[Skip to Content]
Fresche Quadrant Software BCD Software SoftBase NetLert

Archive for the ‘Regulation Compliance’ Category

Watch the replay of Craig Mullins’ DB2 data security webinar

All Baseline Posts, Baseline Videos, Data Security, Regulation Compliance, Webinars

Craig gave another excellent presentation today on data security. If you missed it, you can watch the replay through GoToWebinar here: https://www1.gotomeeting.com/register/990275648

Alternatively, you can just watch the replay below. Enjoy!

 

You can also download Craig’s presentation slide deck at: https://s3.amazonaws.com/SoftBase/Data-Security-in-the-Age-of-Regulatory-Compliance.pdf

Toward the end of the presentation, Craig explained the test data masking features of TestBase, our powerful test data management tool. Learn more about TestBase’s here or contact us to learn more.

 

Thanks again for another great presentation Craig!


Webinar with Craig Mullins: Data Security in the Age of Regulatory Compliance

All Baseline Posts, Data Security, Regulation Compliance, Webinars

Webinar Title: Data Security in the Age of Regulatory Compliance
Presenter: Craig S. Mullins

As governmental regulations expand, organizations need to deploy better controls to ensure quality data and properly protected database systems. Sarbanes-Oxley, HIPAA, BASEL II, PCI DSS and more make the news, but what do they mean in terms of your data? And what steps can be taken to ensure compliance?

Anyone who has been paying attention lately knows at least something about the large number of data breaches in the news… and their impact on business. Data breaches and the threat of lost or stolen data will continue to plague organizations until comprehensive plans are enacted to combat them. Many of these breaches have been at the database level, and more will be unless better data protection policies and procedures are enacted on operational databases.

As a result of expanded regulations and the ever-present specter of data breaches, data security has grown in importance. And that places new burdens on DBAs and data management professionals. This presentation will offer an overview of this new landscape focusing particularly on techniques for improving data and database security.

Topics to be discussed include:

  • An Introduction to Industry and Governmental Regulations
  • The Pervasiveness of Data Breaches with Techniques for Avoidance and Remediation
  • Long-term Data Retention
  • Database Activity Monitoring and Auditing
  • Data Encryption
  • Data Masking
  • Metadata Management

To best prevent internal data theft, use multiple lines of defense

All Baseline Posts, Data Security, Regulation Compliance

Fogarty’s article on data theft does an excellent job of describing the root cause of Intellectual Property (IP) theft – human emotion. In environments where IT specialists are an integral part of creating and managing IP, the techniques Fogarty describes seem to be best defense. It’s not like you can prevent these employees from accessing IP. But when it comes to protecting sensitive customer data from internal theft, I would argue that organizations should use data masking as an additional line of defense.

A huge security hole exists when database applications are tested using real customer data. The test-data standard for most organizations is to copy data from their secure production database into the test environment, where the data can easily be copied to another computer or a flash drive. As Fogarty mentioned, most organizations use retroactive policies such as non-disclosure agreements, which do little to stop a determined thief.

Could you imagine the damage a disgruntled application developer could cause with all of your organization’s customer information? Credit card numbers, social security numbers, addresses, email addresses… We are talking about immediate class action lawsuits here! Organizations who leave this kind of security hole open are simply playing with fire. Internal data breaches account for over 70% of all data breaches. With data breaches in the US costing on average of $7.2M in business and legal costs, organizations need to keep their customer data under lock-and-key!

A growing trend for preventing internal data breaches is to mask sensitive test data. This simply involves obfuscating sensitive customer data, rendering it useless to a thief. Several third party applications exist for data masking, across all platforms. The most effective masking solutions copy data from production, mask the sensitive data, and then dump the masked data into test. And that’s exactly what TestBase does. Beware of solutions which mask data only after being copied to the test environment – these leave a wide window of opportunity open for a thief.


SoftBase’s TestBase Data Masking capabilities featured in Government Security News Magazine

All Baseline Posts, Data Security, Regulation Compliance

Steve just spoke with Government Security News Editor-in-Chief Jacob Goodwin about the data masking capabilities of TestBase. Within two hours Jacob had posted the article discussing the importance of data masking in the mainframe environment and how TestBase can plug internal data security holes. Check out the article here.

Below is a representation of one of the several ways that TestBase masks data copied from production to test. The method depicted below utilizes a translation table for predefined data value substitution.