Delphix offers a mask for your data

Acquisition protects customer info from dev teams


Data virtualisation outfit Delphix is looking to the acquisition of Axis Technology Software to let enterprise developers work with real data, while protecting the personal information that data represents.

Announcing the acquisition, the data-as-a-service (DaaS) outfit notes that the “data masking” technology it'll get from Axis will help internal and external development and test teams work in compliance with PCI and HIPAA regimes.

The aim is internal privacy and security rather than external, with the company's Ansh Patnaik telling The Register that the need to maintain customer privacy is a little-understood bottleneck to software development.

To develop and test applications, Patnaik explained, devs need data – but might not be allowed access to “real” customer data (this is particularly so if the developer is a contractor).

The usual workarounds are to populate fields with artificial data, or to apply masking to real data, and both of these suffer problems.

“Artificial” data might not capture all the characteristics of real data, which creates the risk that an application might fail when confronted with outlier cases, when presented with real customers.

On the other hand, masking data on an ad-hoc basis is problematic. If, for example, personal identifiers are masked by changing letters in names, the same practises have to be applied consistently across different projects.

Patnaik explained that without that consistency, developers and testers can't guarantee the referential integrity needed to keep projects on track.

“Referential integrity means that this masked individual is always the same masked individual, in all versions, all applications, and at all points in time,” he said,

As part of its DaaS suite, he said, the Axis Technology Software will let customers create one masked version when systems receive data, and always be able to distribute and deliver that masked data consistently – without having to create copies out of the production database.

Delphix's announcement is here. ®


Other stories you might like

  • California state's gun control websites expose personal data
    And some of it may have been leaked on social media

    A California state website exposed the personal details of anyone who applied for concealed-carry weapons (CCW) permits between 2011 and 2021.

    According to the California Department of Justice, the blunder happened earlier this week when the US state's Firearms Dashboard Portal was overhauled.

    In addition to that portal, data was exposed on several other online dashboards provided the state, including: Assault Weapon Registry, Handguns Certified for Sale, Dealer Record of Sale, Firearm Safety Certificate, and Gun Violence Restraining Order dashboards. 

    Continue reading
  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • Firefox kills another tracking cookie workaround
    URL query parameters won't work in version 102 of Mozilla's browser

    Firefox has been fighting the war on browser cookies for years, but its latest privacy feature goes well beyond mere cookie tracking to stop URL query parameters.

    HTML query parameters are the jumbled characters that appear after question marks in web addresses, like website.com/homepage?fs34sa3aso12knm. Sites such as Facebook and HubSpot use them to track users when links are clicked, and other websites like YouTube use them to enable certain site features too.

    On June 28, Firefox 102 released a feature that enables the browser to "mitigate query parameter tracking when navigating sites in ETP strict mode." ETP, or enhanced tracking protection, encompasses a variety of Firefox components that block social media trackers, cross-site tracking cookies, fingerprinting and cryptominers "without breaking site functionality," says Mozilla's ETP support page.

    Continue reading
  • India extends deadline for compliance with infosec logging rules by 90 days
    Helpfully announced extension on deadline day

    Updated India's Ministry of Electronics and Information Technology (MeitY) and the local Computer Emergency Response Team (CERT-In) have extended the deadline for compliance with the Cyber Security Directions introduced on April 28, which were due to take effect yesterday.

    The Directions require verbose logging of users' activities on VPNs and clouds, reporting of infosec incidents within six hours of detection - even for trivial things like unusual port scanning - exclusive use of Indian network time protocol servers, and many other burdensome requirements. The Directions were purported to improve the security of local organisations, and to give CERT-In information it could use to assess threats to India. Yet the Directions allowed incident reports to be sent by fax – good ol' fax – to CERT-In, which offered no evidence it operates or would build infrastructure capable of ingesting or analyzing the millions of incident reports it would be sent by compliant organizations.

    The Directions were roundly criticized by tech lobby groups that pointed out requirements such as compelling clouds to store logs of customers' activities was futile, since clouds don't log what goes on inside resources rented by their customers. VPN providers quit India and moved their servers offshore, citing the impossibility of storing user logs when their entire business model rests on not logging user activities. VPN operators going offshore means India's government is therefore less able to influence such outfits.

    Continue reading

Biting the hand that feeds IT © 1998–2022