Advances in storage, networks, and hardware technology have resulted in an explosion of data and given rise to multiple sources of overlapping data. This, combined with general apathy towards privacy issues while designing systems and processes, leads to frequent breaches in personal identity and data security. What makes this worse is that many of these breaches are committed by the legitimate users of the data. Major countries like the U.S., Japan, Canada, Australia and EU have come up with strict data distribution laws which demand their organizations to implement proper data security measures that respect personal privacy and prohibit dissemination of raw data outside the country. Since companies are not able to provide real data, they often resort to completely random data. It is obvious that such a data would offer complete privacy, but would have very low utility. This has serious implications for an IT services company like Tata Consultancy Services Ltd. (TCS), since application development and testing environments rely on realistic test data to verify that the applications provide the functionality and reliability they were designed to deliver. It is always desirable that the test data is similar to, if not the same as, the production data. Hence, deploying proven tools that make de-identifying production data easy, meaningful and cost-effective is essential. Data masking methods came into existence to permit the legitimate use of data and avoid misuse. In this paper, we consider various such techniques to come up with a comprehensive solution for data privacy requirements. We present a detailed methodology and solutions for enterprise-wide masking. We also present the data masking product MASKETEER, developed at TCS, which implements these techniques for providing maximum privacy for data while maintaining good utility.
展开▼
