Data Masking : Regulated Data Protection

With the increased complexity in the business it became very necessary for financial organizations to keep the data protected & have an eye on their data privacy in the their business intelligence environments. There’re many tools & techniques came to protect an unauthorized access to sensitive & regulated data. 

                                 

                                   But still there is a miss utilization of data. Organizations cannot just relay on the accounts & authorization methods to protect unauthorized access to data even if the data in the business intelligence systems are only be used by top management for their critical business decisions.

It is always a known factor that without real time & huge data, development / test teams cannot test the IT code & applications which are in development or test phase. Sometimes it becomes very necessary to copy the production data sets to development & test environments in order to have the test code to use the real time data & properly tested before it deployed to production. 

                            

                            In this case whenever the production data set comes to development & test environments unknowingly there is a complete access to use sensitive data which would sometimes lead to data breach. In order to establish a strong protection mechanism some of the financial organizations started using the Data Masking mechanism where the data in production would be in the encrypted format only the authorized trusted business intelligence applications can read/write using the encryption/decryption algorithms in turn only business users who are having access to respective BI report can view the data.

Even when there is a file transfer required to the third party server or outside the organization’s owned domain indeed it’s very necessary to have the data securely transferred to the destination in order to have the utmost data protection most of the organizations recommend to have the file to be transferred are in encrypted format & once the file reaches to the destination authorized scripts would  decrypt the files. Here the encryption & decryption works using the cryptographic algorithms. In most Datawarehose projects we use GPG to encrypt & decrypt the file, GPG which is a freeware from Symantec which can be installed on OS & business scripts can use the GPG provided commands to do encryption & decryption.