Questions when sensitive data must be seen in IT development staff and support staff

jana
jana used Ask the Experts™
on
Hi,

This may sound a bit crazy, but is there a way to protect sensitive data from programmers while there are developing the application? (sounds crazy because the programmers has to see the data).  For example,  we are compiling social data of staff like family components, relationships, members income, health issues, etc.  Management want to protect the data from IT support techs that will support this apps and from programmers that will be developing the apps.  If there is no way, and IT has to see all the data, what can a company do to manage this situation where very sensitive data is projected to in the system?

What we have come up with is using dumb data (not real data) for developers to create the applications.  We will use this data from creation up to validation stage.  In data import, the tech responsible has to see this data (so here must be some sort signed agreement) in the support stage since the tech has to see the problem, they have to see data but will not have a test environment with real data.

What u guys think? - any Experts with this type of experience fully appreciated you input
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2012
Distinguished Expert 2018
Commented:
It's not crazy at all.  Most database products have methods to keep sensitive data even from DBAs.  If you don't have the key or certificate, you don't see the data.

From the sound of your question, it seems you are against such a thing.

Imagine if you were seeing a Psychologist and every member of the IT team in the doctors office sees all your deepest darkest secrets?

Developers normally work with dummied up or heavily redacted/masked data.  It's normal for NO production data to be on development systems.  Might even be law in some sectors/countries.

It is called Least Privilege:
https://en.wikipedia.org/wiki/Principle_of_least_privilege

If a support person needs to see my salary, they get permission, get access granted then access is revoked when the task is completed.
Top Expert 2016
Commented:
IT staff doesn't need the information. Only the data entry clerks need the information to enter it into the database. Developers can use phony information.

Author

Commented:
Thanx David, that's where we it now.

slightwv and David,
I started looking info on Least Privilege, and it's a lot (POLP, POMP and  POLA where what is recommended is POLP).   To my understanding as what is POLP, that is how the users are setup in the accounting system, but can I apply this to developers?

is it like what I said at my question:
"What we have come up with is using dumb data (not real data) for developers to create the applications.  We will use this data from creation up to validation stage.  In data import, the tech responsible has to see this data (so here must be some sort signed agreement) in the support stage since the tech has to see the problem, they have to see data but will not have a test environment with real data."
JavaScript Best Practices

Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.

mbkitmgrOwener
Commented:
You could try anomizing the data.  We had a small property database where we randomised certain details in a copy of the DB

Example: In the Surname field in the table we queried all the surnames, created a corresponding SurnameNNNNN for each unique surname saved it to the DB.

We did the same for DOB, street names, but kept a record of the changes so that when we performed the Due Diligience, we knew that "Surname001098" was "Smith","Surname001099" was "Smithe" and Streetname105 was say "King Street".

Keeping the record of changes allowed us to reverse the process for testing

Author

Commented:
Good idea will follow suit on it.

So POLP are just "principals" or "concepts" or "how-to's", there is no apps or tool one ca get?

Author

Commented:
To close this question, what kind person or company does this type of work?
Most Valuable Expert 2012
Distinguished Expert 2018

Commented:
>>So POLP are just "principals" or "concepts" or "how-to's", there is no apps or tool one ca get?
>>To close this question, what kind person or company does this type of work?

Sorry but I'm not sure I understand these questions.

Tools or apps to do what?
What type of work?
Éric MoreauSenior .Net Consultant
Top Expert 2016
Commented:
I have seen in one of my former contract that data was "obfuscated".

Somebody was restoring backups from the production environment to the dev environment when needed and then ran a script that would just update fields containing sensible information using random values. I don't know any tool that can do it because usually they can't find these fields. So it was just a long list of UPDATE statements.

Author

Commented:
Thank u, it's something related to what mbkitmgr indicated in his Entry - we started setting up scripts to test this.

By any chance, do u know of companies or sites specializing in Principle of Least Privilege (POLP)?
Most Valuable Expert 2012
Distinguished Expert 2018

Commented:
Don't know that POLP is something anyone can specialize in.  It is a core concept of overall InfoSec.  Any good security company should cover it.  There are many companies that specialize in information security and many levels.
btanExec Consultant
Distinguished Expert 2018
Commented:
POLP tends to means managing privileged user and making sure what they do and access are closely watched. Of course the access matrix which is the table that defines the permission, roles and resource,; that get enforced in the identity store. The latter is where the source trust on all ID are checked against.

Coming back, for developer machine, masked data can be used but then it is probably not going to help of they need all the data to test out their function and UAT. There is even ideas of time based data that will self delete upon expiry..not sure if that can be realistic. But I think there can be two area for consideration

1. "CCTV" the developer doing in the machine - this is user activity monitoring. There are solution that does recording in all the keystrokes and mouse around etc into the machine; yes you are thinking of spyware, close to that but in a transparent way telling developer they are being watched over. Act as deterrence as they will think again if they does any deviated action.

2. Tagged the data and able to trace back with beacons - I heard of watermark and honey token which in the assume breach mindset, if the data does leak out, it is traceable to say the developer is accountable due to all the footprint of activity consolidated. Even if they do get the data out of the issued developer machine, the data are marked. Measures to prevent leakage can go for the typical DLP in host and device restriction on use of portable device and access to network shares.

Just few cents if they make sense..

Author

Commented:
Thank u very much!  Great info!

Ok guys, I think I have enough to continue on this road, Thanx!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial