What Everyone Needs to Know about Dynamic Data Redaction and Protection
In this podcast a data protection expert explains dynamic data redaction and data protection. Why it is critical to protecting our data privacy and how it proactively prevents damaging data breaches.
Summary: Recent well-publicized data breaches at leading companies have compromised the personal data of billions of customers. These events have severely damaged customer trust, brand value, and financial condition across blue chip companies. Even though these companies are extremely well-run, they are facing new risks and dangers not previously experienced. Listen to this podcast to find out why dynamic data redaction and protection is essential to protecting sensitive data. You will learn what dynamic data redaction and protection is and how it really works. You will also learn about the key data redaction and protection use cases for deploying this critical technology to prevent future damaging data breaches.
Podcast Show Notes
What Everyone Needs to Know about Dynamic Data Redaction and Protection
Tim Gorman: Hello and welcome to the second of three podcasts on the topic of what everyone needs to know about data redaction and data masking. In this podcast you will learn about dynamic data redaction. What is it? What are the important use cases? And why is it a crucial part of an effective data protection strategy in companies today?
I’m Tim Gorman. I work for Delphix, a leading data masking and data virtualization software company. At Delphix I help organizations apply data-masking techniques to protect their sensitive data from data breaches, hacking, and misuse.
In our first podcast we discussed some of the recent data breaches at top companies that have compromised the personal data of billions of customers. These have severely damaged customer trust, brand value, and financial condition across blue chip companies. Even though these companies are extremely well-run, they are facing new risks and dangers not previously experienced.
So, in this podcast you’ll learn from an expert about the essentials of dynamic data redaction and how it works and all the important use cases and why it’s such a critical component in proactively preventing future incidents.
In our previous podcast we discussed encryption, dynamic data redaction or masking, and data masking at rest. And we discussed the proper use cases for each of these technologies in preventing data breaches. In short, encryption prevents external intruders from accessing any data at all. While redaction prevents external intruders and unauthorized internal users from accessing confidential data across the enterprise. Whereas data masking at rest prevents anybody, including administrators, from accessing or manipulating confidential data in the lower environments, which is also known as non-production.
So today I’m here with Chris Doolittle, VP of Marketing and the co-founder of Teleran, a data visibility and protection software company. Chris has over 30 years’ experience helping companies manage, analyze, and safeguard their information working for companies like GE, PepsiCo, Information Builders, and now, Teleran.
Chris, welcome to the podcast.
Chris Doolittle: Thanks, Tim. I’m excited to be here.
Dynamic Data Masking Defined
Tim Gorman: Great. Well let’s start with a basic question. What is dynamic data redaction?
Chris Doolittle: Dynamic data redaction is a form of data masking. Redaction obscures or blocks out data that is personally identifiable or sensitive or confidential. And it does this as it’s being retrieved from a database; it leaves the data in the database unchanged for authorized access, but for people accessing sensitive data who are not authorized to see it redaction blacks it out. It’s dynamic because the redaction occurs as the data request occurs, and it returns the requested data, but the sensitive data is replaced by exes or zeros or some other obscuring character.
So, data redaction is transparent to the application users because it preserves the original data type and formatting and the query results. It can be applied to databases such as data warehouses or some other application database, like an ERP system or human resources system for example.
Dynamic Data Redaction – Protecting Patient Records in Health Care
Tim Gorman: Thanks. Okay, let’s talk about a real-life use case then, for data redaction.
Chris Doolittle: Sure. Let’s focus on healthcare patient records. There have been so many publicized data breaches in the healthcare industry as patient data is often widely distributed among hospitals and physicians and diagnostic testing services, insurance companies. So, the risk of misuse or breach is much greater. In the U.S. HIPAA is a key regulation governing the use and protection of protected health information or PHI. Physicians, for example, need to see detailed patient records for a patient and so have full access to the patient database. But someone in the hospital accounting department should only see billing information. So, they can retrieve a patient’s billing, but all detailed medical records or test results would be redacted.
Dynamic Data Redaction – Native Database Utilities or Database-Independent Solution?
Tim Gorman: Okay. Well you mentioned that Teleran’s system works with a wide variety of databases. Most of the databases offer some sort of data masking or redaction services themselves. How does the Teleran system complement or compete with these offerings?
Chris Doolittle: Yes, Tim, you’re right. There are several databases, like Oracle and Microsoft’s SQL server, that offer their own native solutions. There are gaps in these offerings, however. First, many companies find value in having comprehensive and consistent solutions for masking and redaction that goes across many database platforms, because typically companies have many database platforms that they use, and one that can be used independently or outside of the database.
But here’s an example of a pretty big gap in the Oracle redaction offering that Teleran fills. Oracle’s documentation states that their data redaction is recommended for use with encoded applications but not for use with ad hoc query tools. With any ad hoc data access tool like Business Objects or a visualization tool like Tableau or SQL Developer or even Excel over ODBC a user can zero in on sensitive data that has been redacted from the returned results but is not restricted as a search criteria.
So, an ad hoc user can progressively narrow down their search until the actual sensitive data is revealed. And this is called the inferencing problem. And it’s a big problem in data protection today. For example, if I queried a human resources database for CEO Bill Smith’s salary, I would write a query, select Bill Smith, salary. Oracle redaction will mask the return value for that particular salary for that particular individual. But what if I ask for people with salaries between $100,000 and a million dollars and then, based on the results of that query, further and successively narrow down additional queries to eventually find that Bill Smith makes $650,300? So then, with the ability to launch any ad hoc queries I wish, I can infer sensitive data the Oracle redaction utility does not prevent.
