Delphix announces masking acquisition
Thus I’m excited to announce the first acquisition by Delphix (portending many to come). Dephix has just acquired the data masking company Axis Technology Software. Delphix is integrating the Axis masking technology into the core Delphix product. Masking is a feature that 9 out of 10 customers have asked for after buying Delphix. Delphix eliminates the data cloning bottleneck for application development environments and naturally the next concern that arises is how to mask the data from production in application development environments. The answer has been to use Axis masking which Delphix has been selling prepackaged together with Delphix in partnership with Axis. Axis was so impressed with Delphix that they wanted to become part of the Delphix team. Delphix has been impressed as well with Axis and were more than pleased to bring our companies together. Our companies have offices located just across the street from each other in Boston making the transition and integration of Axis into Delphix easy.
Axis masking is an awesome product and despite as a small team they have succeeded penetrating the challengers quadrant of the Gartner magic quadrant on masking solutions. Now with Axis code integrated into the core of Delphix, we are looking forward to seeing the combined Delphix overall solution, Data as a Service (Daas), in the market leader quadrant.
Masking is crucial in the industry now as security is a top concern. There have been 783 industry data breaches in 2014 up 20% over 2013 raising the urgency of data security. Delphix has a two prong approach to data security
reduce surface area of exposure
masked sensitive data outside of production
Surface Area of Risk
“According to leading industry reports, 98% of breached data originates from database servers.” Of the databases out there 80% of them are non-production copies of production databases. As non-production copies they are often in less secure, less attended environments. It’s insufficient to protect the perimeter. Breaches will happen as is the case constantly in the press.
By securing the data copies with data virtualization and combining that data virtualization with masking one can eliminate 80% of high risk data at the core by combining data masking/de-identification with automatic, controlled delivery to downstream environments. Not only will Delphix increase data security, it will also save IT time and expense.
See also this great discussion on twitter with Pete Finnigan on data security .
Production data is typically copied into many other environments such backup, reporting, development, QA, UAT, sandbox and other environments. Thus there are often up to a dozen copies of sensitive data to secure creating more work and exposure to risk. Delphix takes production data and compresses the data into one shared foot print across all non-production copies thus reducing the surface area of risk and providing a clear view into who has access to what data and when. With Delphix, companies can control, monitor and audit who has access to what data and when they had access.
The second part of the equation is masking sensitive data outside of production so even if people have access to the data, it poses little to no danger. When it comes to security, the problem is the people who have access to the data. When data is sensitive, access has to be limited, yet more than 80% of sensitive data is found in insecure environments such as development and QA. Data from production system is copied of to backup, reporting, development, QA, UAT, sandbox and other environments. Of those environments, most don’t required sensitive data such as real social security numbers, credit card numbers, patient names, and diagnoses. Data masking replaces identifying data such as social security numbers, birth dates, and addresses with scrambled data that can’t be matched to actual customers. As a result, data that is stolen or breached can’t be used maliciously. Masking data can be tricky complex operation. It’s not a simple matter of blanking out a field of data but instead one has to replace data with compatible but similar data. People’s names should be replaced with reasonable people’s names and not just a list of random characters. Social security numbers should look like social security numbers and not just random numbers. Data that is masked should not be able to be unmasked. Data that is masked should consistently mask to the same value across different databases in a contained development environment. Referential integrity should be maintained. There are many algorithms that one can use for masking depending on the different types of data and concerns. The Axis masking technology provides these different algorithms and even will go into data and analyze the data to help determine data that could potentially be sensitive data.
With Delphix, data can be synchronized with a Delphix appliance in the production zone, masked there and only masked data propagated to a Delphix appliance in a non-production zone, thus guaranteeing that data security outside of the production zone.
Delphix accelerates cloning production data into development and QA environments eliminating the need for data subsets and synthetic data thus reducing bugs and speeding up development times. Axis masking, now being integrated into core Delphix, easily, efficiently and robustly masks sensitive data in development and QA environments. The combination of the two technologies brings a new approach in the industry not yet seen elsewhere and eliminates what some say are the two biggest bottlenecks in supplying production parity environments to application development – cloning the data and masking the data.