Enterprise Data Masking Modernization Guide

Enterprise Data Masking is a tool designed to protect sensitive data by replacing it with realistic, but non-sensitive, substitutes. This allows organizations to create safe test environments using production data without exposing confidential information.

It is a tool set that provides functionalities for masking data. It is not a complete system or application, but rather a set of utilities designed to integrate with existing data management processes.

Organizations across various industries, especially those handling sensitive customer or financial data, use this. This includes banking, healthcare, insurance, and government sectors. Any organization needing to create realistic test environments from production data while adhering to data privacy regulations can benefit.

A company should consider using Enterprise Data Masking when it needs to create test data that accurately reflects production data, but without exposing sensitive information. This is particularly important when complying with data privacy regulations or when outsourcing testing activities.

Alternatives include Informatica Data Masking, IBM InfoSphere Optim Test Data Management, and Delphix. Enterprise Data Masking distinguishes itself through its focus on mainframe environments and its ability to handle complex data relationships within those systems.

Enterprise Data Masking typically runs on z/OS. It may require specific subsystems depending on the data sources being masked. It is often deployed on an LPAR to isolate the masking process from production systems.

The product requires access to the data sources that need to be masked. This may include databases (such as DB2, IMS), VSAM files, and sequential datasets. It also requires sufficient processing power and storage to handle the data transformation.

Common commands include defining masking rules, executing masking jobs, and generating reports. Configuration files specify the data sources, masking algorithms, and output formats.

The product may offer APIs for integration with other systems, such as test data management platforms or data governance tools. These APIs could be REST-based or use other protocols for communication.

The primary business value is the ability to create realistic and safe test data, which reduces the risk of exposing sensitive information during testing. This helps organizations comply with data privacy regulations and avoid potential data breaches.

Without Enterprise Data Masking, organizations risk exposing sensitive data in test environments, which can lead to compliance violations, reputational damage, and potential legal liabilities. It also limits the ability to safely outsource testing activities.

The licensing model is typically subscription-based, with costs depending on the size of the data being masked and the number of users. Additional costs may include implementation services, training, and ongoing support.

Authentication methods may include integration with z/OS security systems such as RACF, ACF2, or Top Secret. The access control model is typically role-based access control (RBAC), where users are assigned roles with specific permissions.

Encryption may be used to protect sensitive data during the masking process and while at rest. Audit logging captures all masking activities, providing a record of who masked what data and when.

The product controls access to mainframe datasets by integrating with z/OS security systems. Masking rules define which fields are masked and how, ensuring that sensitive data is protected.

Deployment typically involves installing the software on a z/OS LPAR and configuring it to access the necessary data sources. Implementation requires technical expertise in z/OS, data management, and security.

Ongoing operational requirements include monitoring the masking jobs, maintaining the masking rules, and ensuring that the software is up-to-date. Staffing requirements include data management professionals and security administrators.

Common implementation challenges include identifying all sensitive data, defining appropriate masking rules, and ensuring that the masked data is consistent and usable for testing purposes.