Addressing a Critical Data Protection Gap with Dynamic Data Redaction

Our Sensitive Data Continues to be Under Attack

Recent well-publicized data breaches at leading companies have compromised the personal data of billions of customers. These events have severely damaged customer trust, brand value, and financial condition across blue chip companies. Even though these companies are extremely well-run, they are facing new risks and dangers not previously experienced. Dynamic data redaction is an essential capability to protecting sensitive data.

What is Dynamic Data Redaction

Dynamic data redaction is a form of data masking. Redaction obscures or blocks out data that is personally identifiable or sensitive or confidential. And it does this as it’s being retrieved from a database; it leaves the data in the database unchanged for authorized access, but for people accessing sensitive data who are not authorized to see it redaction blacks it out. It’s dynamic because the redaction occurs as the data request occurs, and it returns the requested data, but the sensitive data is replaced by exes or zeros or some other obscuring character.

So, data redaction is transparent to the application users because it preserves the original data type and formatting and the query results. It can be applied to databases such as data warehouses or some other application database, like an ERP system or human resources system for example.

An Important Use Case – Personal Health Care Records

Let’s focus on a healthcare use case. There have been so many publicized data breaches in the healthcare industry as patient data is often widely distributed among hospitals and physicians, diagnostic testing services, insurance companies and others. So, the risk of misuse or breach is much greater. In the U.S. HIPAA is a key regulation governing the use and protection of protected health information or PHI. Physicians, for example, need to see detailed patient records for a patient and so have full access to the patient database. But someone in the hospital accounting department should only see billing information. So, they can retrieve a patient’s billing, but all detailed medical records or test results would be masked or redacted. However, there is a critical gap in data protection solutions today that does not prevent access to sensitive data.

Plugging the Inference Gap

First, many database platforms, like Oracle and Microsoft’s SQL Server, offer their own native masking or redaction solutions. There are gaps in these offerings, however. First, most companies find value in having an independent, comprehensive and consistent solution for masking and redaction that goes across all their platforms. Many of these solutions such as Oracle’s do not address the inference gap that Teleran’s solution fills. Oracle’s documentation states that their data redaction is recommended for use with encoded applications, but not for use with ad hoc query tools: “Oracle Data Redaction is not intended to protect against users who run ad hoc SQL queries that attempt to determine the actual values by inference.”  With any ad hoc data access tool like SAP BusinessObjects or a visualization tool like Tableau or Oracle SQL Developer or even Excel over an ODBC connection to the database, a user can zero in on sensitive data that has been redacted from the returned results but is not restricted as a search criterion.

So, an ad hoc user can progressively narrow down their search until the actual sensitive data is revealed. This is called the inferencing problem. And it’s a big problem in data protection today. For example, if I queried a human resources database for CEO Bill Smith’s salary, I would write a query, select Bill Smith, salary. Oracle redaction will mask the return value for that particular salary for that particular individual. But what if I ask for people with salaries between $100,000 and a million dollars and then, based on the results of that query, further and successively narrow down additional queries to eventually find that Bill Smith makes $650,300? So then, with the ability to launch any ad hoc queries I wish, I can infer sensitive data the Oracle redaction utility does not prevent.

The Teleran dynamic data redaction can prohibit the redacted column from being used as search criteria just like I described. And that’s key. In this way Teleran’s solution easily plugs the inferencing loophole that Oracle and other database-type utilities leave wide open in the ad hoc environments like data warehouses and analytical applications.

To learn more about Teleran’s Dynamic Data Redaction click here

More On Filling Data Protection Gaps

In my next blog, I will talk about other critical gaps that the Teleran Data Protection software system addresses in addition to the data redaction capabilities we just described.


 

Recent Posts