Data obfuscation consists of changing sensitive data or personally identifying information (PII), intending to protect confidential information in non-productive databases. A successful obfuscation is when the data maintains referential integrity, as well as its original characteristics, which guarantees that the development, testing, and installation of the applications are successful.
This technique is used in non-productive environments, which, in comparison to the production environments, have less security protection, so they are more prone to information leaks.
The purpose of this is to preserve real data while having a functional substitute when actual data is not necessary.
Although most organizations have strict security controls to protect production data, both at their storage location and when they are being used in the business, sometimes the same data is used for operations that are not entirely secure. The problem can often be complicated if these operations are outsourced to external companies where the organization has little control over what is done with the data. To comply with legal requirements, most organizations do not feel comfortable exposing their real data unnecessarily.
In data obfuscation, the data format remains the same as only the values are modified. Data can be changed in different ways, including encryption, character mixing, or word substitution. Whatever method is chosen, it guarantees that the values are modified so that the discovery of the real value or the possibility of reverse engineering is impossible.
Data obfuscation is nothing but obscuring specific records within the database, ensuring that sensitive data is replaced with data that seems real but is not, so it can be used in testing environments with the assurance that the tests are valid, while the protection of confidential data is guaranteed.
Data Obfuscation Considerations
Not reversible. It is not possible to recover the original sensitive data once the data obfuscation process has occurred. If it is possible to reverse the process to recover sensitive data again, this does not fulfill the purpose for which it is performed in the first place.
Repeatable. Data obfuscation must be a repeatable method. Bear in mind that data in production environments frequently change, sometimes in a few hours. If your data obfuscation solution supports single obfuscation, it may cause difficulties since recently-added records may not be obfuscated.
Database Integrity. In addition to maintaining referential integrity, the data obfuscation solution should also be able to take into account keys, triggers, indexes, etc. You should be able to discover the relationships between different objects in the database automatically, and you should be able to maintain their status accordingly.
Obfuscation of pre-packaged data. If you are buying a data obfuscation solution, then you should also look for pre-packaged obfuscated data for general requirements, such as credit card numbers, social security numbers, etc. The solution should have data samples prepared beforehand.
Contact Soaring Eagle Consulting for a Free Database Evaluation Today
Getting started is simple. Click the button below to request your free one-hour database assessment from the DBA experts at Soaring Eagle Consulting®.
