Aware of the potential financial consequences of a major data breach, Standard Insurance Company wanted to take a proactive approach to masking personally identifiable information (PII) in its test data systems. But complex dependencies among the company’s testing applications threatened to make the data masking process extremely difficult—if not impossible.Estuate worked with Standard Insurance’s in-house IT staff to implement IBM Optim Solutions and enhance the insurer’s data masking processes.
Breaking the Kubernetes Kill Chain: Host Path Mount
Standard Insurance Case Study
1. Standard Insurance
Company Safeguards
Sensitive Data with
IBM Optim
CHALLENGE
Aware of the potential financial consequences of a major data breach, Standard Insurance Company wanted to take a
proactive approach to masking personally identifiable information (PII) in its test data systems. But complex
dependencies among the company’s testing applications threatened to make the data masking process extremely
difficult—if not impossible.
SOLUTION
Estuate worked with Standard Insurance’s in-house IT staff to implement IBM Optim Solutions and enhance the
insurer’s data masking processes.
RESULTS
Using data masking best practices, Standard Insurance is:
Securing the most common location of enterprise data breaches.
Protecting customers’ PII, such as credit card numbers, Social Security numbers, names, and addresses.
Preventing the potentially multimillion-dollar consequences of data breaches.
Reducing the size of the testing database.
Minimizing the need to purchase new hardware for testing and QA.
Speed time-to-market for new products by streamlining testing.
2. MAJOR INSURER TAKES A PROACTIVE APPROACH TO DATA MASKING
According to the Ponemon Institute, the cost of a data
breach now exceeds $200 per compromised customer “The traditional way to make sure data is
record. In light of these costs, most enterprises have disguised in many applications is to go
implemented data security solutions in their production one at a time, but because Standard
environments. But many companies overlook the need Insurance had application clusters, they
to secure personally identifiable information (PII) in their needed to take just the right approach so
testing systems. As a result, about two-thirds of security that they wouldn’t crash multiple systems
breaches now occur in non-production environments. and bring their business to a halt.”
Hoping to avoid a major breach, Standard Insurance Allan Martin
Company recently took a proactive approach to masking Senior Optim Consulting Manager
PII across its QA and testing applications. But Standard Estuate
Insurance runs a complex environment with about 200
test systems. Many of these applications are in-house
systems with minimal documentation—and the
employees who had designed them had long since left
the company.
As a result, it was difficult for Standard Insurance’s IT
staff to navigate the systems when searching for
exposed PII.
Adding to the complexity, Standard Insurance’s testing
data resided not only in distributed applications, but also
in mainframe systems as VSAM, or “flat,” files. In
addition, most of these testing applications were
dependent on each other. Thus, if Standard Insurance
were to mask data in one application, other systems
might fail simply because that same data was not
masked in those systems’ databases.
2 www.estuate.com - t: 408.400.0680
3. CONSULTING PARTNER RECOMMENDS AN INNOVATIVE APPROACH
which it would lock down all the applications that
After considering the technical challenge that lay ahead,
® contained PII; mask all tables, records, and data
Standard Insurance engaged Estuate to implement IBM
across all systems at once; and then start all systems
Optim™. IBM Optim delivers powerful data
back up again.
transformation capabilities to mask personal information
such as credit card numbers, email addresses, names,
and addresses, enabling companies to use this data “We knew that there was some risk
safely for application testing. involved with recommending the Big Bang
Standard Insurance chose Estuate to run the project for approach. If even one application wasn’t
several reasons. First and foremost, Estuate has rich masked successfully, this could trickle
experience in using IBM Optim on different platforms— down and affect all other applications. But
including not only distributed environments such as we also knew this was the only way to
Linux, UNIX, and Windows, but also mainframes and ensure that Standard Insurance’s PII
AS-400 or iSeries systems. Second, Estuate had already would be completely masked in all
successfully applied its test data management process upstream and downstream systems.”
in dozens of customer implementations. Allan Martin
Standard Insurance hoped Estuate would come up with Senior Optim Consulting Manager
an innovative solution to its unique technical situation. Estuate
Estuate delivered by proposing a “Big Bang” approach in
MASSIVE PROJECT FINISHES WELL AHEAD OF SCHEDULE
After spending one month interviewing Standard The team had allotted itself one week to complete the
Insurance’s personnel to fine-tune its approach to the masking, but finished the task in just two days.
project, Estuate spent several days carefully testing IBM Regression testing verified the success of the project.
Optim in the company’s environment. Estuate then “In all my years of working on IBM Optim
created a project control room for the Big Bang project. implementations, I had never seen a success story of
Six team members—including Estuate and Standard this magnitude,” says Martin. “We used Optim to
Insurance employees—began running IBM Optim mask data in about 130 applications—dealing with
processes to mask the company’s data. mainframes, flat files, and Oracle systems—and
finished in half the time we had projected.”
3 www.estuate.com - t: 408.400.0680
4. MASKING TEST DATA PREVENTS THE ABOUT ESTUATE
MULTIMILLION-DOLLAR CONSEQUENCES OF
Headquartered in Silicon Valley,
DATA BREACHES
Estuate is a global information
technology services company that
To assess the true value of Standard Insurance’s project, Martin specializes in helping companies
compares it to the company’s alternatives. Standard Insurance could establish and improve enterprise
have chosen to build its own data masking solution in-house, or used data management strategies and
a competitor to IBM Optim. Martin sees flaws in either approach. best practices.
“The trouble with in-house data masking solutions is that it’s difficult Estuate is IBM’s go-to partner for
®
to know whether you’ve masked data correctly,” says Martin. “Also, a the implementation of IBM Optim
company then has to design and implement its own test data Solutions for custom applications,
management process. Contrast that with IBM Optim, which is secure Oracle E-Business Suite,
and guaranteed by IBM and has a proven process. Optim also offers PeopleSoft, Siebel and JD Edwards.
much greater speed and ease of use than its competitors.” We have expertise on distributed
platforms and IBM mainframes.
If Standard Insurance had simply chosen to ignore PII in its test data
Estuate was one of the early
systems, a data breach could have cost the company millions of
partners involved in the Oracle-to-
dollars in lost business. In addition, a government audit could have
DB2 migration program. We work
exposed the company to steep fines and penalties. Standard
closely with IBM account teams to
Insurance now has peace of mind that it is adequately protecting PII
meet our mutual clients' Enterprise
across its systems.
Data Management needs.
“It would only have taken one major breach for Standard Insurance
to realize the value of protecting PII—and then it would have been
too late,” Martin explains. “Standard Insurance now knows that even
if someone did manage to break into their test data systems, it would
be impossible for them to steal credit card numbers, Social Security
numbers, and other sensitive data.”
In addition, IBM Optim’s intelligent subsetting feature will deliver
ongoing benefits to Standard Insurance. Intelligent subsetting allows
testers to work from a representation of production data, reducing
For more information contact:
the size of test databases by as much as 90 percent.
Marc Hebert,
“Intelligent subsetting can yield measurable savings in terms of Estuate’s COO
hardware costs,” says Martin. “It also speeds up backups, restores, marc@estuate.com
and the process of moving data into testing systems. We look T: 510-468-7132
forward to seeing the financial benefits Standard Insurance will
achieve over time.”
4 www.estuate.com - t: 408.400.0680