Data Obfuscation

Data obfuscation is a technique that “hides” or “camouflages” code or other information so that it is harder to read by unauthorized users.

is the process of replacing data with data that looks like real production information
original data is unretrievable
is security by obscurity
- usually deprecated

Methods

Static obfuscation
- a new representational dataset is created as a copy of the original data with obfuscations implemented
- only the obscured copy is used
Dynamic obfuscation
- data is obfuscated from the original dataset as it is accessed

Test Environments
- new software should be tested in sandboxed environments before being deployed to production environment
- actual production data should never be used within the sandbox
- but need to use data that closely approximates the traits and characteristics of the production data
Enforcing least privilege
- this may mean allowing users access to elements of a dataset without revealing its entirety
- e.g., Customer service rep gets access to a portion of a customers data that’s needed to perform job
Secure remote access
- when a customer logs on to their web service, account information may be only partially revealed
- adds protection against hijacked sessions, stolen credentials, shoulder surfing