For all the talk we hear of IT security, there seems to be a negligible amount of comment on internal application security at the developer level. The "consumer-focused" drive of the security industry may have flooded the technology newswires to such as degree that we all hear about is anti-viral malware detection and intrusion detection at the most peripheral level.
It's refreshing then to hear that work at the coalface of dynamic data masking technologies still continues apace.
This week's news sees Californian data security company Imperva sign a new partnership deal with data masking specialist ActiveBase to sell a new jointly developed solution.
The concept here is that ActiveBase's tools will dynamically mask sensitive data presented within application screens and development tools across production environments, but with no perceptible changes being visible to the applications or databases themselves. This function will then combine with Imperva’s database activity monitoring software to proactively prevent data leakage and comply with the ever-growing list of privacy regulations, also transparently.
In a recent report, Gartner analyst Joseph Feiman observed that, "Combining elements of static data masking, IAM (Internet Access Monitoring) and DAM (Database Activity Monitoring) enable the creation of a new capability -- Dynamic Data Masking -- that aims at real-time data masking, typically in production databases (for example, hiding payment card data from customer service personnel working in call centers)."
So if you're more interested in dynamic data masking that whether your PC is safe enough to expose to Facebook, then this subject could make for interesting inspection.
Think about it -- you want to protect personal information from IT personnel and outsourced support teams when they access production environments don't you? You want to mask personal information in replications, data warehouse and training environments from end-users and IT personnel who do not need to see the personal information to perform their job right?
Don't quote me on this, but this is probably precisely the type of technology used by the fine men and women in the government security services both in the U.S. and elsewhere. But as I said, please don't quote me on that!