Simple Steps to Protecting Sensitive Data with Ease
Protecting sensitive data on your mainframe is more critical than ever. Out of this digital age have emerged programmers with incredible technical proficiency who are willing to abuse their power for malicious purposes. You also have stricter data protection regulations to comply with today, like the GDPR.
You need a good solution for protecting sensitive data and helping you reach compliance, but not all toolsets are equal. In “Protecting Sensitive Data with Ease,” one of the monthly webcasts in our “Did You Know?” series, Compuware Solution Consultant Greg Lackey and Account Consultant Bill Clayton covered challenges to protecting sensitive data and explained how Compuware Test Data Privacy helps you solve those through modern capabilities like dynamic privacy, coverage and consistency across platforms.
How Test Data Privacy Helps You Protect Data and Comply
Do you face these challenges to protecting sensitive data?
- It’s widespread and resides in many tables and files
- Sometimes hundreds or thousands of fields are impacted
- Disguise rules are positional and must be redefined when structure changes occur
- Creating and securing translation tables is troublesome
- Customization of canned obfuscation methods is often difficult
Continue reading to see how the capabilities of Test Data Privacy can help. Or, watch the webcast replay to see Greg demo the solution and explain key functions.
The Test Data Privacy Data Elements feature groups fields of the same category into one entity that is masked by one rule. For instance, a single data element would encompass all possible occurrences of any telephone number across the enterprise. When creating a new data element, there are several processing options you can define, such as what action to take if invalid values are encountered and how to handle nulls. The defaults were designed to handle many situations.
Source Data Identifiers
After creating a new data element, you need to define your source data identifier (SDI). Give it a descriptive name and then specify what metadata field name or pattern to look for to identify that data element. You can have multiple SDIs for data elements and they can include or exclude metadata fields. They can also be restricted to a particular database management system or specific table or a high-level qualifier or specific copybook. The available options will also allow users to do further normalization against the data.
Next, define a disguise rule that encrypts data. There are other out-of-the box disguise methods, including translation, composite and overloaded. In this example, we are selecting format preserving encryption.
Rule Action Selection
On the rule action selection screen, give the action a name, specify to encrypt or decrypt, select a predefined key from your data privacy administrator or enter a user-specified key if the option is allowed. Select the field from available elements and specify your mask. The mask is mutually exclusive so if you use Ns (don’t encrypt) for the first three bytes, it assumes Ys (yes encrypt) for the remaining characters.
Customizable Disguise Rules
Disguise rules can easily be customized for your organization. Under the rule logic tab there is the ability to utilize many supplied functions for manipulating strings, aging dates or replacing a field with a literal. There are several stock functions, including those that will calculate check digits, but you can also build and add custom functions to the tool. There are also edit assist and validation functions built in to make the process easier.
With Test Data Privacy’s coverage reporting, you can navigate to any database object or file layouts in our enterprise and see precisely what fields are identified by an SDI and what rules get applied as a result before you execute anything.
Execution from distributed and mainframe environments will dynamically call your new project. Within Compuware Topaz, after leaving the Test Data Privacy perspective, you can easily click on the Compuware File-AID EX perspective and see your saved extracts. This view shows a visualization of what tables are involved and the relationships between them. Select the data privacy tab to set up your disguise.
On the data privacy options screen, you merely select the Test Data Privacy repository your project is defined under, then right-click your related extract and select “execute.”
You’ll get a variety of reports showing execution statistics and what objects and fields dynamic privacy was applied to. You can optionally specify you want an audit report showing before and-after-images of the data clearly showing what bytes were altered and how.
And that’s how simple protecting sensitive data can be if you’re using Test Data Privacy. For more information on starting a data privacy project, read this blog post. To see a demo of Test Data Privacy, watch the webcast replay of “Protecting Sensitive Data with Ease.”
Greg Lackey and Bill Clayton
Latest posts by Greg Lackey and Bill Clayton (see all)
- Simple Steps to Protecting Sensitive Data with Ease - August 1, 2017