O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

DevTalks.ro 2019 MySQL Data Masking Talk

a 2019 version of the slides.

  • Entre para ver os comentários

DevTalks.ro 2019 MySQL Data Masking Talk

  1. 1. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | MySQL Data Masking Georgi “Joro” Kodinov MySQL SrvGen Team Lead In MySQL Enterprise
  2. 2. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 2
  3. 3. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Agenda 3  What is Data Masking And Why Should I Care ?  MySQL Enterprise Masking  Questions ? Suggestions ?
  4. 4. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | What is Data Masking ? "Data masking is the process of hiding original data with random characters or data" Wikipedia 4
  5. 5. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Why Should I Care ? 5
  6. 6. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Because of This Guy ! 6
  7. 7. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 7
  8. 8. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 8
  9. 9. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Why Should I Care Again ? 9
  10. 10. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Regulatory Compliance • Regulations – PCI – DSS: Payment Card Data – HIPAA: Privacy of Health Data – Sarbanes Oxley, GLBA, The USA Patriot Act: Financial Data, NPI "personally identifiable financial information" – FERPA – Student Data – EU General Data Protection Directive: Protection of Personal Data (GDPR) – Data Protection Act (UK): Protection of Personal Data • Requirements – Continuous Monitoring (Users, Schema, Backups, etc.) – Data Protection (Encryption, Privilege Management, etc.) – Data Retention (Backups, User Activity, etc.) – Data Auditing (User activity, etc.) 10
  11. 11. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Cost of Data Breaches 11 Source: Ponemon Institute, 2018 $1.9M $2.8M $4.6M $6.3M $0 $1,000,000 $2,000,000 $3,000,000 $4,000,000 $5,000,000 $6,000,000 $7,000,000 Less than 10,000 10,000 to 25,000 25,001 to 50,000 Greater than 50,000 Records Small to Medium Breaches $199M $279M $325M $350M $0 $50,000,000 $100,000,000 $150,000,000 $200,000,000 $250,000,000 $300,000,000 $350,000,000 $400,000,000 20 Million 30 Million 40 Million 50 Million Records Mega Breaches
  12. 12. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Agenda 12  What is Data Masking And Why Should I Care ?  MySQL Enterprise Masking  Questions ? Suggestions ?
  13. 13. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | • Data Masking – String masking – Dictionary based replacement – Specific masking • SSN • Payment card : Strict/Relaxed • Random Data Generators – Random number within a range – Email – Payment card (Luhn check compliant) – SSN – Dictionary based generation 13 MySQL Enterprise Masking in a Nutshell
  14. 14. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 14 Keep the first symbol, “X” the others Keep the Last 4 Symbols, “*” the others Replace anything but the last 12 symbols with ‘-’ Replace the first five symbols with ‘?’
  15. 15. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 15 Mask a credit card number Same, but leave the issuer ID too Mask a Social Security Number
  16. 16. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 16
  17. 17. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 17
  18. 18. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Masking The Recap 18
  19. 19. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Masking and De-Identification • String data masking – Mask a substring within a string : ArthXXXXnt – Mask substrings at the beginning and at the end : • XXthurDeXX • SSN masking : XXXX-XX-1234 • Payment Card masking – Strict: XXXXXXXXXXXXXXX7395, Relaxed: 493812XXXXXXXXX7395 • Dictionary based masking – gen_blacklist(“007”, “00designations”, “Cover_identity”) => Universal Exports 19 Data Masking
  20. 20. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Masking and De-Identification • Random data within range – gen_range(10000, 20000) => 12503 • Email : kajsm.hamskdk@example.com • Payment card : 7389026626032990 – Configurable length : 12 to 19 digits • SSN : 915-63-3858 • US Phone number : 1-555-3456-332 20 Random Data Generation
  21. 21. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Masking and De-Identification • Load multiple dictionaries – Maps dictionary file => dictionary name – In memory data for faster retrieval • Generation based on dictionary data – gen_dictionary(“periodictable”) => Oxygen – If 007 on the blacklist then substitute otherwise provide random value • Blacklisted – 007 – thus randomly substituted from Jobs Dictionary – gen_blacklist(“007”, “Job_mask", “Jobs") => “Accountant” • Not blacklisted – Administrator – thus passes through – gen_blacklist(“Administrator”, “Job_mask", “Jobs") => “Administrator” 21 Dictionary based data generation, data blacklists
  22. 22. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 22 Enterprise Security Architecture  Workbench •Model •Data •Audit Data •User Management   Enterprise Monitor •Identifies Vulnerabilities •Security hardening policies •Monitoring & Alerting •User Monitoring •Password Monitoring •Schema Change Monitoring •Backup Monitoring Data Encryption •TDE •Encryption •PKI  Firewall  Enterprise Authentication •SSO - LDAP, AD, PAM  Network Encryption  Enterprise Audit •Powerful Rules Engine  Audit Vault  Strong Authentication  Access Controls  Assess  Prevent  Detect  Recover  Enterprise Backup •Encrypted  HA •Innodb Cluster Thread Pool •Attack minimization  Key Vault •Protect Keys  Enterprise Masking & De-Identification •Masking •Substitute/Subset •Random Formatted Data •Blacklisted Data
  23. 23. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Agenda 23  What is Data Masking And Why Should I Care ?  MySQL Enterprise Masking  Questions ? Suggestions ?

×