Data virtualisation outfit Delphix is looking to the acquisition of Axis Technology Software to let enterprise developers work with real data, while protecting the personal information that data represents.
Announcing the acquisition, the data-as-a-service (DaaS) outfit notes that the “data masking” technology it'll get from Axis will help internal and external development and test teams work in compliance with PCI and HIPAA regimes.
The aim is internal privacy and security rather than external, with the company's Ansh Patnaik telling The Register that the need to maintain customer privacy is a little-understood bottleneck to software development.
To develop and test applications, Patnaik explained, devs need data – but might not be allowed access to “real” customer data (this is particularly so if the developer is a contractor).
The usual workarounds are to populate fields with artificial data, or to apply masking to real data, and both of these suffer problems.
“Artificial” data might not capture all the characteristics of real data, which creates the risk that an application might fail when confronted with outlier cases, when presented with real customers.
On the other hand, masking data on an ad-hoc basis is problematic. If, for example, personal identifiers are masked by changing letters in names, the same practises have to be applied consistently across different projects.
Patnaik explained that without that consistency, developers and testers can't guarantee the referential integrity needed to keep projects on track.
“Referential integrity means that this masked individual is always the same masked individual, in all versions, all applications, and at all points in time,” he said,
As part of its DaaS suite, he said, the Axis Technology Software will let customers create one masked version when systems receive data, and always be able to distribute and deliver that masked data consistently – without having to create copies out of the production database.
Delphix's announcement is here. ®
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Identity Theft
- Palo Alto Networks