Dynamic Data Masking for Production Applications & Databases
iMask is the only enterprise-class product on the market where IT and Compliance can determine who sees either “masked” or “unmasked” production data. iMask protects sensitive data with authorization rules for connections that are made directly to the database. It also provides protection at the application level through responsibilities. iMask maintains complete database functionality and users see only the data they need to see to do their jobs. It provides all of the safeguards that encryption can and more, but without the performance penalty, or the need to re-engineer or retrofit your applications.
So Simple, So Effective.
Unlike most data security products, iMask does not update any data, tables, or structures. It does not alter any code nor does it use encryption. Instead, iMask wraps a shield, or obfuscated mask, around sensitive data at the layer where security can be tightest, at the database table and column layer. Unlike encryption, iMask does not degrade performance. Applicable for all database types, iMask is particularly valuable when protecting production databases, since the data itself in a live production database must remain accurate and dynamic.
Like MENTIS’ iScramble (used for non-production databases), iMask allows a variety of customized levels of access to protected information, and on a case-by-case basis displays real information or masked information.
How does iMask work?
iMask protects both database-level, and application-level data, through dynamic data masking. At the database level, administrators can segment users into two different groups – those who see masked data and those who see unmasked data. At the application level, iMask assigns responsibilities to those users who are required to see masked data. Masked information looks similar to the original data in style, formatting and length. Thus, masking is transparent to the end user. End users can do their jobs without being exposed to data that they do not need to see. The iMask software engine makes reverse engineering or decoding of masked data impossible.
Add Access Control.
Use iMask with iProtect and provide access only to legitimate schemas. The iProtect Rule Wizard grants multiple and different levels of group access such as: whether the group can make a connection to the database directly, at what times the group can access the database, what programs the group can use, from which terminals the group can access the database, etc. The two products work together for complete authorization and access control.
iProtect ensures that only authentic users have access to your databases. iMask allows users to see only the data they need to do their job. You can rest assured that your production data and customers are protected.
Example: During user acceptance testing, certain users must be able to see live customer names in order to validate testing results. Other users may not. Based on a specific user’s permissions, iMask dynamically determines the appropriate information to display for that particular user - data that is live or masked. When the user acceptance testing period is closed, iProtect may deny access to that same user if he/she attempts to access the database from a non-approved program outside of working hours.
Security, Access, Performance.
Most organizations tend to protect production data by writing and maintaining encryption code directly within the application layer. These encryption programs are typically difficult and time-consuming to implement, roll out, and maintain. The introduction of encryption at the database level might also necessitate rewriting large amounts of application code to allow decryption at run-time. Depending upon the size of the database and extent of encryption used, a high performance penalty is often incurred. Even if correctly implemented, encryption programs carry great risk that an intruder could reverse engineer the existing encryption method or gain access to the decryption key.
iMask lets you avoid encryption’s dilemma and choose security, access, and performance. Unlike encryption, iMask…
- Does not update data, so there is no need for decryption;
- Needs no re-coding or retro-fitting of an application to allow for decryption;
- Implements in days, with an effortless roll out through MENTIS’s streamlined Graphical User Interface (GUI);
- Has zero performance impact on databases for users with permission to view original information
Snap! iMask is deployed.
Using MENTIS’ metadata builder and data classification engine, organizations can quickly determine which database areas contain sensitive information. Pre-built metadata is already included for Oracle E-Business Suite, PeopleSoft and Lawson. With iMask’s Rule Creator wizard, authorization rules can be developed rapidly. So, in a few hours, you can go from no protection on your production databases to preventive controls that are an industry best practice. MENTIS’ solutions are developed for the enterprise user– deployment to multiple databases is a snap.
All MENTIS products recognize the fact that each database has a unique purpose and need for access. For this reason, we provide the ability to iMask different tables and columns (and in different formats) across different database instances.
Efficient, Low-Cost Architecture. One Solution.
Add iScramble and iMonitor to complete the preventive and detective solution for production and non-production databases. Simple, easy-to-use interfaces allow collaboration between IT, Audit, Security, and Compliance groups within your organization. This streamlines compliance, audit costs and efforts.
iMask uses the existing database technology stack; no additional software licensing is required. iMask, iProtect, iScramble, and iMonitor reside on a single server and are maintained via a shared administrative console with a common interface. All products also share a common metadata, content authoring and data classification engine. The engine resides on a unified framework, using a single installation.
Support for Hybrid Systems
Most organizations have several database and application types that store and give access to sensitive information, creating hybrid systems. MENTIS’ development schedule includes an aggressive plan to help organizations protect their company across various database architectures. MENTIS supports Oracle database customers with PeopleSoft HR, PeopleSoft Financials and Lawson.