Data Privacy a Top Concern

Manager of Portfolio Strategy, IBM

It is not surprising to see a heightened awareness of data privacy concerns among high ranking executives. In today’s hyper-connected world, information protection is expanding beyond its technical silo into a strategic, enterprise-wide priority. It takes only a glance at news headlines to see why. In 2011, the corporate world experienced the second-highest data loss total since 2004. In a 2012 Norton Study, the cost of global cybercrime is $114US billion annually with more than one million victims per day. According to a 2012 report titled, “Finding a strategic voice: Insights from the 2012 IBM Chief Information Security Officer Assessment,” two thirds of senior executives are paying closer attention to enterprise data privacy.

Gartner MQ Data Masking-2012.pngInfoSphere Optim Data Privacy Solution, recently named a leader in the first ever Gartner Magic Quadrant for Data Masking Technology, provides a market-leading approach to data privacy challenges. InfoSphere Optim received the best ranking in the ability to execute and completeness of vision categories compared to competitors.

Establish a Holistic Data Privacy Strategy

InfoSphere Optim Data Privacy is designed to support a business-driven, holistic approach to data privacy. Using InfoSphere Optim Data Privacy, organizations establish a policy-driven, on-demand masking approach to proactively protect data privacy and support compliance, especially in the new era of computing where data is everywhere and growing in volume, variety and velocity. Intelligent data masking inside big data platforms makes analytics possible while also keeping private information out of sight. A focus on privacy will fundamentally change how big data platforms are adopted. InfoSphere Optim Data Privacy provides aggregated sensitive data to analytics platforms while protecting privacy.

The end goal – Protect privacy without impacting the business.

InfoSphere Optim Data Privacy provides a comprehensive set of data masking techniques that can support your data privacy compliance requirements:

  • Application-aware masking capabilities help ensure that masked data, like names and street addresses, resembles the look and feel of the original information.
  • Context-aware, prepackaged data masking routines make it easy to de-identify elements such as payment card numbers, Social Security numbers, street addresses and email addresses.
  • Persistent masking capabilities propagate masked replacement values consistently across applications, databases, operating systems and hardware platforms.

How does InfoSphere Optim Data Privacy work?

Step #1: Define Sensitive Data

Effective data privacy begins with an agreement that outlines the purpose, accountabilities and participants in the data privacy strategy. Not all data has to be protected in the same manner, some may be considered low risk. Keep in mind high-value data, such as design specs or corporate secrets, may not require protection under legal mandates, but organizations will most certainly want to protect it with stringent privacy controls.


Figure 1: Example of data masking

Step #2: Understand where sensitive data resides

Most of the world’s data is stored in commercial databases/data warehouses such as Oracle DB, Microsoft SQL Server, IBM DB2, IBM Informix, Sybase, MySQL, IBM Netezza and Teradata.

However, most organizations don’t have a complete understanding of their enterprise data stores. Many organizations rely too heavily on system and application experts for this information. In addition, organizations tend to neglect non-production environments. What sensitive data is copied and used for test, development, QA, training or for demonstration purposes?

Step #3: Mask sensitive data

Data masking is the process of systematically transforming sensitive data elements into realistic but fictionalized values. Masking enables receipts of the data to use “production-like” information while ensuring compliance with privacy protection rules.


Use Case

Business Benefits

Masking for databases

Protect data across both non-production environments (test, development, Q/A & training) and in production

  • Ensure only those with a valid purpose see sensitive data
  • Protect data from misuse by outsourced personal or third parties

Masking for warehouses

Protect data during the ETL process or while testing data integration code

  • Deliver security and ensure compliance in data warehouse environments

User-defined masking routines

Mask data in applications

  • Deliver data masking to production environments

Masking for reports

Protect sensitive data in reports without inhibiting business processes

  • Distribute reports across teams to facilitate information sharing without compromising security

Data privacy isn’t getting any simpler. Market leading InfoSphere Optim Data Privacy can help with automated, on demand data masking services across the enterprise.

Download Gartner Magic Quadrant for Data Masking Technology