Capgemini’s robust metadata-based architectural approach to data masking helps companies identify data to be masked and provides structure to the data masking process.
Financial services institutions need to use production data safely outside of production processes. Data masking lets banks use production data securely and in compliance with privacy requirements. For financial institutions, real production data is required for:
- Testing: production data provides realistic, high-quality data that minimises the chances of defects
- Operational and production management: production data is often needed for technical support, data input, or customer service
However, financial services organisations must be very careful with the security and privacy of sensitive data to comply with information security guidelines and regulations including more than 50 international privacy laws. Failure to comply makes a financial institution vulnerable to regulatory breaches and audit violations, which can be expensive both in terms of immediate financial impact (fines can reach half a million dollars per incident) and in terms of brand damage and loss of customer loyalty.
An important part of the solution to this problem is data masking, which transforms or selectively replaces production data so that it can be used without jeopardising security or compliance.
The Capgemini approach to data masking
Capgemini takes a centralised approach that standardises data masking across the client’s ecosystem. Our approach covers all the requirements of a masking program including introduction of proven methods of discovery and demand management, on-boarding of applications, and execution of the masking process.
Our unique metadata-focused architectural framework facilitates management and reuse, and ensures scalability. This tool-agnostic framework adapts to each client’s environment and technology standards. It is designed to be flexible to support a wide range of relational databases, files and real-time messaging in both mainframe and distributed environments.
We also help financial institutions embed strong governance going forward to maintain consistent business rules for masking and to establish policies and processes to ensure consistency across the enterprise.
A closer look at two of the strengths of our data masking approach
Discovery: This Capgemini tool automatically identifies and reports potentially sensitive elements within application data by examining metadata. This information can be used to prioritise data for masking and hence shape the on-boarding plan.
Centre of Excellence: Masking can be carried out either locally or centrally. A Centre of Excellence can help to achieve a consistent, efficient and reliable masking process. We can help set this up with qualified teams to facilitate:
- Adoption of accelerators and best practices
- Phased implementation plan for all applications across all business units
- Setup of a common infrastructure and test environment