Data Masking Reduces Business Security Risks: Report

Masked data is used in application development, testing, quality assurance, support and business analysis by a range of private and governmental entities.

Data security intelligence and protection specialist Dataguise released a report suggesting data masking, or the de-identification of sensitive data used in application development, testing and business analysis, can go a long way to improving a business or organization's ability to protect itself against security risks. The company recommended creating test and development copies through an automated process to reduce the exposure of sensitive data and improve data security in non-production instances. The company said leaving the data in the hands of employees could have "disastrous results."

Of the available options, the study found those that provide actionable intelligence and enable information security, compliance officers and infrastructure managers to better understand shared responsibilities for protecting data are preferred.

Joe Feiman, a senior analyst at Gartner, said data-masking technologies can help protect organizations against security breaches as well as regulatory and other compliance failures in industries ranging from health care to government and private enterprises. "A clear understanding of the key trends in this still-evolving market is crucial to making the right implementation decisions."

In addition, the Center for Democracy and Technology noted the increased flow of health care data posed a "significant" threat to privacy. "Among the many challenges that will require attention as health IT is promoted through implementation of the stimulus legislation and other means is how to strip health data of personal identifiers in order to eliminate or reduce privacy concerns, while still retaining useful information."

"Much of the debate over the appropriate privacy protection solution can be settled by the proper alignment of key technologies such as tokenization, encryption or masking with their respective applications," said Allan Thompson, executive vice president of operations at Dataguise. "For data used outside of the production environment, such as Oracle, IBM DB2 and SQl Server copied databases used for test, development, quality assurance and business analytics, data masking provides a much more efficient and secure data sharing solution than the alternatives. Of the various data masking solutions, those that deploy quickly, are easy to use and manage, and scale to support a range of enterprise application data sets provide the greatest value."

A similar report from data masking specialist Net 200 found inappropriate data exposure, whether accidental or malicious, can have devastating consequences for businesses and warned the risk of accidental exposure of information is often neglected when considering the security risks associated with real test data. However, often just masking the most sensitive information (credit card numbers, customer email addresses) is enough to mitigate the damage associated with accidental exposure and the masked databases remain just as functional, the report concluded.