Enterprises run the risk of breaching delicate information when copying production data into non-production environments for the purposes of application development, testing, or data analysis. Oracle Data Masking helps lessen this risk by irreversibly substituting the new sensitive data with fictitious data so that production data can be shared safely with non-production users.Oracle notes three types of data masking:
- Compound masking
- Deterministic masking
- Key-based reversible masking
An Approach to Data Masking
Data masking is the process of substituting delicate information copied from production databases to test non-production databases with useful, but scrubbed, data based on masking rules. Data masking is ideal for practically any situation when private or regulated data requires to be shared with non-production users. These users may involve internal users such as application developers, or external business partners such as offshore testing companies, suppliers, and consumers. These non-production users need to access some of the real data but do not need to see every column of every table, especially when the data is protected by government regulations.
Data masking enables organizations to generate sensible and fully functional data with related characteristics as the original data to renew sensitive or private information. This contrasts with encryption or Virtual Private Database, which simply preserves data, and the original data can be recovered with the proper access or key. With data masking, the original delicate data cannot be retrieved or accessed.
The following types of users participate in the data masking process for a typical enterprise:
Application database administrator or application developer
This user is aware of the application and database objects. This user may add further custom database objects or extensions to packaged applications, such as the Oracle E-Business Suite.
Information security administrator
This user specifies information security policies, enforces excellent security practices, and also suggests the data to be stored and protected.