Professional Documents
Culture Documents
DDM Introduction Part1
DDM Introduction Part1
DDM Introduction Part1
2
The Business Challenge
Protecting Sensitive Information
3
Informatica Security
Improving Security and Compliance
Production Development and Testing
Custom
Datawarehouse applications Training Test
Inactive data
Development Tools QA
Active data
4
Product Overview
Dynamic Data Masking
• Gartner defined a new category - “Dynamic Data Masking” driven by realization that
Identity Access Management (IAM), static data masking, and encryption cannot solve
the problem alone
• Dynamic Data Masking protects sensitive information from end-users who do not
require access to it to perform their jobs
• Informatica Dynamic Data Masking ensures that each user will see the data according
to his or her identification, role, and responsibility - transparently - without changing
applications or databases!
5
Product Overview
PeopleSoft HR Privacy Protection Example
6
Product Overview
In-line Proxy Server Delivers Seamless Security Layer
BLAKE
real-time prevention while
BL****
le 1
maintaining operational
Se
b
ta
JONES JO****
le c efficiency across environments
m
ro
tn
KING
ef
am
KI****
am
ef
tn
r om
le c
Se
tab
)
Application screens
(1
le1
Business user
application screen and tools used by
Dynamic Data Masking Layer production support,
applies real-time SQL rewrites DBAs, Outsourced or
to mask returned result set unauthorized workforce
Private Information
Stored in Database (2)Select substring(name,1,2)||’***’
from table1
BLAKE
JONES
KING Database
7
Product Overview
Development & DBA Tool Protection Example
Masking
Names areperformed
scrambled,
completely
credit card
transparent
numbersto
the calling
and salaries
tool
are/ application
masked
8
Product Overview
Protect Sensitive From Displaying In Report
9
Product Overview
ActiveBase Unique Informed Block™ Functionality
Common usages:
Block or notify users
before truncating tables
in Prod or DML\DDL
execution
Block requests before
they penalize production
performance (e.g., full
scans or high parallel)
Clear message presented in
all tools and applications
(multi-language support)
10
Implementation Methodology
‘Screen Based’ Implementation Methodology
11
Partner Communications Secures
Private information with ActiveBase
12
Enterprise Approach to Data Masking
End-to-End Protection
Production Production
Application Data Warehouse
Data
Masking
Development Testing
13
Summary & Highlights
Informatica Dynamic Data Masking is a pioneer in dynamic data masking
delivering a new level of sensitive data protection across production and
near-production
14
Competition and Differentiators
Similar and Adjacent Technologies
15
Competition and Differentiators
Tokenization Vendors
• Differentiators
• The Informatica approach requires no
changes to the database or the
application Credit Cards Tokens Token Real Credit Card
• All the above vendors are database A08JADFPO A08JADFPO JSAOEUR1-3481
and/or application intrusive L143L1J28A L143L1J28A J14OPU124-2215
• Databases and applications take a FV0435LJ14 FV0435LJ14 MJ13240392-3112
16
Competition and Differentiators
Encryption Vendors
here 4914-9411-1341-1414
• Vormetric here 4871-1401-4109-6394
• Differentiators
• Encryption solutions ONLY protect the
VERY FEW infrastructure DBAs who can
steal the database server and the data files
stored on it
Encrypted Credit Cards
• Encryption solutions do NOT secure end 10AE1322ABCCCABBAA
users, business partners, production
CCSDE13ABCCCABBBA
support teams, developers and application
DBAs who still have application access to AC11212ABCCCACCAA
decrypted values
• Some encryption vendors encrypt the entire
database. Encryption vendors cannot
enforce row, column or cell level security Database
• Encryption vendors do not mask, block,
monitor, log, report or create audit trails for
end user level access.
17
Competition and Differentiators
DAM Vendors
• Differentiators 4871-1401-4109-6394
DAM Sniffer
management where all actions are
logged under one ID
• DAM vendors cannot mask,
scramble, hide or apply row/column
level security on personal information
• DAM vendor “blocking” feature
includes kill session or drop TCP
packet with no user notification – not
applicable within business Database
applications
18
Comparison with Oracle
Oracle VPD, Database Firewall, Advanced Security
• Does not mask or scramble application screens:
-> Cannot effectively protect from IT personnel,
production support, outsourcing and offshoring!
• Required DBA expertise as it is programming
language (plsql), thus cannot be created and
maintained by security team (separation of duties)
• Limited to work only on Oracle databases
• No traceability/audit trail on Oracle VPD activity
• Cannot block or warn users, cannot notify
security team
19