Enhancing Data Privacy and Security with MySQL Enterprise Data Masking

Glimpse of MySQL Enterprise Data Masking

Abstract- Many organizational production environment unwittingly breach sensitive information which causes harm of reputation, brand name and million of dollar losses etc. hence database environments will require some form of sanitization in order to render the informational content anonymous.

In this paper, we outline research towards a business challenge-why mask your data and the business value- benefits of masked data.

We describe a definition of concept, performance measurements of sql query with/without masked data and limitation of data masking with current release of MySQL.

                                                                                                       I.     Introduction

The Enterprise data masking technique is mainly used to replace original data with realistic data. The format of data remains alike and only the values are changed. The value can be altered in a number of ways, including character shuffling, encryption and character or word substitution. In any kind of method is chosen, the values are changed in some way makes detection or reverse engineering impossible. Below employee table can be viewed as masked view with substitute.

MySQL has started support on Data Masking with only MySQL Enterprise Edition with starting version 5.7.24 and 8.0.13 onwards releases.

Where data masking is being used ?

¨      Banking and Finance Industry: - payment card fraud has spreaded into massive challenges for consumers ,financial

Institutions, regulators and laws enforcement.

¨      Health Care Organizations: - Share patient with medical researchers to assess the efficiency of clinical trails or medical treatments.

¨      Retailer Companies: - Share customer’s point of sale data with market researchers to analyze customer buying patterns etc.

Why Mask our Data?

1)     Masking and de-identification are core to regulatory compliance, Hence Data Masking can help app to satisfy privacy requirements- PCI-DSS(Payment Card Data) , HIPAA(Privacy of Health Data) , Data Protection Act –UK(Personal Data Protection) , FERPA(Student Data), Sarbanes Oxley , GLBA.

2)     Users can establish a data security org chart with clear roles and responsibilities for identified owners across Applications ,

Business units, IT security teams, QA managers etc.

3)     Sensitive Data Classification based on policies, Guidelines and Mandates as applicable to a given application/business.

4)     Prospect can freely share the database with consultant, health check, research team or any third party.

5)     Data Masking represents a paradigm shift over homegrown data security techniques.

Benefits of Data Masking?

1)     Comply with data security and regulatory compliance standards for storing sensitive data, such as PCI-DSS ,HIPAA etc.

2)     Reduce potential data breaches by reducing the risk of disclosing sensitive data from production databases.

3)     Create fictitious data that remains data field properties and is fully functional across systems.

4)     Data Masking can be more flexible based on user permissions.

5)     Data Masking may balancing the need to secure with the need to use for any organization.

6)     Data Masking acts as a deterrent to insider threads from privileged or non-privileged users.

                                                                                                       II.     Data Masking Techniques

The process of data masking is designed to de-identify data, such that data remains based on real information but no longer has any practical usage or application. In other words it is now data rather than information. Let’s walk through different data masking                   

Techniques available in MySQL current releases.

                                                                                                       III.     III.STUDIES AND FINDINGS

With current release of MySQL we have tested select operations with/without various data masking functions for 1.5 million production DB. In this test we will masked one column from table and try to fetch all records to observe the performance of tables with masking and without masking. Please find below results of test cases, be remember this testing had been done on my laptop.

Below few diagrams captured the reading from MySQL Enterprise Monitor(GUI based tool offered as part of 

MySQL Enterprise Edition , more info available at:- https://www.mysql.com/products/enterprise/monitor.html)

CPU Utilization:-

 

Network Database-Throughput:-

 

Disk Operations

 

                                                                             RESULTS  

                                                                                                        IV.    IV. IV.CONCLUSION

In This paper, we discussed about one more layer of security, preventing data breaches, protecting investment with data masking techniques. This paper also explores the need for data masking. Masking’s combination of discovery, data set management ,protection and control over data migration is unique. No other data security products provides all these benefits simultaneously.

MySQL Enterprise masking accelerates protection of sensitive data from unauthorized access and easy to use.

  Data Masking will enable to accomplish the following:-

•   Data Masking fullfill the demands the need for a consistent and holistic approch across organizations today.

• Data Masking improves client confidence from unwanted data theft.

•  Data Masking helps org to fullfill all regulatory requirements-PCI DSS ,HIPAA ,FERPA,GLBA.

• Data Masking operates in-memory with minimal performance impact for MySQL DB.

•  Data Masking provides realistic data for testing, development , trainings ,reasearch etc.

• Data Masking provides a heightened sense of security to clients , employee and supplier.

• Data Masking helping to protect organisations from very real threads of insider data leakeges or from outsider data leakeges or threft.

• Application owner can have more security chocices over which data to have masked value orelse which data have encrypted value

• Data masking methods are Builtin and easy to use.

                                                                                                      V.     References

[1]     https://www.mysql.com/products/enterprise/masking.html

[2]     ."A Study on Dynamic Data Masking with itsTrends and Implications", Ravi Kumar G.K, Dr B Justus Rabi, Manjunath TN, International Journal of Computer Applications (0975 – 8887)Volume 38– No.6, January 2012

[3]     Data Masking: What You Need to Know What You Really Need ToKnow Before You Begin A Net 2000 Ltd. White Paper.

[4]     https://en.wikipedia.org/wiki/Data_masking

[5]     Design of Data Masking Architecture and Analysis of Data Masking Techniques for TestingRavikumar G K.

[6]     "A Study on Dynamic Data Masking with itsTrends and Implications", Ravi Kumar G.K, Dr B Justus Rabi, Manjunath TN, International Journal of Computer Applications (0975 – 8887)Volume 38– No.6, January 2012

[7]     "Research on Cloud Data Storage Technology and Its Architecture Implementation", Procedia Engineering 29 (2012) 133 – 137 Author name / Procedia Engi , 2012 International Workshop on Information and Electronics Engineering (IWIEE).

[8]     “Understanding and selecting data masking solutions: Creating secure and useful data.” August 10, 2012.

[9]     “Data Masking Best Practices “ An Oracle whitepaper 2013.

Disclaimer:-

              The Contents of this document are for general information purposes only. The views expressed on these pages  are mine alone     and not those of Oracle Corporation.