What are we trying to solve by masking, and what do we want to achieve and for whom?
For whom, which audiences?
What do we want to achieve?
What we want to avoid?
FWD View proposes a Framework
All organisations have a requirement to obfuscate (mask) data to meet security and regulatory requirements, across the total enterprise, in both production and non-production. Data protection needs to be part of the system design and testing process
Masking will change the process of creating data for Non Production. To manage that change an operational framework needs to be inserted in to the existing support process. It needs to describe
To achieve a coordinated, enterprise-wide masking solution a data map needs to be created so the flows and dependencies can be traced / documented and the risk of data exposure can be assessed
Data masking incurs trade-offs, between hiding data and achieving a functioning application, dependent upon the application and its implementation. The ability to help debug a production scenario in non production environment needs to be evaluated against the risk to exposure. A proxy solution in place gives the ability to take in a real value from the application, and replace it with the pseudo value is something that needs to be explored.
As an example
The trade off is where the pseudo ID does not meet then need for all business units where counterparty is used in the application, and causes the failure in process or result. It is for this that trade-off between risk of exposure and the risk of the application failure. Hence the need for differing solutions for each business unit
The objective of masking is to reduce the risk of exposure of sensitive data. Masking of data is often a trade off between what can technically achieved and what is practicalWe could mask every element of data within the application, database, lookup table, temp tables etc., but the application would be difficult to support / develop / test. There is not a complete one-stop masking process due to the constraints of the implementation and custom code.
Our proposal is for a multi-tiered approach to data masking, this allows the selection of the appropriate level of masking for the users and task.
This approach makes it easier process to mask data for