Vous êtes sur la page 1sur 4

Protect the privacy of confidential information in non-production environments

IBM® Optim™ Data Privacy Solution

Data privacy: the “untold story” to testing, but live data values are not
Highlights Data privacy protection continues specifically necessary. Capabilities for
to be a tremendous focus for the IT “de-identifying” or masking production
community today. Organizations are data offer a best practice approach
 Safeguard personally-
identifiable information, trade making great strides to protect sensitive for protecting sensitive data while
secrets and other sensitive data data in live application environments. supporting the testing process.
 Easily mask confidential data But the “untold story” of implementing
Data masking offers a best practice
using predefined protection strategies in non-production
transformations and site-specific (testing, development and training)
Data masking is the process of
routines environments remains a critical risk.
systematically transforming confidential
 Discover hidden instances of As data breach headlines continue
data elements such as trade secrets
private data so that they can be to mount, organizations must begin
and personally-identifying information
fully protected to address the most vulnerable areas
(“PII”) into realistic but fictionalized
 Support compliance with privacy of IT infrastructure – non-production
values. Data that has been scrubbed
regulations and corporate environments.
or cleansed in such a manner is
governance standards
considered acceptable to use in non-
So, what makes non-production
production environments. Masking
environments so unique? The answer
enables developers and QA testers to
lies in in the methods used to create
use “production-like” data and produce
non-production databases. Commonly,
valid test results, while still complying
live production systems are cloned
with privacy protection rules.
(copied) to a test environment –
confidential data and all. Developers
Data masking represents a simple
and QA testers find it easy to work with
concept, but it is technically
live data because it produces test
challenging to execute. Most
results that everyone can understand.
organizations operate within complex,
But do non-production environments
heterogeneous IT environments,
actually require live data? The answer
consisting of multiple, interrelated
is, “no.” Using realistic data is essential
applications, databases and platforms. These capabilities make it easy to will be simple to recognize. Most
IT managers do not always know where de-identify many types of sensitive application databases though, are
confidential data is stored or how it information, such as birth dates, bank more complex. Sensitive data is
is related across disparate systems. account numbers, street address sometimes compounded with other
The ideal solution must both discover and postal code combinations, and data elements, or buried in text or
sensitive data across related data national identifiers (like Canada’s comment fields. Subject matter experts
stores, and mask it effectively. Social Insurance numbers or Italy’s can sometimes offer insight, but only if
Codice Fiscale). they fully understand the system.
The IBM® Optim™ Data Privacy Solution
provides comprehensive capabilities Optim’s Transformation Library™ Figure 2 illlustrates an example.
for masking sensitive data effectively routines allow for accurately masking Table A contains telephone numbers
across non-production environments. complex data elements, such as, in the “Phone” column. In Table B
You can take the necessary steps to credit card numbers and e-mail however, the telephone number is
protect privacy, while still providing addresses. You can also incorporate obscured within a compound field in
realistic data for use in development, site-specific data transformation the “Transaction Number” column.
testing or training. When you use Optim routines that integrate processing logic Both instances represent confidential
to mask confidential data, you protect from multiple related applications and information that must be protected.
privacy and safeguard shareholder databases. Optim offers the greatest But while data analysts can clearly
value. flexibility to support even the most recognize the telephone number in
complex data masking requirements. Table A, they may well overlook it in
Implement proven data masking
techniques Table B. And every missed occurrence
Discovering sensitive data
Optim Data Privacy Solution users of private information represents a
Some sensitive data is easy to find.
can apply a variety of proven data risk to the organization. What is the
For instance, credit card numbers in
transformation techniques to mask alternative?
a column named “credit_card_num”
sensitive real data with contextually
accurate, realistic data. Users can
mask data in a single database or
Original Data De-Identified Data
across multiple related systems. Some Customers Table Customers Table

simple examples of Optim’s masking Cust_ID Name Street Cust_ID Name Street
08054 Alice Bennett 2 Park Blvd 10000 Auguste Renoir Mars23
techniques include substrings, 19101 Carl Davis 258 Main 10001 Claude Monet Venus24
27645 Elliot Flynn 96 Avenue 10002 Pablo Picasso Saturn25
arithmetic expressions, random or
sequential number generation, date Cust_ID Item # Order_Date Cust_ID Item # Order_Date
aging and concatenation. 27645 80-2382 20 June 2006 10002 80-2382 20 June 2006
27645 80-2382 10 October 2006 10002 80-2382 10 October 2006

Optim’s context-aware masking

Figure 1: Optim offers a variety of data masking techniques to protect the confidentiality of private
capabilities ensure that masked data
information and propagate it throughout the system.
resembles the look and feel of the
original information.

relationships and bring them clearly into
Table A
view. By leveraging the combination
Date Phone Time
Table B of InfoSphere Discovery and Optim,
10-28-2008 555 908 1212 13:52:49 all relationships will be uncovered and
Transaction Number
replacement values will be masked
consistently and accurately across
multiple data sources.

