|Practice Area||:||Information Lifecycle Governance & Security|
The client is a leading financial services corporation whose goal is to make financial expertise broadly accessible and effective in helping people live the lives they want. With assets under administration of over $5 trillion, they focus on meeting the unique needs of a diverse set of customers: helping 23 million people investing their own life savings, 20,000 businesses to manage their employee benefit programs, as well as providing 10,000 advisors and brokers with technology solutions to invest their own clients' money.
The client launched a corporate initiative three years ago to develop a mature data masking strategy for all their corporate applications, in order to secure sensitive non-production data pertaining to employees and customers. Previous initiatives were largely ad hoc and informal, which was no longer sufficient in this era of high-visibility data breaches.
Client launched a software evaluation process, and selected IBM Optim Data Privacy Solution as a corporate standard for data masking. A Masking Center of Excellence (CoE) was formed to execute a data masking initiative, with a target of masking 15 key applications in the first year, while creating the repeatable processes needed to mask multiple applications consistently.
The client started with a different Optim partner but that didn't work out very well. Having seen Estuate’s expertise in action at an Optim User Group meeting, the client engaged Estuate to do a best practices review of their CoE. Estuate found that the implementation was inefficient, which contributed to massive performance issues, causing a lot of support attention from IBM. Estuate reworked the solution based on its extensive knowledge of IBM Optim and the Information Lifecycle Governance and Security (ILGS) domain.
Estuate identified an approach to automate the data masking process from end-to-end, and then moved into an implementation effort using Excel as the automation tool. Estuate succeeded in mastering a complex set of processes for taking an application and its data elements, and automating the masking process by matching up the right Optim masking policy associated with each data element.
This was a very specialized project around sharing best practices in a complex customer environment with an entrenched competitor. It also involved automation of a complex business process with rapidly evolving requirements that required many iterations to complete. Estuate noticeably moved them forward along the curve with our best practices recommendations and our automation solutions.
The following table summarizes the key technical areas where Estuate made a difference.
|Previous Generation - Years 2006 thru 2012||Estuate's Solution|
|Homegrown Tool - Informatica, Java Script and Oracle||Industry leading tool - IBM Optim|
|Masking based on 21 elements||Masking to 124 elements|
|Immature, inconsistent processes and/or no standards||Maturing, repeatable processes & documented standards|
|Discovery was “Best Efforts” based||Intelligent Discovery and powerful masking capabilities|
|Limited to known DB tables/fields without deep dive||Expanded beyond DB tables/fields (i.e. files)|
Estuate’s solution helps protect sensitive non-production data and ensures data privacy by creating masked data for development, testing, and training. Key benefits:
The nature of our business entails dealing with sensitive private data that not only needs to be protected, but is also subject to stringent regulations. A one-off approach was not going to help. Estuate not only built a solution for us, but also helped us mature a Data Masking Center of Excellence which enables our entire organization to adopt industry-leading standards in data protection. Their domain knowledge, Optim expertise, deep connections with IBM, and above all, their professionalism and can-do attitude made all the difference to the success of this project.
Director, Software Engineering.