{"id":246,"date":"2015-01-13T11:19:55","date_gmt":"2015-01-13T11:19:55","guid":{"rendered":"http:\/\/www.gallop.net\/blog\/?p=246"},"modified":"2022-07-19T18:50:05","modified_gmt":"2022-07-19T13:20:05","slug":"securing-on-premise-data-through-data-masking-2","status":"publish","type":"post","link":"https:\/\/www.cigniti.com\/blog\/securing-on-premise-data-through-data-masking-2\/","title":{"rendered":"Securing on-premise data through data masking"},"content":{"rendered":"<p><strong>Cloud computing<\/strong> has been growing in popularity over the years due to the several benefits it offers like higher scalability, flexibility and less infrastructure costs. At the same time, security has always been a prime concern, particularly in applications handling sensitive personal and commercial data. A study of 2200 companies reveals that <a href=\"http:\/\/resources.idgenterprise.com\/original\/AST-0112157_alert-logic-spring-2014-CSR-pages-04-21-14.pdf\" target=\"_blank\" rel=\"nofollow noopener\">48%<\/a> of respondents with on-premise datacenters suffered data attacks.<\/p>\n<p>Cloud provides a highly scalable and convenient development and testing interface. So, how can companies make data available to their employees for development, testing or analysis purposes without running the risk of a data breach?<\/p>\n<p><strong>Data Masking<\/strong> or data obfuscation provides an efficient way of addressing security concerns with storing data in the cloud. It involves replacing sensitive data with fake but realistic data prior to moving to the cloud.<\/p>\n<h4><span style=\"color: #ff9900;\">Advantages of Data masking:<\/span><\/h4>\n<ul>\n<li>It provides a viable solution to five types of threats \u2013 data breaches, data loss, account or service hijacking, insecure interfaces and malicious use of data by insiders<\/li>\n<li>Masked data retains its integrity and structural format<\/li>\n<li>Data can be shared with authorized people, including developers and testers, without fear of exposing production data<\/li>\n<li>Significantly reduces data risks associated with increasing cloud adoption<\/li>\n<li>Cost effective and less complicated than encryption, and mitigates insider threat<\/li>\n<\/ul>\n<h4><span style=\"color: #ff9900;\">Masking techniques<\/span><\/h4>\n<p>Multiple data masking techniques are used to ensure the data is kept secure. Notable among them are:<\/p>\n<ul>\n<li><strong>Substitution <\/strong>\u2013 Substitute values with other similar values. Ex: substitute names with other names of the same gender.<\/li>\n<li><strong>Shuffling<\/strong> \u2013 Move values vertically and randomly across the column. This is useful in disassociating sensitive data relationships.<\/li>\n<li><strong>Blurring<\/strong> \u2013 Altering an existing value within a defined range.<\/li>\n<li><strong>Tokenization<\/strong> \u2013 Substituting data elements with random place holder values<\/li>\n<\/ul>\n<h4><span style=\"color: #ff9900;\">What is dynamic masking?<\/span><\/h4>\n<p>This is the process of masking production data at the point when the data request is actually made. There are two types of dynamic masking \u2013 view based masking and proxy based masking.<\/p>\n<p><strong>View based masking<\/strong> maintains the production version and the masked version of the data in the same database. Users who are not approved to view production data or who trigger the security filter in any way are shown masked data. The decision to show masked or production data is made in real-time based on pre-programmed rules.<\/p>\n<p><strong>Proxy-based masking<\/strong> introduces a proxy layer between the user and the database. The user query passes through the proxy which substitutes the result of the query with masked values. This provides data protection without the need to alter the database.<\/p>\n<p>Another recent technique is <strong>query substitution<\/strong> which intercepts and redirects the query to retrieve data from masked columns. Such queries are very flexible and can pick masked data from a view or file or even link to another database.<\/p>\n<p>Though Cloud infrastructure has also been exposed to security threats in recent times, but organizations cannot afford to shy away from the cloud due such security threats due the benefits they offer. Data masking is one of the techniques which is making Cloud more secure. Experts expect the data masking market to grow <a href=\"http:\/\/www.thestreet.com\/story\/12532159\/1\/winners-of-the-growing-data-masking-market.html\" target=\"_blank\" rel=\"nofollow noopener\">30-40%<\/a> a year as organizations become increasingly cautious of security breaches from inside as much as from outside. Data masking provides an effective way to leverage the benefits of the cloud without compromising on security.