动态数据脱敏

       帕拉迪动态数据脱敏（DDM），是具备高性能和高扩展性的动态数据屏蔽和脱敏解决方案，具备全透明的、实时的敏感数据脱敏能力，能动态地对生产数据库返回的数据进行差异化地屏蔽、加密、隐藏和审计，确保不同权限的人员能够差异化地访问生产环境的敏感数据。在应用侧，支持透明串联的部署模式与三层BYPASS技术，防止链路的单点故障，保障客户业务的连续性。    帕拉迪动态数据脱敏方案，广泛适用于医疗、政府、金融、保险、教育等行业，同时满足国家相关法规政策与行业要求。一、产品优势数据库权限治理        权限控制策略不需要在数据库服务器安装任何agent代理程序，通过数据库特权账号，获取数据库表结构，实现数据库账号到数据库表级的“增、删、改、查”权限治理。 丰富的内置脱敏算法        内置多种主流脱敏算法，能屏蔽敏感字段并生成真实且具有完全功能的数据，包括但不限于：字符掩盖、取证脱敏、关键字替换、删除脱敏、AES脱敏、SHA脱敏等，并能使用根据各种约束条件随机生成的值替换敏感字段实现随机脱敏。自定义脱敏算法        DDM为用户提供的自定义算法功能具有高灵活性，既可复制现有脱敏算法进行修改，也可以编写全新的脱敏算法。用户可根据自身的数据特征或政策合规、应用系统等需要，自定义脱敏算法。应用业务数据脱敏        针对业务访问脱敏，DDM通过透明串联的部署模式，能直接针对业务系统访问生产数据库中的敏感数据进行差异化地屏蔽、加密、隐藏和审计，无需改变中间件和客户端配置，并保障业务的连续性。数据脱敏行为审计        DDM支持脱敏行为审计，能够审计到SQL语句（脱敏前）、访问来源信息、SQL语句信息以及受影响对象，并提供详细的语句详情页面。实时的高危操作防护        DDM内置行为防火墙功能模块，可以管控DBA等运维人员的SQL语句操作行为，实现基于自然人、数据库、数据库表、字段、高危SQL语句、where条件查询的权限策略，降低数据库操作安全风险。精准的数据访问识别        DDM依托全面、精准的SQL协议解析，能够精准地识别用户通过运维工具或者应用系统的敏感数据访问行为，不会在复杂场景下，遗漏对敏感对象的精准识别和安全控制。二、客户收益1.数据安全防护：有效保护敏感数据的安全，通过对数据进行脱敏，有效降低数据泄露的风险，提高数据的保密性和隐私性；2.合规性遵从：很多行业和地区都有相应的数据保护法规和合规要求，使用DDM可以确保企业符合相关法规和规定，避免可能的处罚；3.保障业务连续性：基于透明串联和三层BYPASS技术，在实现核心数据精确脱敏的同时，保障业务的连续性；4.降低成本：使用DDM可以减少数据复制和管理的成本。由于脱敏后的数据可以在生产环境中使用，不再需要复制和管理生产环境的数据，避免了数据冗余和额外的存储成本。

Paladi Dynamic Data Masking (DDM) is a high-performance, highly scalable dynamic data masking and desensitization solution with fully transparent and real-time sensitive data desensitization capabilities. It can dynamically mask, encrypt, hide and audit the data returned by production databases in a differentiated manner, ensuring that personnel with different permissions can access sensitive data in the production environment in a differentiated way. On the application side, it supports transparent tandem deployment mode and three-layer BYPASS technology to prevent single-point failures of links and ensure the continuity of customer services. The Paladi Dynamic Data Masking solution is widely applicable to industries such as healthcare, government, finance, insurance, education and other sectors, and complies with relevant national regulations, policies and industry requirements. I. Product Advantages 1. Database Permission Governance Permission control policies do not require installing any agent programs on the database server. It obtains the database table structure through database privileged accounts, and realizes permission governance of "create, delete, update, query" for database accounts down to the database table level. 2. Rich Built-in Desensitization Algorithms It is equipped with multiple mainstream desensitization algorithms, which can mask sensitive fields and generate real and fully functional data, including but not limited to: character masking, forensic desensitization, keyword replacement, deletion desensitization, AES desensitization, SHA desensitization and others. It can also replace sensitive fields with randomly generated values according to various constraint conditions to achieve random desensitization. 3. Custom Desensitization Algorithms DDM provides users with highly flexible custom algorithm functions, which can either copy and modify existing desensitization algorithms or write brand-new desensitization algorithms. Users can customize desensitization algorithms according to their own data characteristics, policy compliance requirements, application systems and other needs. 4. Application Business Data Desensitization For business access desensitization, DDM adopts a transparent tandem deployment mode, which can directly perform differentiated masking, encryption, hiding and auditing on sensitive data accessed by business systems from production databases, without changing the configuration of middleware and client terminals, and ensures business continuity. 5. Data Desensitization Behavior Audit DDM supports desensitization behavior audit, which can audit SQL statements (before desensitization), access source information, SQL statement details and affected objects, and provide detailed statement information pages. 6. Real-time High-risk Operation Protection DDM is equipped with a built-in behavior firewall function module, which can manage the SQL statement operation behaviors of operation and maintenance personnel such as DBAs, realize permission policies based on natural persons, databases, database tables, fields, high-risk SQL statements and WHERE condition queries, and reduce the security risks of database operations. 7. Accurate Data Access Identification Relying on comprehensive and accurate SQL protocol analysis, DDM can accurately identify sensitive data access behaviors of users through operation and maintenance tools or application systems, and will not miss accurate identification and security control of sensitive objects in complex scenarios. II. Customer Benefits 1. Data Security Protection: Effectively protect the security of sensitive data, reduce the risk of data leakage by desensitizing the data, and improve the confidentiality and privacy of the data; 2. Regulatory Compliance: Many industries and regions have corresponding data protection regulations and compliance requirements, and using DDM can ensure that enterprises comply with relevant laws and regulations and avoid possible penalties; 3. Ensure Business Continuity: Based on the transparent tandem and three-layer BYPASS technology, while realizing precise desensitization of core data, it ensures the continuity of business; 4. Reduce Costs: Using DDM can reduce the cost of data replication and management. Since desensitized data can be used in the production environment, there is no need to replicate and manage production environment data, thus avoiding data redundancy and additional storage costs.