Data democratization has enabled organizations to break down the silos that prevented users from accessing the data they need to analyze to deliver business value, and collaborate with other teams. However, data security still needs to be enforced to limit access to sensitive or personal information.
With Data360 Analyze a privileged user can encrypt the contents of selected data fields to create a data set that can be shared with other Analyze users. These users can leverage the self-service capabilities of Analyze to collaborate and analyze the data without compromising data security.
In the following example data flow, order data is being combined with customer data and product data for analysis by other team members. The Encrypt Fields node is used to encrypt the sensitive data.
The customer data comprises an ID field and three fields that contain the customer name information which need to be encrypted.
The Encrypt Fields node supports AES 256 and Triple DES encryption algorithms. You can specify the fields to be included and/or excluded from the encryption process. The node is configured to encrypt Null values to maximize security of the encrypted data. A user-specified password is used to encrypt the data and the node is configured to use the default option to 'salt' the password. If subsequent analyses require the ability to join data using encrypted fields, the SaltPassword property can be set to 'False' - meaning a particular clear-text string would always be mapped to the same encrypted string value. This increases flexibility of use of the data but marginally reduces the security of the data.
When the node is run, the appropriate fields are encrypted.
As the node supports encryption of the data rather than obfuscation or masking, the data can be decrypted by an authorized user who has access to the password used to encrypt the fields.
When the customer data has been combined with the order and product information, the data set can be exported as a .brd file that can be shared with other Analyze users - who can import the data from the.brd file and analyze the other fields, as required.
Following the analysis, a privileged user can use the Decrypt Fields to restore the encrypted fields to clear-text.