DLP
Keeping PII Private
IBM's Haifa Research Lab in Israel has developed a new approach for masking sensitive customer data which could considerably reduce programming costs. Known as Magen (Masking Gateway for Enterprises), Hebrew for 'shield', the technology will help firms comply with data privacy regulations such as PCI DSS (Payment Card Industry Data Security Standard) and HIPAA (Health Insurance Portability and Accountability Act).
Magen sits on a server alongside the firm's customer database, and intercepts a data screen requested by a call center agent before it is sent to the agent's desktop.
IBM says Magen does not change the client's software or data. Instead, it uses OCR (optical character recognition) to create an image of the data screen. Using rules specified by the client, the data displayed on the screen is analyzed in order to identify and disguise sensitive information. The screen is then reconstructed into a new bitmap based on the masking result, and sent to the agent's desktop.
This masking process is done in the same physical location as the customer database, helping firms to comply with domestic regulations banning the export of personal data to other countries.
"Call center agents in India need certain information in order to help customers, but they don't need access to all the customer data stored on a U.S. firm's database," says Haim Nelken, IBM Research Lab's manager of integration technologies.
Magen will compete with products providing data masking and data leakage protection (DLP) from vendors including Oracle, Dataguise and Camouflage Software. "None of the competitors do OCR," says Nelken. "They're not working at the bitmap level."
"Until now, companies have struggled with data masking, and they've had to use several different products and a lot of programming to get the job done," says Avivah Litan, vp and distinguished anlayst at Gartner. "Currently, programming has to be done for each set of data needing to be masked, and it must be done at the field level. If Magen can automate this process, it could save a lot of programming."
Despite its advantages, Nelken says it is not yet certain whether Magen will become a full-fledged IBM product. The decision hinges on the result of trials which will need to be carried out with actual IBM clients. He says IBM has been talking to banks in the U.S. and Europe about testing Magen. "We've tested Magen with a few client applications and it worked OK, but we need to trial it with a wide range of applications," he says.
"The fact that IBM hasn't yet announced a client (for Magen) doesn't bother me," says Forrester Research analyst Ellen Carney. "Protecting customer data is huge, and IBM will come up with a first-of-a-kind customer for Magen."