Data Masking Reduces Business Security Risks: Report
Masked data is used in application development, testing, quality assurance, support and business analysis by a range of private and governmental entities.Data security intelligence and protection specialist Dataguise released a report suggesting data masking, or the de-identification of sensitive data used in application development, testing and business analysis, can go a long way to improving a business or organization's ability to protect itself against security risks. The company recommended creating test and development copies through an automated process to reduce the exposure of sensitive data and improve data security in non-production instances. The company said leaving the data in the hands of employees could have "disastrous results."
Of the available options, the study found those that provide actionable intelligence and enable information security, compliance officers and infrastructure managers to better understand shared responsibilities for protecting data are preferred.
"Much of the debate over the appropriate privacy protection solution can be settled by the proper alignment of key technologies such as tokenization, encryption or masking with their respective applications," said Allan Thompson, executive vice president of operations at Dataguise. "For data used outside of the production environment, such as Oracle, IBM DB2 and SQl Server copied databases used for test, development, quality assurance and business analytics, data masking provides a much more efficient and secure data sharing solution than the alternatives. Of the various data masking solutions, those that deploy quickly, are easy to use and manage, and scale to support a range of enterprise application data sets provide the greatest value."
A similar report from data masking specialist Net 200 found inappropriate data exposure, whether accidental or malicious, can have devastating consequences for businesses and warned the risk of accidental exposure of information is often neglected when considering the security risks associated with real test data. However, often just masking the most sensitive information (credit card numbers, customer email addresses) is enough to mitigate the damage associated with accidental exposure and the masked databases remain just as functional, the report concluded.