From the inside out: agile data masking safeguards sensitive information
With new technologies -- such as virtualization, cloud computing and mobility -- come new threats to IT systems. The sophistication of those threats -- both internal and external -- has become a major concern for the federal government. In fact, cyber security is among the top priorities for the White House and Congress as evidenced by recent legislation and initiatives aimed at protecting sensitive data and intelligence, including health and personally identifiable information.
According to a recent Government Accountability Office (GAO) report, there were more than 46,000 cyber incidents reported by federal agencies in fiscal 2013 to the U.S. Computer Emergency Readiness Team -- a 32 percent increase over the previous year. In addition, the GAO report noted a lack of a consistent, documented approach in responding to cyber security incidents, putting government data and IT systems at greater risk.
Ensuring data security -- externally and internally
Organizations operating in regulated industries, including healthcare and government are required to protect sensitive data. Evolving regulatory requirements around mandates like the Health Insurance Portability and Accountability Act and the Federal Information Security Management Act are major drivers for ensuring data privacy and security within the federal government.
While threats to data security and privacy are often perceived to come from the outside, evidence points to internal threats being just as dangerous. According to Forrester Research, internal threats emerged as the top source of breaches with 36 percent stemming from inadvertent misuse of data by employees. Because insider threats are just as likely to expose data to increased security risk, leaks or even theft, agencies need to focus more attention on securing data across the board.
Data masking for privacy and compliance
In recent years, data masking has emerged as a key enabling technology to protect sensitive data. Agencies distribute sensitive data across applications, databases, documents and servers to enable employees to perform their jobs better and faster, resulting in greater exposure and risk. By masking data, agencies create a structurally similar but obscured version of the original data that can be used for purposes such as software testing and analysis, development and user training. This process eliminates the exposure of sensitive, regulated data by providing a functional substitute. With data masking, sensitive information such as social security numbers or medical conditions can be replaced with realistic values. In addition to improving security and addressing compliance requirements, data masking is an effective way to mitigate the growing risk of insider threats.
An agile approach to data masking
Federal agencies have made major investments and significant strides in securing their systems against data breaches and attacks, including deployment of data masking solutions. Unfortunately, half of all data masking projects entirely fail. The reason is simple: existing masking products focus on the creation of masked data and ignore the bigger challenges around data distribution. In practice, application lifecycles require constant movement and distribution of secure, masked data. Since legacy masking products do not solve the data delivery problem, government IT teams have been frustrated with the cost, risk and complexity of masking projects, leading any meaningful progress to stall indefinitely.
Today, there is a unique approach that ensures broad distribution of masked data sets: masking virtualized data. Virtual data masking eliminates 90 percent of the cost and complexity around the creation and distribution of masked data. Agile masking combines data masking techniques with virtual data delivery to offer a unique approach to meeting data security, governance and compliance requirements.
Secure, virtual database copies can be delivered from a single point of control, containing the unattended data sprawl in most organizations. Virtual data environments and databases can be stopped or started from a single management console, and can be easily distributed as branches from secured data sets -- all via self-service and with 90 percent less infrastructure and significantly lower costs.
With new privacy laws emerging and existing ones becoming more stringent, agile data masking is clearly an effective way to mitigate risk. Federal agencies, constantly targeted by cyber attacks, can now fight back with agile masking technology that protects sensitive data in any format and any location.
Ted Girard is vice president, Federal Sales at Menlo Park, CA-based Delphix.