Oracle Security — Data Masking using Enterprise Manager
Database administrators often have to provide test data sets to developers, QA teams, or UAT teams.
This can be done manually creating test data sets, which can take a very long time especially when the goal is to stress test a new system and a large amount of data is required.
An alternative approach often taken by database adminstrators is to copy the production database. Too often, an exact copy of the production data is used for this purpose, which of course raises a number of database security risks.
To mitigate these risks, database administrators typically mask or obfuscate the production data set before sending it out.
This process involves writing a set of scripts that will apply a mask or function to each sensitive piece of data so that the true data is hidden. Writing these scripts is very time consuming because there are many factors to consider when masking the data, including the need to preserve the relationship between data in tables, in order for the new data to make sense.
Oracle Enterprise Manager can now help significantly reduce the amount of work necessary to do this task. By using the data masking capability in OEM, a database administrator can specify the mask or function that must be applied to each sensitive column of the database. Oracle data masking will then generate a set of pl/sql scripts that will perform the masking for you.
It will automatically handle the preservation of relationships between tables, as specified either by existing foreign key constraints in the database, or by relationships that the dba can specify in the Oracle masking tool. It also enables the dba to specify fields that must remain logically in sync after the masking operation, such as a city and state. The generated scripts will ensure that those relationships remain consistent in the masked data.
This Oracle masking feature makes it much easier for oracle database administrators to quickly provide data sets to development and testing teams while reducing the risks of exposing senstitive data.
An excellent article about this feature with additional usage detail can be found at the following link: at datamasking.html