Using Encryption to Protect Data in Your BI/DW Environment

More often than ever, organizations are moving data from their transaction and source data environments to a business intelligence and data warehouse (BI/DW) environment which is accessed by a wider group of users for data analysis and reporting activities. The data moved to the BI/DW environment may include a variety of sensitive, confidential, and regulated data elements, such as PII, PHI, PCI, and CJIS data. In addition to securing the BI/DW environment to meet the stringent regulatory requirements associated with these data elements, complex permission management is also required to control the access to the regulated data. This is necessary to ensure that the data is not exposed to BI/DW users who do not have a “need to know”, for example, the users who do not have a business reason to view or access the regulated data.

Adding these complex permission management access controls can significantly increase the costs of building and maintaining a BI/DW environment when compared with a BI/DW environment that does not include regulated data. While the regulated data may not be an essential data element of the actual metrics/analytics themselves, it may still be critical in order to correlate the relationships between certain data elements. For example, there may be a need to use a social security number to correlate data from multiple data sources. So how do you protect the sensitive, confidential, and regulated data while still enabling the value activities and outcomes generated by the BI/DW environment and at the same time minimize the development and maintenance costs?

The OnData Platform provides one cost-effective solution, which is to encrypt and de-identify the sensitive, confidential, and regulated data prior to loading the data into a BI/DW environment. OnData enables you to encrypt the data in a way that does not negatively impact the BI/DW environment by maintaining the format of the original data elements. It allows you to conveniently identify and categorize the data fields in your data sources. You can pick from a variety of encryption / obfuscation rules to obfuscate the real data. Using those rules, the OnData Platform can automatically process your data sources so that the sensitive, confidential, and regulated data is completely obfuscated before it is loaded into your BI/DW environment.

The OnData Platform can help organizations significantly reduce their risk exposure to data breaches and data misuses in their BI/DW environments. While the data within the BI/DW environments still needs to be protected for obvious business reasons, the OnData Platform enables you to streamline and simplify the security controls and the data access controls while still protecting the regulated data contained in your BI/DW environment. Using OnData to encrypt and de-identify the sensitive, confidential, and regulated data prior to loading the data into a BI/DW environment provides a cost-effective solution that allows you to continue to crunch the numbers without the added costs and risks associated with data security and data management.