Figure 2: Confidential information hidden in compound fields poses a privacy risk to the organization Non-production data is created
in multiple ways, but all must be
IBM® InfoSphere™ Discovery enables Ensuring data integrity protected. To minimize risk, data
organizations to identify all instances Finding and masking data is part of the should be masked as close to its
of confidential data across the solution. However, there is an added source system as possible. In some
environment – whether clearly visible complication. You need the capability scenarios data is copied directly from
or obscured from view. InfoSphere to propagate masked data elements a live system. In this case, data must
Discovery works by examining data to all related tables in the database be masked “in place” to ensure that
values across multiple sources to and across databases to maintain the newly created test database is
determine the complex rules and referential integrity. For example, protected for use. In other scenarios,
transformations that may hide sensitive if a masked data element, such as specific subsets of data are extracted
content. It can locate confidential a telephone number, is a primary using test data management products
data items that are contained within or foreign key in a database table like the IBM® Optim™ Test Data
larger fields, as described in the relationship, then this newly masked Management Solution. Here, data is
prior example, or that are separated data value must be propagated to all masked during the extract process to
across multiple columns. InfoSphere related tables in the database or across ensure that private information is never
Discovery delivers automated data sources. If the data is a portion of exposed.
capabilities that offer greater another row’s data, it must be updated
accuracy and reliability than manual with the same data as well. Support compliance initiatives

analysis. When used together, the To support industry, government and

Optim Data Privacy Solution and InfoSphere Discovery not only internal compliance initiatives, data

InfoSphere Discovery provide the most discovers hidden sensitve data, it masking is a must. The European Union

effective, enterprise-scale solution also provides a full range of data has established the Personal Data

for locating and masking sensitive analysis capabilities to discover hidden Protection Directive as the framework

data across complex, heterogeneous for privacy protection governing its


member countries. And many other applications, Optim has the meta-
countries have similar regulations model knowledge to support the key
around the world. The U.S. Department ERP and CRM applications in use
of Health and Human Services today: SAP® Applications, Oracle® E
© Copyright IBM Corporation 2008
has enacted the Health Insurance Business Suite, PeopleSoft® Enterprise,
IBM Software Group
Portability and Accountability Act of JD Edwards® EnterpriseOne, Siebel®
1996 (HIPAA) Privacy Rule for the and Amdocs® CRM.
Produced in the United States of America
privacy of individually identifiable health 12-08
About IBM Optim Integrated Data All Rights Reserved
information. Additionally, industry
Management Solutions
DB2, IBM, the IBM logo, IMS, Informix, Optim,
coalitions are developing sector-
IBM Optim Integrated Data VSAM and z/OS are trademarks or registered
specific governance standards. For trademarks of the IBM Corporation in the United
Management Solutions offer proven,
States, other countries or both.
instance, the Payment Card Industry
integrated capabilities to manage
Linux is a registered trademark of Linus Torvalds
Data Security Standard (PCI DSS),
enterprise application data from in the United States, other countries, or both.
initiated by Visa® and MasterCard®, UNIX is a registered trademark of The Open
requirements to retirement. With Optim,
Group in the United States and other countries.
Implementing Optim helps you comply
teams can share data artifacts (like Windows and SQL Server are registered
with these data privacy regulations trademarks of Microsoft Corporation in the
models, policies and metadata) to align
United States and other countries. All other
by protecting the confidentiality of
data management with business goals company or product names are trademarks or
sensitive information across your registered trademarks of their respective owners.
and improve collaboration. Today,
enterprise. References in this publication to IBM products,
organizations of all types leverage
programs or services do not imply that IBM
Optim to improve performance, intends to make them available in all countries in
Optim provides a scalable data privacy which IBM operates or does business.
streamline database administration,
solution with flexible capabilities Each IBM customer is responsible for ensuring
speed application development, and
its own compliance with legal requirements. It
that can be easily adapted to your
enable effective governance. Optim is the customer’s sole responsibility to obtain
current and future requirements. advice of competent legal counsel as to the
delivers better business outcomes,
identification and interpretation of any relevant
You also benefit from knowing that
at lower cost, with less risk, while laws and regulatory requirements that may
Optim supports all leading enterprise affect the customer’s business and any actions
providing capabilities that scale across
the customer may need to take to comply with
databases and operating systems,
enterprise applications, databases and such laws. IBM does not provide legal advice or
including IBM DB2®, Oracle®, Sybase®, represent or warrant that its services or products
will ensure that the customer is in compliance
Microsoft® SQL Server®, IBM Informix®,
with any law.
IBM IMS™, IBM VSAM®, Teradata®, For more information
Adabas®, Microsoft Windows®, UNIX®, To learn more about IBM Optim
Linux® and IBM z/OS®. In addition Integrated Data Management
to providing data management Solutions, contact your IBM sales
support for all custom and packaged representative or visit: www.ibm.com/