Reduce the risk of non-compliance and sensitive data theft

  • Imperva Camouflage Data Masking allows your developers, QA, and outsourcing vendors to use data freely and safely without exposing sensitive data.

    Masking, de-identifying or obfuscating sensitive data is an essential component of a comprehensive data security plan. Imperva Camouflage Data Masking reduces the risk of data breach by replacing sensitive data with realistic fictional data. The masked data maintains referential integrity and is statistically accurate enabling testing, analysis and business processes to operate normally. The primary use of masked data is in non-production systems, including test and development environments or data warehouses and analytical data stores. Another set of candidates for masked data is business enablers that require data to leave the country or company control, such as off-shore teams or outsourced systems. The Imperva Camouflage Data Masking solution will not only protect data from theft, it will help ensure compliance with regulations and international policies dictating data privacy and transport.

    • Discover and document sensitive data and data relationships across the enterprise
    • Reduce the volume of sensitive data in non-production systems
    • Facilitate data transport for out sourcing or compliance with international privacy regulations
    • Enable use of production data in development and testing without putting sensitive data at risk
    • Track changes and generate compliance reports at each data refresh
    • Prevent sensitive data loss from non-production systems

    Key Capabilities

    • Discover: Retrieve and analyze sensitive data

      The goal of the Discover phase is to identify data that needs to be masked in order to provide sufficient protection without compromising data utility. This stage involves documentation of requirements and education on the implications of masking necessary for the creation of configurations during the Policy stage of the Data Masking Best Practice. Automated discovery of sensitive data is a key factor in minimizing deployment times and long-term success.

    • Assess and Classify: Establish context for sensitive data

      The Assess and Classify phase is intended to establish criteria that will aid in determining how to mask the data. Including the codification of the contextual information determined during the Discover phase, the sensitivity of various data, its intended use(s), the transformation requirements and any inter-database dependencies.

    • Set Policy: Create data masking configurations

      The goal of the Policy phase is to create data masking configurations based upon customer-specific functional masking requirements defined in prior phases. Including plans and requirements for integrating data masking configurations into the overall data refresh process for non-production environments. This phase also provides an opportunity to develop data masking schedules and establish appropriate change management processes. Data masking software that is easy-to use, flexible and scalable is critical for accommodating varying and often complex requirements.

    • Deploy: Integrate data masking in the existing processes

      The Deploy phase is intended to transition data masking into the refresh process for non-production environments taking the overall business process(es) into account. This phase entails executing configurations constructed during the Policy phase. Report automation and pre- and post-run scripts options support a wide range of ancillary processes and requirements.

    • Manage and Report: Adapt to changing requirements and provide visibility

      The Manage and Report phase is where the “fit and value” of the solution will become clear. This phase includes change management, job maintenance, configuration updates and compliance reports about data relationships, masking techniques, and masked database structures.

  • Specification Description
    Supported Databases
    • Oracle®
    • SQL Server®
    • DB2® (LUW, z/OS, i)
    • Sybase/SAP ASE® (Sybase)
    • Teradata®
    • Netezza®
    • Amazon RDS
    • Aurora
    • Maria DB
    • MySQL®
    • PostgreSQL®
    • Hadoop HDFS (delimited files)
    • VSAM
    • IMS via export to VSAM (KSDS, ESDS) or QSAM data files
    Supported File Formats
    • VSAM
    • QSAM
    • Flat Files (COBOL copybook)
    • XML (including XML embedded in database fields)
    • HL7
    • Delimited files (e.g., CSV)
    • MS Excel
    • Free form text stored within relational databases
    • Image data (PNG, TIFF, JPG, GIF) – via replacement of image file
    • Any operating system on which Java can be installed on can be used to run Imperva Camouflage. This includes the various versions of Windows, Mac OS, Linux/UNIX variants, as well as mainframe.