a standardized test set
including the items above and is likely to be a combination of
fabricated and masked data
As systems become more complex and as regulations
increase, functional tests require data sets for situations
not yet present within the production data.
Slide# 71
All rights reserved
(954) 249-1530 Michael Jay Freer
Data-Centric Development
Projects that center around data analysis (i.e.: dashboards, BI,
data-marts / warehouses, etc.) often claim that they must have
“production data” to develop the solution.
It is true that the business will need production data for user
acceptance testing (UAT) but let’s consider a few other facts:
1) Negative testing will require fabricated data
2) New functionality will also likely require fabricated data
3) Existing production data may not contain all possible values
or permutations of data so full positive testing will also
require some level of fabricated data
4) Full regression testing will require a standardized test set,
including the items above, and is likely to be a combination
of fabricated and masked data (de-identified records)
Slide# 72
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 37
Data-Centric Development
Projects that center around data analysis (i.e.: dashboards, BI,
data-marts / warehouses, etc.) often claim that they must have
“production data” to develop the solution.
It is true that the business will need production data for user
acceptance testing (UAT) but let’s consider a few other facts:
1) Negative testing will require fabricated data
2) New functionality will also likely require fabricated data
3) Existing production data may not contain all possible values
or permutations of data so full positive testing will also
require some level of fabricated data
4) Full regression testing will require a standardized test set,
including the items above, and is likely to be a combination
of fabricated and masked data (de-identified records)
Leverage test-datasets already created for source
systems.
Slide# 73
All rights reserved
(954) 249-1530 Michael Jay Freer
Governance
Data stewardship is a key success factor for good data
governance and in this case for good information
obfuscation.
No one person will be aware of every government
regulation, trade association guideline, business functional
requirement, or company policy.
Include representatives from data stewardship, security,
internal audit, and quality assurance teams in your solution
planning and project development teams.
Slide# 74
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 38
Information Obfuscation Summary
1. Obfuscation occurs throughout the information lifecycle
not just in non-production environments
2. Everyone is responsible for protecting the corporate data
assets and the best data security tool is vigilance
3. Use a defined language to communicate who, what,
where, when, and how obfuscation will occur
4. Make Information Obfuscation part of your
organization’s business-as-usual (BAU) processes
5. Follow Michael Jay’s Data Masking Golden Rule
“Do unto your company’s corporate data assets as you
would have your banker, healthcare provider, or retailer
do unto your personal information.”
Slide# 75
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Summary
1. Obfuscation occurs throughout the information lifecycle
not just in non-production environments
2. Everyone is responsible for protecting the corporate data
assets and the best data security tool is vigilance
3. Use a defined language to communicate who, what,
where, when, and how obfuscation will occur
4. Make Information Obfuscation part of your
organization’s business-as-usual (BAU) processes
5. Follow Michael Jay’s Data Masking Golden Rule
“Do unto your company’s corporate data assets as you
would have your banker, healthcare provider, or retailer
do unto your personal information.”
Slide# 76
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 39
Information Obfuscation Summary
1. Obfuscation occurs throughout the information lifecycle
not just in non-production environments
2. Everyone is responsible for protecting the corporate data
assets and the best data security tool is vigilance
3. Use a defined language to communicate who, what,
where, when, and how obfuscation will occur
4. Make Information Obfuscation part of your
organization’s business-as-usual (BAU) processes
5. Follow Michael Jay’s Data Masking Golden Rule
“Do unto your company’s corporate data assets as you
would have your banker, healthcare provider, or retailer
do unto your personal information.”
Slide# 77
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Summary
1. Obfuscation occurs throughout the information lifecycle
not just in non-production environments
2. Everyone is responsible for protecting the corporate data
assets and the best data security tool is vigilance
3. Use a defined language to communicate who, what,
where, when, and how obfuscation will occur
4. Make Information Obfuscation part of your
organization’s business-as-usual (BAU) processes
5. Follow Michael Jay’s Data Masking Golden Rule
“Do unto your company’s corporate data assets as you
would have your banker, healthcare provider, or retailer
do unto your personal information.”
Slide# 78
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 40
Information Obfuscation Summary
1. Obfuscation occurs throughout the information lifecycle
not just in non-production environments
2. Everyone is responsible for protecting the corporate data
assets and the best data security tool is vigilance
3. Use a defined language to communicate who, what,
where, when, and how obfuscation will occur
4. Make Information Obfuscation part of your
organization’s business-as-usual (BAU) processes
5. Follow Michael Jay’s Data Masking Golden Rule
“Do unto your company’s corporate data assets as you
would have your banker, healthcare provider, or retailer
do unto your personal information.”
Slide# 79
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Summary
1. Obfuscation occurs throughout the information lifecycle
not just in non-production environments
2. Everyone is responsible for protecting the corporate data
assets and the best data security tool is vigilance
3. Use a defined language to communicate who, what,
where, when, and how obfuscation will occur
4. Make Information Obfuscation part of your
organization’s business-as-usual (BAU) processes
5. Follow Michael Jay’s Data Masking Golden Rule
“Do unto your company’s corporate data-assets as you
would have your banker, healthcare provider, or retailer
do unto your personal information.”
Slide# 80
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 41
Questions?
Slide# 81
All rights reserved
(954) 249-1530 Michael Jay Freer
Thank You!
Slide# 82
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 42
Appendix
Reference Material
Slide# 83
All rights reserved
(954) 249-1530 Michael Jay Freer
Legal & Regulatory Alphabet Soup (Sampling)
� GLBA – The Gramm–Leach–Bliley Act allowed consolidation
of commercial & investment banks, securities, & insurance co.
� >PPI – Nonpublic Personal Information - Financial
consumer’s personally identifiable information (see GLBA)
� OCC – Office of the Controller of Currency regulates banks.
� PCI – Payment Card Industry; defines Data Security Standard
(PCI DSS) processing, storage, or transmitting credit card info.
� PHI – Patient Health Information - Dept of Health & Human
Services (“HHS”) Privacy Rule (see HIPAA).
� PII – Personally Identifiable Information; used to uniquely
identify an individual. (Legal definitions vary by jurisdiction.)
Slide# 84
All rights reserved
(954) 249-1530 Michael Jay Freer
Information Obfuscation Tuesday, September 04, 2012
Michael Jay Freer ([email protected])
(954) 2491530 43
Sample Cross Reference Chart
Data PointPII
PCI >PPI PHI
Customer - The Fact That an Individual is a Customer ** X
First, or Last Name *; Mother's Maiden Name X X
Country, State, Or City Of Residence * X X
Telephone# (Home, Cell, Fax) X X
Birthday, Birthplace, Age, Gender, or Race *
Social Security#, Account#, Driver's License#, National ID ++
X X
Passport#, Issuing Country
Credit Card Numbers, Expiration Date, Credit Card Security Code X X
Credit Card Purchase X
Grades, Salary, or Job Position *
Vehicle Identifiers, Serial Numbers, License Plate Numbers X
Email - Electronic Mail Addresses; IP Address, Web URLs X
Biometric Identifiers, Face, Fingerprints, or Handwriting
Dates - All Elements of Dates (Except Year +) X
Medical Record#, Genetic Information, Health Plan Beneficiary# X
* More likely used in combination with other personal data
** GLBA regulation to fall into the “Restricted” classification
+ All elements of dates (including year) if age 90 or older
++ Varies by Jurisdiction
Slide# 85
All rights reserved
(954) 249-1530 Michael Jay Freer