Video
Overview: Delphix Masking for GDPR
Meeting GDPR and other data privacy regulations is essential. The Perforce Delphix platform automates data masking, delivering secure, compliant, and realistic test data for development and testing — without exposing sensitive information.
This video demonstrates how Delphix profiles production data, applies advanced algorithms to mask sensitive values, and maintains referential integrity. Teams get on-demand access to secure, virtualized data copies, reducing risk and streamlining workflows.
Key highlights include:
- Automated Sensitive Data Discovery: Instantly find and classify sensitive information across databases and files.
- Advanced Masking Algorithms: Replace sensitive data with realistic, functional values while preserving data relationships.
- Continuous Compliance: Meet GDPR, HIPAA, PCI DSS, and other regulatory requirements.
- Comprehensive Auditability: Easily generate logs and compliance reports for governance teams.
Delphix masks data prior to leaving production, strengthening security and giving development teams the high-quality data needed to accelerate delivery.
Get a Custom GDPR Masking Demo
Reduce data risk and boost agility. Request a no-pressure Delphix demo today.
Full Transcript
Hi there, I'm Grant Ward. I'm a principal Sales Engineer with Perforce Delphix. I've spent many years helping customers solve complex data use cases. Today, we are specifically going to look at how data regulations, specifically GDPR, affect me, and how we ensure that the data we're providing to developers and testers is made compliant.
Please do not forget to check out additional videos released by the Perforce Delphix team highlighting other use cases that the Delphix platform can provide.
How does Delphix work? Delphix ingests data from any source. These sources are typically production environments.
Delphix then profiles this data for any sensitive values and masks those sensitive values with realistic data that contains referential integrity.
Delphix can then virtualize your data, giving you an unlimited number of copies that are available in a test data library.
These can then be accessed by your data consumers via self-service.
Delphix also has an intelligent API integration layer that allows you to automate within any of your existing data pipelines.
Global enterprises that manage data that includes personal information of EU residents must comply with GDPR.
Delphix's data masking solution provides an automated, robust approach to safeguarding sensitive information. This also applies to other regulations like PCI DSS, HIPAA, DORA, and the EU AI Act, to name a few. We've also seen a 75% increase in sensitive information in lower environments in the last year alone.
Delphix helps you by profiling your production environments to find where sensitive data is located. It looks at both metadata and data to find patterns that match that sensitivity.
Once profiling is completed, Delphix masking algorithms will mask data, keeping it realistic and maintaining referential integrity between the datasets managed under the Delphix platform.
Delphix further enhances security through its deployment model. In this diagram, you can see two Delphix engines deployed: one in production and one in non-production.
Leveraging Delphix's replication protocol, we can mask data in production and move it to the non-production engine where all virtual database copies are created from.
Let's take a deep dive into masking and look at a demonstration of how this works in practice.
Let's start with data insights. Within the Delphix Data Control Tower, we provide you with a "Data at Risk" report.
This gives you an overall view of your entire data landscape: what data types we're working with, whether they are databases or files, whether the environment has been profiled, whether it contains sensitive information, and whether masking has been applied. This provides an overall scoring report of all your data connections at risk within your environment.
It is very important to provide this sort of information to your governance and InfoSec teams.
Now, switching over to the Delphix masking engine itself. This environment is controlled through role-based access control, and you can control what users are allowed to do within the masking environment.
Once I log into the masking environment, I'm provided with the opportunity to work with profile sets. You'll see Delphix has already configured a number of profile sets for you out-of-the-box, including GDPR, which is what we are talking about here today. This allows you to group the classifications related to data that you want to manage under GDPR regulations.
We also provide our automatic sensitive data discovery standard out-of-the-box.
For profiling, Delphix leverages classifiers. Out-of-the-box, we provide you with standard classifiers for all types of data you can imagine, from names, surnames, addresses, and ages, to dates of birth, international bank accounts, etc.
You can also add your own classifiers for specific data types that are applicable only to your organization, for example, customer IDs.
The classifiers use a framework where you can identify what sort of data is sensitive by looking at the metadata in the database.
You can look at the data types across tables and columns. We can also go as far as profiling the data — the rows of data in the database itself — to infer what would be sensitive according to certain pattern-matching criteria.
Once these classifiers have been selected, they will automatically determine the domain where the sensitive data resides, whether it is an account number, a name, or a surname.
Delphix provides you with a multitude of out-of-the-box algorithms. As you can see while I'm scrolling here, many are available to you.
It is also very easy to add your own algorithms.
Within the algorithm, we leverage a framework that allows you to manipulate the data's output into any form you need.
We also provide an extended algorithm framework that allows you to develop your own custom algorithms using the Delphix SDK.
Finally, and quite importantly, everything in the Delphix masking environment is monitored and logged.
You get information on job executions, what data has been profiled, and what data is sensitive and non-sensitive.
All the outputs from the various masking jobs are also available to send to your internal governance and InfoSec teams that need to monitor compliance against those regulations.
I hope you enjoyed that. Please reach out to us if you have data or compliance challenges that you would like to discuss, and we can show you how we can deliver a return on investment in six months.
Thank you for your time today.