Data Masking Presentation

Data Masking for Oracle Fusion Cloud
Services
Copyright 2015, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential Internal/Restricted/Highly Restricted
Safe Harbor Statement

The following is intended to outline our general product direction. It is intended for
information purposes only, and may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or functionality, and should not be relied upon
in making purchasing decisions. The development, release, and timing of any features or
functionality described for Oracles products remains at the sole discretion of Oracle.
Program Agenda
1
Overview
Masking Methods Used
Frequently-asked Questions
Whats Masked and How
Overview
Data masking is the process which permanently alters pre-defined columns
in a non-production environment in order to avoid exposing
sensitive/personal data but still make that data useable for the customers
intended purpose
Typically, supports use cases for non-production environments after you
have gone into production
Maintenance and add-on development
Upgrade validation
User acceptance testing of new features, changes
Overview (continued)
Subscription-based
Release 10: HCM
Planned for Release 11: ERP & Sales Cloud
Uses Oracle Data Masking Pack for Oracle Enterprise Manager

Provided via two methods
Refresh option: After migrating data from production to a non-production environment
Standalone (less common). Example: validating data loads prior to first go-live
All customers data will be masked identically

Scope: PII (personally identifiable information)
Data will look different every time you mask it
Overview (continued)
Production
Data Masking
Process
Non-production
Prabu Anne Chin
Susan Elizabeth Franklin

Email
Places of Birth
Date of Birth
Bank Account
Passport #
Visa/Permit Type
Drivers License
susanf@acme.com
Moose Jaw, Saskatchewan, Canada
January 18, 1991
0384229473
ABZ332049
Academic Student
CA2034938-1
Email
Places of Birth
Date of Birth
Bank Account
Passport #
Visa/Permit Type
Drivers License
sendmail-test-discard@oracle.com
---, ---, --March 30, 1987
2938472
#K49HEL*
Temporary Worker
---
Masking Methods Used

Method
Definition
Example
Pre-masking Value
Post-masking Value
Fixed
String
Replace column value with a predefined, fixed

string of characters.
Email Address
fred.smith@oracle.com
sendmail-testdiscard@oracle.com
Country: <null>
Region: <null>
Town: <null>
Null
Replace column values with null value.
Places of Birth
Country: Canada
Region: Saskatchewan
Town: Moose Jaw
Random
Date
Replace column value with a random date

within a predefined range of dates.
Date of Birth
January 18, 1991
March 30, 1987
Random
Digits
Replace column value with random digits within

a predefined number of digits.
Bank Account
0384229473
2938472
Random
String
Replace columns value with a random string of

characters with predefined min/max length
Passport Number
ABZ332049
#K49HEL*
Shuffle
Randomly reassign pre-masking values to other

rows.
Visa/Permit Type
Academic Student
Temporary Worker
Truncate
Remove all data from a table.
Drivers License
CA2034938-1
---
Frequently-asked Questions
1. Is data masking available to all customers?
Data masking is available to HCM customers at Release 10 or higher who have subscribed to the optional
data masking service. Contact your Oracle Account Team if you would like to subscribe to this service.
2. When will data masking be available for Sales Cloud and ERP customers?
Oracle plans to support data masking for additional Fusion Cloud services with Release 11.
3. What data is masked and how is it masked?
See the following section for details. The data masking service entitlement focuses on masking personallyidentifiable information (PII).
4. Were implementing ERP and HCM in the same Cloud environment. Whats the impact of data
masking in this case?
All data will be masked identically, regardless of the Fusion application which uses it or from which it
originated. Data masking rules are defined at the column level and data shared across applications-primarily Person data--will be masked across the database.
Frequently-asked Questions (continued)

5. What are the various options available for data masking?
You can request the data masking service using one of two options. The first option is the most common
where a customer requests data masking as part of an environment refresh. This assures that the
production data youve migrated to a non-production environment via the refresh is masked before you
provide your users with access to it. The second option is less common where you will request standalone
data masking if you have:
Loaded real Person information from another system directly into your Fusion non-production
environment; or
Previously migrated data to your non-production environment via an environment refresh and
subsequently wish that data to be masked.
6. How do I request data masking?
You request data masking via a Service Request (SR) using My Oracle Support

7. How long is the outage required to apply data masking?
Data masking requires an outage of up to 24 hours. If requesting data masking with an environment
refresh, that amount of time will be added to the outage required for the refresh.
8. Is there any restriction on the dates I can request for data masking?
Yes. For standalone data masking, request a date that doesnt conflict with any other planned outages for
the environment (for example, monthly updates, upgrades).
For data masking with an environment refresh, select a date outside of the refresh blackout period (the
period of time between monthly updates to your non-production environments and two weeks later when
production environments are updated). Also, the date cannot be less than 4 days prior to any other
planned outages for the environment.
9. Should we always mask data in our non-production environment?
Probably not. In some cases, youll want your non-production environment to be identical to whats in
production. A common example is validation of an upgrade in your non-production environment before
your production environment is upgraded.
10

