Delphix Products

 View Only
  • 1.  Masking and industry frameworks like HIPAA and GDPR

    Posted 06-22-2020 10:23:00 AM
    Hi Michael, Thank for the nice note. I am KV Subrahmanyam (KVS) based out of Mumbai and we are working on a short assignment to evaluate/validate Delphix (as a masking tool) for our customers - we are looking at industry frameworks like HIPAA and GDPR. We had a call with your product support team thanks to David and HIMS Pawar. 

    Particularly, appreciate if someone can discuss more about the following
    1. System generated Profiler Set for GDPR
    2. How does one handle Geo/location parameters like Latitude and Longitude
    3. Your advice on masking a Primary Key
    4. Role of Profiler on a masking job

    Your inputs will be helpful; Thanks once again

    KV Subrahmanyam
    Delphix Community Members

  • 2.  RE: Masking and industry frameworks like HIPAA and GDPR

    Posted 06-23-2020 03:30:00 AM

    Some feedback to your questions:
    1) I can't see a difference in detection of sensitive fields between GDPR and for example the profiler set "Financial". 
    Our profiling is designed to allow the user to extend the amount of detections or build its own profiler set.
    2) This really depends on the requirements - it possibly requires a custom algorithm. An option could be to apply a
    random range algorithm that modifies only the last digit of the number. I would consider this a custom requirement.
    3) Whenever you mask a PK or FK you must follow the sequence:
    3a) check if you REALLY need to mask the PK > this is only the case of the PK value itself contains sensitive information like name, dob,..
    3b) drop PK/FK using prescript 
    3c) Identify a usable logical key (LK) and configure it in ruleset - on Oracle for example ROWID
    3d) Apply the same deterministic algorithm on every PK/FK > for example a segmented mapping

    3e) Recreate PK/FK using postscript

    4) Th profiler has no "role" during masking at all. The profiling is an independent job that detects sensitive information and applies as result a Domain to that column.  Derived from the Domain comes an assignment of the Domain specific default algorithm. This assignment does not change automatically - only by potentially another profile job execution or a user intervention. This behaviour is controlled by the identification method "ID Method" in inventory.  Auto means profiler can overwrite it on every execution and User means the configured value overrules any profiler result.

    Hope that helps ...

    Tino Pironti
    Technical Services