Data Masking in S3

Sort:
You are not authorized to post a reply.
Author
Messages
AjaxSlax
Basic Member
Posts: 7
Basic Member
    We have a need to data mask any sort of data loads from our production environment to our test environments.  We are currently running Lawson Financials S3, Landmark Talent Management, Workbrain and LBI.

    Has anyone had any success data masking their S3, TM, Workbrain, or LBI environments and keeping them functional and synced between the systems?

    Thanks!
    Woozy
    Veteran Member
    Posts: 709
    Veteran Member
      We considered this early on and determined it would be extremely difficult or impossible to mask the data in our non-PROD environments, much to the chagrin of our data security team.

      The big question is, what exactly are you trying to mask? You say "any sort of data loads", but do you really mean that or are you talking personally identifiable information? Positions? Locations? Org Units? Performance Reviews? Also, how "masked" do you want it. Would all the key fields match prod (i.e EmployeeID, PositionID, OrgUnitID) but just change the associated name, address, phone, email?

      Although this may be possible in S3, it would be almost impossible in TM because of the audit log (i.e. empoyee history) functionality, and it would be complicated in S3 for similar reasons (history tables). If you didn't need the audit log information, then you could probably wipe it after the data refresh, but this would cause your dev system to be significantly (hugely) different from a testing and validation perspective. It would be somewhat more secure, but mostly useless for any sort of regression testing.

      I'd love to be proven wrong by anyone else out there has been able to make this happen.

      Kelly
      Kelly Meade
      J. R. Simplot Company
      Boise, ID
      Woozy
      Veteran Member
      Posts: 709
      Veteran Member
        By the way, we use S3 Payroll/Benefits/GLSubset; TM HR, Comp, TalentAck, Performance; and LBI. We don't use WorkBrain.

        LBI would just pull data from the other systems, so it is a non-issue.
        Kelly Meade
        J. R. Simplot Company
        Boise, ID
        AjaxSlax
        Basic Member
        Posts: 7
        Basic Member
          Thanks Woozy.
          Yes, I was referring to personally identifiable information.
          I believe the key fields (ID's) could remain relatively intact, though there's been talk that some of that needs to change as well.

          I've seen some products out there that claim to mask Lawson information, (DMSuite I believe was one of them).

          We're using S3 for pretty much all financials, including external vendors and clients and claimants.

          I know with regards to TM, during the data copy, each database is encrypted, with each environment requiring it's our decryption key. Though as I've been told, depending on how many Landmark tools you use, the amount actually encrypted can vary.

          Our LBI also has it's own database, though I'm pretty sure it's just primarily for things like SmartNotes and the like, keeping configuration. Perhaps some of the names of the smart notes contain sensitive information.


          You are not authorized to post a reply.