10. Can I add additional Persons to a masked database?
Yes. You may wish to do this to support specific use cases you are testing. This manually-entered data will
not be masked.
11. Can I make changes to data that has been masked?
Yes. Any changes you make to masked data will be saved to the database as long as the changes pass
system edits. This modified data will not be re-masked.
12. After our data is masked, will it be possible for someone to figure out whos who on the database? If
yes, why?
Possibly. Even though personally-identifiable information (PII) is masked, you must continue to practice
good data governance and restrict access to masked data to only those persons whose jobs require it. A
determined user could figure out a persons identity through a combination of non-PII data (for example,
location, job, and gender). If we were to mask data to avoid this from happening, the resulting data would
not be useable for user acceptance testing and several consistency edits within the applications could
break. Use data security to restrict the data that a user can see.
11

13. Can I request that data be masked exactly how I want it?
No. There is no option to customize what data is masked or how that data is masked.
14. What other limitations exist?
Important! Be sure you understand limitations with using masked data before you request the data
masking service.
Do not request the data masking service if:
Your intent is to replicate the same results as when using real, unmasked data. Key examples are payroll calculation and any
process that uses data input values that would be modified by the data masking process.
Your test purpose is to verify interfaces to downstream system that require real data that is not modified.
Refer to Appendix A of the Data Masking Standalone informational document for the list of all data objects that are masked with
each request. See attachment in My Oracle Support document Doc ID 1534683.1 and be sure to analyze and consider potential
impact to your intended test purpose, scope and downstream processing.
12
Whats Masked and How

Data
Masking Technique
Masked Value
Bank Accounts
Email Addresses
Phone Numbers
Addresses
Random Digits
Fixed String
Random Digits; USA phone number format
Address Lines 1 & 2: Fixed String; Address Lines 3 &4: Nulled;
Postal Code, Town or City, Country: Shuffled as a group
Dates of Birth
Places of Birth
Dates of Death
Person Names
Random Date between January 1, 1945 and December 31, 1990

Nulled
Nulled
First Name, Middle Name, Last Name: Shuffled separately from one
another
Sample: 4936477859
sendmail-test-discard@oracle.com
Sample: 925-692-9270
Sample:
Address Line 1: Station
Address Line 2: Road
Address Line 3: <null>
Address Line 4: <null>
Postal Code: S031 4NG
Town or City: SOUTHAMPTON
Country: UNITED KINGDON
Sample: March 17, 1982
<null>
<null>
Sample: Prabu Ann Chin
13
Whats Masked and How (continued)

Data
Masking Technique
Masked Value
Documents of Record
From Date: random date between January 1, 2000 and January 1,

2020; To Date: random date between January 1, 2000 and January
1, 2020; Date Issued: random Date between January 1, 2000 and
January 1, 2020; Issuing Authority: random string; Document of
Record ID: shuffle rows; Issuing Location: random string:
Disabilities
Drivers Licenses
Passports
Visas/Work Permits
Table truncated
Table truncated
Passport Numbers: random string
Visa/Permit Number: random string; Visa/Permit Type: shuffle rows
National Identifiers
Termination Dates
Table truncated
Nulled
Sample:
From Date: May 11, 2008
To Date: October 5, 2007
Date Issued: July 9, 2003
Issuing Authority: U#_G
Document of Record ID: TM289384
Issuing Location: I*R@O{C
----Sample: *K^%KE
Sample:
Visa/Permit Number: K%R+KH@
Via/Permit Type: Academic Student
-<null>
14

Data Masking Presentation

Caricato da

Informazioni sul documento

Descrizione originale:

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Data Masking Presentation

Caricato da

Copyright:

Formati disponibili

Data Masking for Oracle Fusion Cloud

Safe Harbor Statement

Masking Methods Used

Whats Masked and How

Uses Oracle Data Masking Pack for Oracle Enterprise Manager

All customers data will be masked identically

Prabu Anne Chin

Susan Elizabeth Franklin

Masking Methods Used

Replace column value with a predefined, fixed

Replace column values with null value.

Replace column value with a random date

January 18, 1991

March 30, 1987

Replace column value with random digits within

Replace columns value with a random string of

Randomly reassign pre-masking values to other

Remove all data from a table.

Frequently-asked Questions (continued)

Frequently-asked Questions (continued)

Frequently-asked Questions (continued)

Frequently-asked Questions (continued)

Whats Masked and How

Random Date between January 1, 1945 and December 31, 1990

Whats Masked and How (continued)

From Date: random date between January 1, 2000 and January 1,

Potrebbero piacerti anche