Overview of Oracle Data Masking
Data masking (also known as data scrambling and data anonymization) is the process of replacing sensitive information copied from production databases to test non-production databases with realistic, but scrubbed, data based on masking rules. Enterprises run the risk of breaching sensitive information when copying production data into non-production environments for the purposes of application development, testing, or data analysis. Oracle Data Masking helps reduce this risk by irreversibly replacing the original sensitive data with fictitious data so that production data can be shared safely with non-production users. Accessible through Oracle Enterprise Manager, Oracle Data Masking provides end-to-end secure automation for provisioning test databases from production in compliance with regulations.
Components of Data Masking
- Application Data Modeling
- Data Masking Transformation
- Data Subsetting Technique
- Application Templates
- Data Masking Format Library
Architecture
Oracle Data Masking and Subsetting architecture consists of a two-tier framework. The Cloud Control UI provides a graphical user interface for administrators to handle all management tasks. These client components can be installed locally or brought up with a Web browser. The Oracle Enterprise Manager framework consists of Oracle Management Server and a database repository.
The Management Server is the core of the Enterprise Manager framework. It provides administrative user accounts, processes management functions such as jobs and events, and manages the flow of information between the Cloud Control UI and the nodes with Enterprise Management Agents. The Oracle Enterprise Manager Agent communicates with the Oracle Management Server and performs tasks sent by Cloud Control UI and other client applications.
The Enterprise Management Agent is installed on each monitored host and is responsible for monitoring all of the targets running on those hosts, communicating that information to the Oracle Management Server, and managing and maintaining the hosts and its targets.
Methodology of Data Masking
Oracle Data Masking and Subsetting uses the following methodology to secure non-production databases and replace sensitive data with fictitious, but relevant data that meets compliance requirements.
- Creating an Application Data Model— Discover sensitive data and data relationships, and then create or assign an Application Data Model
- Selecting Masking Formats and Criteria— Create data masking definition and masking format types and templates based on the sensitive data that is discovered
- Previewing and Validating — Secure sensitive data by previewing the masking algorithm results and the subset reduction results
- Executing Masking Transformations— execute In-Database or In-Export masking and subsetting transformations and validate the data that is masked.
Workflow of Data Masking
- Create an Application Data Model — to begin using Oracle Data Masking and Subsetting, you must create an Application Data Model (ADM). ADMs capture application metadata, referential relationships, and discover sensitive data from the source database.
- Create a Data Masking Definition — After an ADM is created, the next step is to create a data masking definition. A masking definition includes information regarding the table columns and the masking format for each of these columns. The mask can be created by writing the masked data to the export file.
- Create a Data Subsetting Definition — Create a data subsetting definition to define the table rules and rule parameters. The subset can be created by writing the subset data to the export file.