Data Masking Task Sequence in Oracle 11g
You can clone the production database to a staging area, mask it, then export/
import it to
another database before delivering it to in-house testers or external
customers. This is
the most secure approach.
You can clone the production database to a mask staging area, then make
the
staging area the new test
region. In this case, you should not grant testers SYSDBA
access or access to the
database files. Doing so would compromise security. The
masked database contains the
original data in unused blocks and in the free list.
You can only purge this information by exporting/importing the data to
another database.
The following steps guide you through the data masking process.
Ø
Review the application
database and identify the sources of sensitive information.
Ø
Define mask formats for the
sensitive data. The mask formats may be simple or
complex depending on the information
security needs of the organization.
Ø
Create a masking definition
to associate table columns to these mask formats. Data masking determines the
database foreign key relationships and adds foreign key columns to the mask.
Ø
Optionally declare dependent
columns not defined in the database but enforced
by the applications. Masking assumes
it should perform the masking to honor
these additional constraints.
This requires knowledge of the
application schema. Consult the application
documentation to identify the
relationship between the tables and the columns
containing sensitive data to ensure
complete coverage of your application data.
Ø
Save the masking definition
and generate the masking script.
Ø
Clone the production database
to a staging area, selecting the masking definition
to be used after cloning. Note that
you can perform cloning using Enterprise
Manager, which enables you to add
masking to the Enterprise Manager clone
workflow. However, if you performing
cloning outside of Enterprise Manager, you must initiate masking from
Enterprise Manager after cloning is complete. The
cloned database should be controlled
with the same privileges as the production
system since it still contains
sensitive production data.
After cloning, be sure to change the
passwords as well as update or disable any
database links, streams, or
references to external data sources. Back up the cloned
database or, at a minimum, the
tables that contain masked data. This will help you
restore the original data if the
masking definition needs to be refined further.
Ø
Verify if the masked data
meets the information security requirements. Otherwise, refine the masking
definition, restore the altered tables, and reapply the masking definition
until the optimal set of masking definitions has been identified.
Ø
After masking, test all of
your applications, reports, and business processes to
ensure they are functional. If
everything is working, you can export the masking
definition to keep it as a backup.
Ø
After masking the staging
site, make sure to drop any tables named MGMT_DM_
TT before cloning to a test region.
These temporary tables contain a mapping
between the original sensitive
column value and the mask values and are therefore
sensitive in nature.
During masking, Enterprise Manager
automatically drops these temporary tables
for you with the default "Drop
temporary tables created during masking" option.
However, you can preserve these
temporary tables by unselecting this option. In
this case, you are responsible for
deleting the temporary tables before cloning to
the test region.
Ø
After masking is complete,
ensure that all tables loaded for use by the substitute
column format or table column format
will be dropped. These tables contain the
mask values that table column or
substitute formats will use. It is recommended
that you purge this information for
security reasons.
Ø
Clone the database to a test
region or use it as the new test region. When cloning
the database to an external or
unsecured site, you should use Export or Import,
and only supply the data in the
database rather than the database files themselves.
Ø
Provide the masking
definition to the application database administrator to use in
masking the database as part of
cloning production for testing.