RE: data exchange between oracle and sqlserver
Date: Fri, 3 Feb 2012 11:12:13 -0330
Hello Richard and Joan,
Thank you for providing us with more information on the requirements. There is also an un-masking capability that can help this process.
The use of data masking can help in different ways as you described: 1. Securing data at rest (non-production environments) 2. Securing data on the fly (cacheless masking)
First one works by creating a copy of the production data to be masked (you can also subset the production data so that you don't have to create a complete copy to save on space and processing horse power) and place this copy in the production secured environment. Then masking is applied with the appropriate transformation techniques and finally gets pushed to development/testing (non-prod).
The second option doesn't require a temporary table. It simply uses the ETL technology. Extract data from production, Transform on the fly, then finally Load to non-prod.
If there's a need to de-mask, this is possible through what we refer to as the Translation Matrix. There's an option to enable this capability so that your masked values can be de-masked by creating a mapping of the transformation. Important to mention to keep this map on the same secure environment as the production data.
Encryption can also act as a parallel security option when used with masking in this scenario. De-encryption will have to be made available at the target so that information on the move is secured, but readable at the final destination.
Either way, privacy protection technology is only as good as the processes built around the sharing of the data. If the sensitive data resides in laptops and other work stations and breach or theft occurs, the only thing that'll save the day is masking. Technically, in this case, no sensitive information is exposed, hence no requirement of breach notification.
I hope this helps!
From: Goulet, Richard [mailto:Richard.Goulet_at_parexel.com] Sent: Thursday, February 02, 2012 12:22 PM To: Eren Bayazitoglu; joan.hsieh_at_tufts.edu; oracle_l Subject: RE: data exchange between oracle and sqlserver
From my reading of this it appears that the PII is needed by the third parties for their business purposes. That being the case an encryption/masking option doesn't work very well when pulling the data unless you can undo it on the other side. At the same time I agree with the developer that it should not be laying around on a server or laptop where it is vulnerable to unauthorized exploitation. And I assume that those files have to be somewhere where the outside third party can access them. That gives you basically three options; 1) encrypt the files immediately after creation using a key that you can share with the third party, 2) placing the files on a secured share and then transfer them via https again using a cypher key, 3) creating the files then allowing the third party to sftp the files to their site using a cypher key. We've used approach 2 and 3 over here depending on the third parties choices and they work very well. Course you should probably have some Uni x based system experts who can lock down the server in the DMZ as we have.
Senior Oracle DBA/Na Team Leader
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Eren Bayazitoglu Sent: Wednesday, February 01, 2012 3:32 PM To: Joan.Hsieh_at_tufts.edu; oracle_l
Subject: RE: data exchange between oracle and sqlserver
We've come across with these type of sensitive information projects and have helped many clients through our data masking technologies.
The way it works is that, the data is scanned to automatically discover and categorize as sensitive (as per PCI, HIPAA, etc.) and mask (aka anonymize, de-identify, etc.) so it's no longer sensitive, but realistic enough to run accurate testing and QA.
Referential integrity is preserved throughout this process and it can be configured so that each individual data is always masked to the same masked data, over time and across multiple data bases, including Oracle and SQL.
Please feel free to download the Best Practices White Paper on http://www.datamasking.com/resource-library/white-papers or let me know if you have any questions.
Data Security Consultant
Camouflage Software Inc.
T: 709.722.1200 x214 F: 709.576.6775
Toll Free: 1.866.345.8888
66 Kenmount Road . St. John's . NL . Canada . A1B 3V7
Notice - This message and any attached files may contain information that is confidential and/or subject of legal privilege intended only for use by the intended recipient. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, be advised that you have received this message in error and that any dissemination, copying or use of this message or attachment is strictly forbidden, as is the disclosure of the information therein. If you have received this communication in error, please notify the sender immediately and delete this communication from your mail box.
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Hsieh, Joan Sent: Wednesday, February 01, 2012 3:05 PM To: oracle_l
Subject: data exchange between oracle and sqlserver
The following is the question from our developer who is looking for a solution for the new system and business requirement. He proposed ODBC gateway, ETL tools. I would greatly appreciated if you can provide any other ideas.
We are looking into integrating PeopleSoft Campus Solutions (aka PSCS and new SIS) with various third parties. Some of these will be done using XML messages over HTTP. Unfortunately we still have vendors who rely on files or table load mechanisms only.
One of the critical integrations is between Financial Aid's PowerFAIDS (SQL Server db) and PSCS. This software works only through inserting data into an interface table or through file loads (which then load the same interface table). All outbound interfaces are through queries which generate file exports. We are trying to avoid the file exports.
We are trying to eliminate file base integration as it is insecure and requires the use of shared drives. These files will contain legally protected Personal Identifiable Information which should not be lying around on servers or people's computers.
Business requirements require the exchange of information twice per business day for some interfaces, or once per day for others (which is why I think the ETL method would work adequately).
http://www.freelists.org/webpage/oracle-l Received on Fri Feb 03 2012 - 08:42:13 CST