Today’s economy is increasingly based on interconnected systems residing in different clouds, managed by different people and often with development services outsourced or partially outsourced. Financial organisations Need to have governance processes in place to ensure that sensitive data cannot be accessed by unauthorised people.

Often when there are new releases, or new functionalities introduced there is a need to copy / clone / refresh production databases to development/ user acceptance / quality assurance environments. Such database refresh activities are usually part of a more complex preprocessing/post processing activity intended to delete/hide or obfuscate sensitive data (e.g. payroll data is deleted after a SAP HR DB refresh, financial data is pruned leaving a minimal set of records (test records) etc. These approaches limit to some degree the coverage of the quality assurance validation. As an example if there are analytics to be validated it is difficult to do it on subset of data, if there are processes in the front end with validations for identity cards, driving licenses, passport numbers, insurance id etc. they will fail unless we preserve the specific formats expected. To make the problem even more complex these formats are different depending on the issuing country. 

We propose an integrated fully automated solution:

• Xpert.I.AM - workflow builder & automation. Defines source - target systems, approval process and servers as the automation glue coordinating the delivery. 
• Request approval form in Xpert.I.AM triggers the automation process, cloning the source database to the compliance secure zone [no user access].
• In the compliance secure zone a new compliance discovery process is run and the scrambling template is applied to the clone database. 
• The scrambled database is detached and attached to the target environment (prior version of database in the target system is detached). 

This solution is based on Infognito JumbleDB product which allows defining and applying Scramble Templates during the database refresh process. During each database refresh cycle we run a new discovery so that any new occurrence of sensitive data (even in other tables / fields) is detected and updated based on the "scrambling template" associated with the database refresh channel.

We developed country specific templates to scramble while preserving the readability and format consistency for ID cards, driving license, bank account, IBAN, credit cards, and many other objects. Even emails, names and addresses can be scrambled based on random lookups into special value tables. We use multiple scrambling methods and created our own scrambling functions by choosing carefully the best option for each of the use cases.

The process is similar for Oracle, MS SQL, MySQL and PostgreSQL databases.

If you would like to look at optimising your compliancy processes related to database refreshes between various environments please contact us.