A top 10 European bank with full-service offerings, including corporate and institutional banking, retail and private banking, life and pension products and over 10 million customers.
Internal policy was put in place that required the Common Data Warehouse (CDW) team to implement a data-centric security solution to prevent unauthorized users from accessing sensitive production data in test/development systems.
Sensitive data needed to be protected – at rest, in transit and at use – but locking down all the data was not an option. The IT team needed to leverage production data in internal test environments as they developed new programs and systems but they did not need to see the data in the clear.
The new data governance policies required that the technologists, such as DBAs, programmers, or system engineers, could not access the sensitive customer data in the clear or grant sensitive data access to others.
Fine-grained data tokenization was applied to key data elements that allowed the IT team to leverage the data in a protected form. The test environment remains full-functioning but unauthorized users are unable to access or grant access rights to sensitive data in the clear.
Critical to the success of the solution, Protegrity also enabled the CISO to determine and specify what data is to be protected, where it is to be enforced, who will have access and when and how the data will be protected.
Enterprise key management (EKM) capabilities are integrated into the platform and provide an easy-to-use system for managing keys.
Built-in comprehensive auditing and reporting provides the insight needed to track usage and patterns.
Requirements & Challenges
- Protect sensitive data in the Teradata CDW and Hadoop (Hive)
- Advanced tokenization with support for high ASCII Latin-1 & Latin-4 characters, consistently without loss
- Character preservation through the entire data flow – FTP, Hadoop (Hive), DataStage, Teradata, User application
- Length Preservation – Retain structure of the current file length or CDW columns
- Scripts and Coding Alignment – maintain consistency between production and dev-test environment
- Future Proof – Support for other European character sets, new data sources
- Institute separation of duties
Results & Benefits
- Implemented fine-grained data security on any/all character sets and data sources, without significant changes to CDW
- Protegrity Vaultless Tokenization preserved data structure and column widths
- Audited compliance to new data security policy
- Negligible changes to functional processes using de-identified data
- Clear separation of duties implemented with the data security policy