UC Berkeley tightens personal data security with data-masking tool
To better safeguard the personal data of its students, the University of California at Berkeley (UC Berkeley) has adopted a specialized data-masking technique in its application development work that effectively can hide data in plain sight by mixing it up.
10 of the Worst Moments in Network Security History
Data such as students' first and last names can be switched around to camouflage the real names, and sensitive information such as student identification numbers also undergoes a gentle jumbling so what appears to the eye is not the true number. It's done with a tool called datamasker from dataguise. Steve McCabe, associate director of information in UC Berkeley's residential and student services program, says the advantage in using the dataguise tool is it significantly reduces security risks around personal, sensitive data.
"Student IDs paired with names becomes restricted data here," says McCabe, describing some of the data-privacy rules that the university must follow. But the challenge has been how to enforce restrictions in a software-development environment where constant work by several developers is ongoing to support UC Berkeley's home-grown Web-based applications for SQL Server, such as the housing and assignment system.
McCabe says the data-masking approach, in which the dataguise tool mixes up names, sensitive numbers and other data prior to developers seeing it (dataguise calls it "de-identification"), has worked out well because the data columns maintain the necessary structure but the content is effectively concealed to the naked eye.
"We do a lot of application development and handling large volumes of student information, and we wanted a way to restrict that data," McCabe says. "So we randomize the IDs, and first name, last name, date of birth, and so forth."
While one main copy of a production database is preserved, with the genuine student information, developers can freely work on copies that have undergone the dataguise data-masking treatment in what McCabe calls a "sanitized version" without concern of a potential data breach.
"It maintains the relationship and updates with scrambled data," McCabe says. Though the actual production database has to be protected through other means, the risks associated with data exposed to developers and testers in the course of their work has been vastly reduced since UC Berkeley started using the tool about half a year ago.
UC Berkeley, like many universities, has suffered consequential data breaches. In May of this year, UC Berkeley acknowledged a data breach in which it said hackers broke into its health-services databases, compromising health-related information on about 160,000 individuals.
Network World
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
datamasker
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
replica bags
I'am crazy about replica handbags . I think these replica bags are very attractive .