Product - DDM（Dynamic Data Masking System）

DDM（Dynamic Data Masking System）

Product Overview Deployment mode Advantages Customer Benefits Classic case

Product Overview

Compliance requirements: Data Security Law, Personal Information Protection Law, Regulations on the Security Protection of Critical Information Infrastructure, Measures for Security Assessment of Data Export, etc.

Business requirements: data security governance (protection requirements for different levels of data).

Security requirements: A large amount of sensitive data is stored in the production database, and these real business data are used in a large number of work scenarios, if data leakage or damage occurs, it will not only cause economic losses, but also cause a serious trust crisis.

Palladiium Dynamic Data Masking System (DDM) is a dynamic data masking and masking product with high performance and scalability, with fully transparent and real-time sensitive data masking capabilities, which can dynamically shield, encrypt, hide and audit the data returned by the production database differently to ensure that personnel with different permissions can access sensitive data in the production environment differently. On the application side, the deployment mode of transparent series connection and three-layer BYPASS technology are supported to prevent single points of failure of links and ensure customer service continuity.

DDM is widely used in medical, government, finance, insurance, education and other industries, and meets relevant national regulations, policies and industry requirements.

Deployment mode

Transparent bridge deployment mode: Support serial access network to ensure that all access traffic flows through DDM in series. With transparent bridge technology, clients can directly access the IP address of the database service.

Advantages

Database permissions governance

The permission control policy does not require installing any agent agent on the database server, and obtains the database table structure through the database privileged account, so as to realize the "add, delete, modify, and query" permission management from the database account to the database table level.

Rich built-in masking algorithms

Built-in a variety of mainstream masking algorithms, can mask sensitive fields and generate real and fully functional data, including but not limited to: character masking, forensic masking, keyword substitution, deletion masking, AES masking, SHA masking, etc., and can use randomly generated values according to various constraints to replace sensitive fields to achieve random masking.

Custom masking algorithm

DDM provides users with high flexibility in customizing algorithms, either by copying existing masking algorithms for modification or by writing entirely new masking algorithms. Users can customize the masking algorithm according to their own data characteristics, policy compliance, application system and other needs.

Application business data masking

For service access masking, DDM can directly shield, encrypt, hide, and audit sensitive data in the production database accessed by business systems through a transparent serial deployment mode, without changing the middleware and client configuration, and ensuring business continuity.

Data masking behavior audit

DDM supports masking behavior auditing, which can audit SQL statements (before masking), access source information, SQL statement information, and affected objects, and provide detailed statement details pages.

Real-time high-risk operation protection

DDM's built-in behavioral firewall function module can control the SQL statement operation behavior of DBAs and other O&M personnel, implement permission policies based on natural persons, databases, database tables, fields, high-risk SQL statements, and where condition queries, and reduce database operation security risks.

Accurate data access identification

Relying on comprehensive and accurate SQL protocol parsing, DDM can accurately identify sensitive data access behaviors of users through O&M tools or application systems, and will not miss the accurate identification and security control of sensitive objects in complex scenarios.

Customer Benefits

Data security protection: effectively protect the security of sensitive data, effectively reduce the risk of data leakage by desensitizing data, and improve the confidentiality and privacy of data;

Compliance compliance: Many industries and regions have corresponding data protection regulations and compliance requirements, and the use of DDM can ensure that enterprises comply with relevant regulations and regulations and avoid possible penalties;

Ensure business continuity: Based on transparent series connection and three-layer BYPASS technology, it can accurately desensitize core data and ensure business continuity;

Cost reduction: Using DDM can reduce the cost of data replication and management. Since the masked data can be used in the production environment, it is no longer necessary to replicate and manage the data in the production environment, avoiding data redundancy and additional storage costs.

Classic case