<\/p>\n<p>Enterprises face a relentless onslaught of security challenges ranging from DDoS attacks, Database compromise, unauthorized entry, breach of access control, login flaws and vulnerabilities across sessions, multiple authentications, caches etc. Want to provide greater security for your enterprise data? <a href=\"https:\/\/www.cigniti.com\/resource\/white-papers\/security-testing-tools-experiences-recommendations\/\" target=\"_blank\" rel=\"noopener\">Download our Security Testing white paper to know more<\/a>.<\/p>\n<p>We are also hosting a Webinar on <strong>Mobile Application Security Testing Right before your eyes on Jan 22<sup>nd<\/sup>, 2015 at 11 AM EST. <\/strong>Register for the webinar to get deeper insights into how to do efficient security testing \u2013 <a href=\"https:\/\/www.cigniti.com\/mobile-application-security-testing-right-eyes\/\" target=\"_blank\" rel=\"noopener\"><strong>Register for Security Testing Webinar here<\/strong>.<\/a><\/p>\n<p><a href=\"https:\/\/www.cigniti.com\/mobile-application-security-testing-right-eyes\/\"><img decoding=\"async\" class=\"aligncenter wp-image-986 size-full\" src=\"https:\/\/cigniti.com\/blog\/wp-content\/uploads\/Banner_06.jpg\" alt=\"Security Testing, Rich Internet Application, Quality Assurance\" width=\"590\" height=\"163\" srcset=\"https:\/\/www.cigniti.com\/blog\/wp-content\/uploads\/Banner_06.jpg 590w, https:\/\/www.cigniti.com\/blog\/wp-content\/uploads\/Banner_06-300x83.jpg 300w\" sizes=\"(max-width: 590px) 100vw, 590px\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cloud computing has been growing in popularity over the years due to the several benefits it offers like higher scalability, flexibility and less infrastructure costs. At the same time, security has always been a prime concern, particularly in applications handling sensitive personal and commercial data. A study of 2200 companies reveals that 48% of respondents [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":13182,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[832,60,926,4186,1077,1111,1120,1125,1260,1470,1471,1473,1481,1484,1485],"ppma_author":[3736],"class_list":["post-246","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-testing","tag-application-penetration-testing-services","tag-application-security-testing","tag-certified-security-testers","tag-data-masking-benefits","tag-ethical-hackers","tag-gallop-penetration-testing","tag-gallop-solutions-review","tag-gallop-webinars","tag-mobile-application-security-testing","tag-security-testing-as-a-services","tag-security-testing-blogs","tag-security-testing-companies","tag-security-testing-services","tag-security-testing-webinars","tag-security-testing-whitepaper"],"authors":[{"term_id":3736,"user_id":2,"is_guest":0,"slug":"admin","display_name":"Cigniti Technologies","avatar_url":{"url":"https:\/\/www.cigniti.com\/blog\/wp-content\/uploads\/120X120-1.png","url2x":"https:\/\/www.cigniti.com\/blog\/wp-content\/uploads\/120X120-1.png"},"user_url":"http:\/\/www.cigniti.com\/","last_name":"Technologies","first_name":"Cigniti","job_title":"","description":"Cigniti is the world\u2019s leading AI &amp; IP-led Digital Assurance and Digital Engineering services company with offices in India, the USA, Canada, the UK, the UAE, Australia, South Africa, the Czech Republic, and Singapore. We help companies accelerate their digital transformation journey across various stages of digital adoption and help them achieve market leadership."}],"_links":{"self":[{"href":"https:\/\/www.cigniti.com\/blog\/wp-json\/wp\/v2\/posts\/246"}],"collection":[{"href":"https:\/\/www.cigniti.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cigniti.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cigniti.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cigniti.com\/blog\/wp-json\/wp\/v2\/comments?post=246"}],"version-history":[{"count":0,"href":"https:\/\/www.cigniti.com\/blog\/wp-json\/wp\/v2\/posts\/246\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cigniti.com\/blog\/wp-json\/wp\/v2\/media\/13182"}],"wp:attachment":[{"href":"https:\/\/www.cigniti.com\/blog\/wp-json\/wp\/v2\/media?parent=246"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cigniti.com\/blog\/wp-json\/wp\/v2\/categories?post=246"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cigniti.com\/blog\/wp-json\/wp\/v2\/tags?post=246"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.cigniti.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=246"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}