Oracle

Fusion
CloudData
Masking
Service
Oracle Fusion Cloud
Service offers some
data masking options
for
Fusion Applications.
Data masking may
allow Oracle Fusion
Cloud
Servicecustomers to
benefit from a
functional, non-
production
environment
thatcontains masked
data.
KEY BUSINESS
BENEFIT
Fusion data masking
process isdesigned to
mask specific entities
andfields in non-
production
environmentsin a way
that is designed to
protect theoriginal data
from being exposed
whilemaintaining
production-like views.
Scope
This document is
intended for Oracle
Fusion Cloud Service
customers who want
tounderstand the
current masking
techniques and the
entities of Fusion
Applications thatare
masked. Customers
remain solely
responsible for
determining whether
the describedmasking
meets their business,
security, legal and
regulatory
requirements. Fusion
datamasking does not
guarantee de-
identification and has
a number of limitations.
Fusion
data masking
techniques and this
document
are subject to
change at Oracle’s
sole
discretion and this
description is provided
for information
purposes only.
What is Data
Masking?
Data masking, also
known as data
scrambling, is the
process of obscuring
sensitiveinformation
copied from
a production database
with internally-
consistent, scrubbed
databased on masking
rules, to a test or non-
production
database.Fusion data
masking is a process of
applying a pattern or
algorithm designed
toscramble data in
a non-production
environment with the
goal to reduce
exposingpersonal data
(also known as
personally identifiable
information or PII)
to unauthorizedpeople.
Why Mask Data?
Some customers desire
non-production
environments
for activities such as
staging andtraining. In
these non-production
environments,
customers may not
want to use
actualproduction data
but would still like to
use internally
consistent data sets.
Fusion datamasking
process is designed to
mask specific entities
and fields in non-
productionenvironment
s in a way that is
designed to protect the
original data from being
exposedwhile
maintaining production-
like views.
Masking
Process
The customer initiates
the masking process by
creating a Service
Request (SR) eitheras
part of a P2T
(Production to Test)
refresh request or as a
standalone request for
datamasking. The
Cloud Operations team
uses the Production-
To-Test or P2T process
to
2
| ORACLE FUSION CLOUD
DATA MASKING SERVICE
ORACLE DATA SHEET
create a customer’s
non
-production
environment with data
from
their productionenviron
ment, if P2T refresh
is requested.Once the
non-production
environment has been
refreshed (where P2T
refresh isrequested) or
once the non-
production environment
is identified (by the
customer) fordata
masking, the Cloud
Operations team will
target to run the data
masking scripts onthe
non-production
environment, using
Enterprise Manager
Cloud Control tool.
Datamasking is
intended to
run promptly after the
environment refresh (in
cases where
datamasking is
requested as part of a
P2T request) and
the environment can be
expected tobe released
for customer access
after data masking is
complete.
Masking Entities
Fusion data masking
process is designed to
mask certain sensitive
personal data
or PIIattributes listed
below. It is intended to
mask personal data or
PII across all
productfamilies, since
masking a portion of a
database is much less
effective when confined
tomasking attributes
held within specific
product families.
Current list of entities
include:Person
NamePerson
Telephone NumberDate
of BirthDate of
DeathCountry / Town /
Region
of Birth AddressBank
Account NameBank
Account NumberCredit
Card NumberInstant
Messaging
AddressEmail
AddressPassport
NumberVisa Number or
Work PermitTax
Registration Number or
National Taxpayer
Identifier
NOTE
Customers are strongly
encouraged to use the
principle of least privilege
when allowing
usersaccess to a masked
database. Customers
should give an end-user
only those privileges
thatare necessary to
complete his or her work,
by restricting the access
privileges / duty roles.
Fusion masking
process is
also designed to
remove the following
items from the
maskeddatabase:Workf
low notifications Audit
data from audit shadow
tablesData from
interface tables and
temporary tables
3
| ORACLE FUSION CLOUD
DATA MASKING SERVICE
ORACLE DATA SHEET
Data Masking
Rules
Several masking rules
are used in the Fusion
data masking process
as described in
thetable below. The
rule used depends on
the entity and the field
being masked.
DATA MASKING
RULESMasking Rule Maski
ng Rule Description
Built-
In Format A format used for
two different types of attribut
es; Phone Number
–
Usesan internal format
library that provides various
possible US and
Canadianphone
numbers.Credit Card
Number
–
 Format library provides
many different formats
forcredit cards, masking
them to appear like valid
credit card
numbers.Fixed String Set wi
th a fixed textNull Set with n
ullRandom Date Set to a ran
dom date generated in a giv
en range of datesRandom D
igit Set to a randomly gener
ated numberRandom Numb
er Set to a randomly genera
ted number in a given range
Random String Set to a ran
domly generated string for a
given range of string length
(number of
characters)Shuffle Rows Sh
uffle values with other rows f
or a specific attributeTable
Column Sets the value to th
e value in a specific table co
lumn
More Information
For more information,
visit the blog on data
masking here.
CONTACT US
For more information about
Oracle Fusion Cloud, visit
oracle.com or call
+1.800.ORACLE1 to speak
toan Oracle representative.