Cloud computing has been growing in popularity over the years due to the several benefits it offers like higher scalability, flexibility and less infrastructure costs. At the same time, security has always been a prime concern, particularly in applications handling sensitive personal and commercial data. A study of 2200 companies reveals that 48% of respondents with on-premise datacenters suffered data attacks.
Cloud provides a highly scalable and convenient development and testing interface. So, how can companies make data available to their employees for development, testing or analysis purposes without running the risk of a data breach?
Data Masking or data obfuscation provides an efficient way of addressing security concerns with storing data in the cloud. It involves replacing sensitive data with fake but realistic data prior to moving to the cloud.
Advantages of Data masking:
- It provides a viable solution to five types of threats – data breaches, data loss, account or service hijacking, insecure interfaces and malicious use of data by insiders
- Masked data retains its integrity and structural format
- Data can be shared with authorized people, including developers and testers, without fear of exposing production data
- Significantly reduces data risks associated with increasing cloud adoption
- Cost effective and less complicated than encryption, and mitigates insider threat
Multiple data masking techniques are used to ensure the data is kept secure. Notable among them are:
- Substitution – Substitute values with other similar values. Ex: substitute names with other names of the same gender.
- Shuffling – Move values vertically and randomly across the column. This is useful in disassociating sensitive data relationships.
- Blurring – Altering an existing value within a defined range.
- Tokenization – Substituting data elements with random place holder values
What is dynamic masking?
This is the process of masking production data at the point when the data request is actually made. There are two types of dynamic masking – view based masking and proxy based masking.
View based masking maintains the production version and the masked version of the data in the same database. Users who are not approved to view production data or who trigger the security filter in any way are shown masked data. The decision to show masked or production data is made in real-time based on pre-programmed rules.
Proxy-based masking introduces a proxy layer between the user and the database. The user query passes through the proxy which substitutes the result of the query with masked values. This provides data protection without the need to alter the database.
Another recent technique is query substitution which intercepts and redirects the query to retrieve data from masked columns. Such queries are very flexible and can pick masked data from a view or file or even link to another database.
Though Cloud infrastructure has also been exposed to security threats in recent times, but organizations cannot afford to shy away from the cloud due such security threats due the benefits they offer. Data masking is one of the techniques which is making Cloud more secure. Experts expect the data masking market to grow 30-40% a year as organizations become increasingly cautious of security breaches from inside as much as from outside. Data masking provides an effective way to leverage the benefits of the cloud without compromising on security.
Enterprises face a relentless onslaught of security challenges ranging from DDoS attacks, Database compromise, unauthorized entry, breach of access control, login flaws and vulnerabilities across sessions, multiple authentications, caches etc. Want to provide greater security for your enterprise data? Download our Security Testing white paper to know more.
We are also hosting a Webinar on Mobile Application Security Testing Right before your eyes on Jan 22nd, 2015 at 11 AM EST. Register for the webinar to get deeper insights into how to do efficient security testing – Register for Security Testing Webinar here.