The Teleran dynamic data redaction can prohibit the redacted column from being used as search criteria just like I described. And that’s really key. In this way Teleran’s solution easily plugs the inferencing loophole that Oracle and other database-type utilities leaves wide open in the ad hoc environments like data warehouses and analytical applications.
Dynamic Data Redaction and Real-time User Communication
Tim Gorman: Okay. So, when the hacker or whoever this person who’s trying to infer this data attempts to make such a search by including the masked column as search criteria would they receive some form of error message when they attempted to do this?
Chris Doolittle: Yes. The Teleran system will let them know that this kind of activity’s not permitted. So, the system enables customers to specify their own error messages to be automatically returned to the client application in the native database error message stream back to that particular user. So, in addition, Teleran can also send an email notification or an alert to a security team or compliance team when these kinds of attempts are detected.
Filling Critical Data Redaction Gaps
Tim Gorman: Wow! That’s big. Okay, so when they even try to make the attempt to infer the data somebody gets a message about that. Well, that’s important. I mean intent is as important as the action, isn’t it?
Chris Doolittle: Yeah, that’s exactly right, Tim. So, another gap or threat with ad hoc environments is that users can launch wildcard queries that essentially ask for all the data in a database table, including sensitive column data, without specifying any specific column. So typical dynamic redaction or masking is not going stop that. But here’s where Teleran’s data protection engine adds another layer of control; it can stop a wide range of inappropriate queries from even reaching the database.
So, if I asked for all the data in a table that also includes social security column information my query would be blocked and a message is immediately sent back to me, within my application, telling me I can’t run unspecified queries like that, or wildcard queries. I must specify in my information request or query specific data elements. In other words, the Teleran system won’t let me knowingly, or unknowingly, defeat the data protection controls.
Tim Gorman: Does the Teleran system complement other data protection and security controls?
Combining Dynamic Data Redaction with Other Data Protection Facilities
Chris Doolittle: Yes. A key point to bring up is that security in general, and data protection in particular, really requires a layered approach to be effective so Teleran’s solution complements encryption. For example, it protects data from outside attack, but encryption does little to prevent an authorized insider who has decrypted access to the data from misusing data in the database or sensitive data in the database. And this is where Teleran’s dynamic data reduction comes in.
It’s a fine-grained approach to protecting sensitive data from the insider threat and it also offers a wider set of capabilities, including 24 by 7 tracking and auditing, analytics for forensic analysis, identifying suspicious inappropriate behavior and audit reporting, as well as a sophisticated patented policy action engine that can prevent a wide range of inappropriate behavior in real time.
This engine solves the inferencing problem we just described, for example, or preventing someone from changing or manipulating the data in the database or even stopping someone from opening up a sensitive data table or column to others by preventing a grant-to-public sequel command.
I should mention that Teleran builds these kinds of strong controls around the use of sensitive data regardless of the application. So essentially it can drop in to any database application environment and immediately protect the data without having to spend integration time or resources building these controls into the application. So, the idea is to protect the sensitive data but at the same time enable authorized users productive and unencumbered but appropriate access to the data they need to run their business.
Automating Sensitive Data Discovery
Tim Gorman: What other capabilities does the Teleran system provide?
Chris Doolittle: There are some things that our customers indicated are important to them right up front. One is to help them discover what sensitive data is in their databases and how it is used. So, we know that in organizations today there are databases all over the organization supporting many different business functions and application. So sensitive data can be spread out throughout your enterprise and the organization. So, we developed an easy-to-use sensitive data discover tool that automatically interrogates databases and identifies those columns that are likely to have sensitive data in them. The system presents the sensitive data columns back to the client, who can then confirm their sensitivity.
Automatically Generating Sensitive Data Redaction and Data Protection Policies
Chris Doolittle: Now, another thing that customers said was critical to them is automation. So, we go one step further and automatically create specific redaction policies or query-blocking policies that can be immediately applied to protect their sensitive data. And this saves our customers a lot of time and gets the job done faster, and, quite frankly, more accurately than relying on a manual process. So, as you know, Tim, anything that can speed time to protection is critical today.
Integrating Comprehensive Audit and Analysis
Chris Doolittle: Another area that we also provide an integrated part of our solution is an unobtrusive method for tracking and analyzing all transactions without any overhead on the database. So, the Teleran system can identify up front who’s accessing what sensitive data, how are they doing it, are they truly authorized to do that? The analysis solution guides the application of additional data protection policies as query patterns change, as the data changes, and it also identifies suspicious or potentially-malicious activity over time that needs to be investigated or stopped.
So overall redaction is really important, but it is one of several critical functions that we’ve integrated into a comprehensive solution for protecting data in dynamic application and database environments.
Tim Gorman: Chris, that was terrific. Thanks so much for spending time today discussing dynamic data redaction and how it fits into the broader array of data protection functions, and the unique gaps that it fills. It sure sounds like Teleran’s dynamic data protection for production systems is a very strong complement with the static data masking that we do at Delphix. It just makes a lot of sense to be offering companies both solutions to protect all their data, at rest and on the fly.
Chris Doolittle: Yeah, I agree, Tim. Let’s talk more about that in our next podcast.
Tim Gorman: Deal. Thank you for joining us today.
We hope you enjoyed the podcast and learned more about the value and benefits of dynamic data redaction. Stay tuned for our next podcast, a deeper dive on data masking, tips and techniques that you don’t want to miss.
Thanks so much.
Chris is VP Marketing and a co-founder of Teleran. He has over 30 years’ experience in helping companies manage, analyze and secure their information.