Database Redaction

Availability for the Always-On Enterprise

Database Redaction

Veeam Logoby Alex Pixley » Tue Apr 19, 2016 5:04 pm

I'm a database guy and I'm new to Veeam. Before today, I didn't know anything more about Veeam than the name. This morning, I went to one of the VPs in my company and told them that I'd just seen an exciting demo from Actifio that I wanted to discuss. After a brief summation of the demo, he said, "That sounds like what Veeam does. Do they do anything that Veeam doesn't?". We talked a few minutes more and it seems like there *may* be one thing that Actifio has over Veeam and I'm hoping that someone on this forum can set me straight.

Actifio partners with Camouflage for data masking/redaction/obfuscation so that a redacted production database can be deployed to non-production environments. Actifio also works with IBM Optim or in-house solutions that you create yourself. This functionality is a must for companies that are subject to PCI DSS/HIPAA/etc. From the demo, it looks like they have a running backup of the live database so that they can do a nearly-instant point-in-time recovery of the database and a second copy that is getting redacted in real time so you can have nearly-instant point-in-time push of the redacted database to non-Production databases (Dev/QA/UAT/etc.).

I've been refining and reformulating searches on Google for a few hours and not coming up with anything that seems useful. Do any of you know if something like this is possible with Veeam? If so, can you give me a brief overview on how to make it work or point me to some useful links. I am specifically dealing with SQL Server 2008 R2 and SQL Server 2014 running on either Windows 2008 R2 Server or Windows 2012 R2 Server.

Thanks in advance,
Alex
Alex Pixley
Novice
 
Posts: 3
Liked: 1 time
Joined: Tue Apr 19, 2016 4:55 pm
Full Name: Alex Pixley

Re: Database Redaction

Veeam Logoby PTide » Wed Apr 20, 2016 10:34 am

Hi,

Just to make sure that I got you right - you basically wonder if Veeam can take a copy of a running production database, edit the copy (mask data) and deploy the copy in a non-production environment for education/development/whatever purposes so that the production db stays intact and no data is exposed to the outer world, is that correct?

Thank you.
PTide
Veeam Software
 
Posts: 3019
Liked: 246 times
Joined: Tue May 19, 2015 1:46 pm

Re: Database Redaction

Veeam Logoby Alex Pixley » Wed Apr 20, 2016 12:15 pm

Yes, that is essentially it. The data masking would be automated so that an up-to-date masked copy would always be ready. Actifio doesn't do that out of the box, but they have partnered with Camouflage to make it possible and will assist with the initial setup. Is something similar possible with Veeam? It's the automated part that I am most interested in.

Thanks,
Alex
Alex Pixley
Novice
 
Posts: 3
Liked: 1 time
Joined: Tue Apr 19, 2016 4:55 pm
Full Name: Alex Pixley

Re: Database Redaction

Veeam Logoby PTide » Wed Apr 20, 2016 1:31 pm 1 person likes this post

Currently you can stick with the following method:

- Setup a backup job that performs SQL transaction log backup every X minutes

- Use PowerShell cmdlets to perform Point-in-Time recovery of a database from backup to the desired location

- Edit the database content manually or via another script

This blogpost was written by one of our engineers and is worth checking.

Unfortunately, Veeam does not currently have integrated tools to obfuscate/mask data.

Thank you.
PTide
Veeam Software
 
Posts: 3019
Liked: 246 times
Joined: Tue May 19, 2015 1:46 pm

Re: Database Redaction

Veeam Logoby Alex Pixley » Wed Apr 20, 2016 1:40 pm 1 person likes this post

That is exactly what I needed to know. Thanks.
Alex Pixley
Novice
 
Posts: 3
Liked: 1 time
Joined: Tue Apr 19, 2016 4:55 pm
Full Name: Alex Pixley

Re: Database Redaction

Veeam Logoby dcskinner » Wed May 24, 2017 5:09 pm

Just to be clear, what PTide is describing is technically data masking, but in general is not transforming the data in a useful way. Let's take health data for example. Personal Health Information (PHI) needs to be obscured so that a piece a information cannot be tied back to a particular person. You can't just run a random scramble against a patient's names because then the data becomes unusable for testing. How are we supposed to know that Sasdfr Tswsdfnu is a name or some garbage that the query returned? So, you need to change names into other names. But wait, there is more. You really should be translating Male names into other Male names and Female names into other Female names, so you need to look at the gender of patient and perform replacements based one that information. Furthermore, when you have patient data in multiple systems, you need to transform the data in the same way everyplace it happens. You can't change "Ringo Starr" to "John Smith" in one system and "Anthony Jones" in another. And that is just names. What about addresses? Birthdates? That one has other implications. You can't change babies into octogenarians as it will skew your queries. So, either the answer here is really "no, Veeam can't do data masking" or the question is still open.

-Dennis
dcskinner
Lurker
 
Posts: 1
Liked: never
Joined: Wed May 24, 2017 4:57 pm
Full Name: Dennis Skinner


Return to Veeam Backup & Replication



Who is online

Users browsing this forum: DonZoomik, Google [Bot], Google Feedfetcher, Yahoo [Bot] and 20 guests