Data Masking: AnData Masking: An
Expert Panel Discussion
Roxana Bradescu
Oracle
04/24/09 | Session ID: STAR-40304/24/09 | Session ID: STAR 403
Classification: Intermediate
Agenda
Introduction
Panel DiscussionPanel Discussion
Q&AQ&A
Wrap Up
1
Data Masking:Data Masking:
An Introduction
What is Data Masking?
• De-identifying or anonymizing data
• NOT encryption
• Data transformed based on business rules
• Irreversible
LAST_NAME SSN SALARY
AGUILAR 203-33-3234 40,000
BENSON 323 22 2943 60 000
LAST_NAME SSN SALARY
ANSKEKSL 203-23-1111 40,000
BKJHHEIEDK 323 34 1345 60 000
Production Non-Production/Partners
BENSON 323-22-2943 60,000 BKJHHEIEDK 323-34-1345 60,000
3
Why Data Masking?
Data Security Report 2008
• Almost 50% use actual production data within
non production environmentsnon-production environments
• More than a third of the data used in non-
production contains Personally Identifiableproduction contains Personally Identifiable
Information (PII)
• Less than 25% have a systematic process for• Less than 25% have a systematic process for
de-identifying production data before using for
internal and external non-production purposes
Data MaskingData Masking
Expert Panel
Data Masking Panel
• Rich Mogull
F d S iFounder, Securosis
• Hap Huynh
B i L d P S Ri k Vi IBusiness Leader, Payment System Risk, Visa Inc
• Alex Fowler
Director and Data Privacy Specialist, PricewaterhouseCoopers
• Jagan Athreya
Director of Product Management, Data Masking, Oracle
6
Q&AQ&A
Thank you!Thank you!