Leverage Imperva Camouflage to Protect Large Volumes of Sensitive Information
Leading health insurer leverages Imperva Camouflage technology and professional services to protect large volumes of sensitive health information across multiple databases to create a self-managed, repeatable process.
A health insurer licensed Imperva Camouflage Software initially for an internal initiative that stemmed from their security and privacy group’s policy that no private health care information could be shared in any non-production data sources. This policy was broad in reach, and affected all of their applications, and the client decided the task at hand much too complex for them to manage internally, and leveraged Imperva Camouflage consulting services to work with them in implementing a masking solution.
The client’s entire collection of claim management applications are based on Trizetto Facets™ core administration platform. In itself, the Facets application consists of multiple modules and databases including various customizations. Aside from this core suite of applications with its large data storage footprint, the client also consisted of 35 additional distinct applications that integrated tightly with Facets. For proper development and testing, they required a solution to firstly subset the entire collection of databases for portability and secondly mask the personally identifiable information (PII) within the database collection in a uniform manner.
The initial endeavor would involve the creation of a subsetting strategy to reduce the collective size of the databases while maintaining relational integrity among databases and the pertinent applications.
It would also be imperative to acquire these subsets simultaneously to achieve an accurate ‘snapshot’ of the collective databases to achieve functional integrity across all applications. The size of the data at hand was challenging, with sizes including Facets Databases at 6.5 TB, Facets Modules at 3.2 TB, and Additional Applications at 2.8 TB. Other challenges included limited storage space and CPU performance, strict time constraints, and the need to accurately reduce Facets from 6.5 TB to 1 TB and 350 GB subsets.
Imperva Camouflage has the ability to produce a subset of any supported database while retaining relational integrity. The usefulness of the resulting subset is determined by the configured criteria defined for each database/application. The process of defining these criteria for them involved subject matter experts from all application owners to ensure the resulting subset would satisfy the needs of the respective owners. Another imperative requirement was that the entire process needed to be repeatable within minimal resources.
To meet this requirement our consulting services developed (alongside the client) a complete process and project plan to repeat the process with no additional configuration necessary aside from factoring in new changes to a given database. With adequate knowledge transfer this entire process including subsetting and masking, the client’s data masking team of two resources continue this process as scheduled with support from Imperva where necessary.
During various information gathering and approval stages of their project, Imperva introduced them with two document formats that could be universally interpreted by all teams involved. These documents are called Functional Masking Document (FMD) and Functional Subsetting Document (FSD). These allow the results to be distributed, analyzed, and amended without any foreknowledge of Imperva concepts and functionality. These documents were instrumental in their success due to a large number of application owners and respective teams involved, and the importance of a concise portrayal of integral procedures throughout the subsetting and masking process.
The client introduced an extremely large collective dataset of more than 13TB of data across multiple databases to be captured in a synchronized effort while reducing and masking that collective dataset. This endeavor involved utilizing core technologies from Imperva, and the development of complementing strategic methods of utilizing those technologies in the most efficient ways possible to meet the tight requirements and constraints of the client.
The entire process is now repeatable by the client through their stand-alone resources. Over the course of the project, they had also availed of our expertise in infrastructure configuration and tuning to better suit their existing environment for performance and administration. Based on the specific advice supplied, they have employed the upgrades or configuration as suggested by Imperva.