Copyright © 2021 SPEX Yazılım ve Siber Güvenlik Hizmetleri A.Ş.

Data Discovery Masking and Encryption within the Scope of KVKK

admin • 27 Kasım 2021

As the developments in informatics increased and we adapted to this process, documents and databases began to pile up. In order to prevent this pile, it is necessary to periodically explore and classify the data within the institution. First of all, it should be determined in which databases or in which office documents the personal data is located, that those that are not needed should be deleted, and anonymization work should be carried out for those that cannot be deleted. In this way, awareness of personal data will be gained. This is also necessary to prevent data leaks.

What is data discovery?

Data discovery begins with monitoring databases and determining which column and table contains which data. It is necessary to apply the necessary security steps to the found data, masking, or encryption. Afterwards, it should be prevented that even DB administrators access the data. In addition, it should be ensured that the databases of the companies are not left to a single DB admin and that all queries performed by the database should be monitored. In this way, after a data breach, it should be ensured that the information of who accessed where, when, with which username, from which IP, and from which computer should be kept and ensured that the person can be easily identified after any leak.

What is Data Encryption?

Open Data and Encrypted Data

Open data is the name given to the data that is transferred without encryption during data transfer. If such data is sent over a poorly configured network, an attacker can easily obtain this data. At the same time, the server where this data is located carries great risk in any attack when the data in the database is not encrypted. Therefore, these data should be secured with certain encryption algorithms such as (AES, RSA, DES, etc.).

Symmetric and Asymmetric Encryption

Symmetric encryption is encryption that turns encrypted data into open data with a single key. Asymmetric encryption is two-key encryption. The second key prevents the decryption of encrypted data.

Managing Key Separately from Password

Keeping the key that will turn the encrypted data into open data in the same database as the data, sharing it with third parties is to make the passwords open, in a way. Therefore, it is necessary to manage the key separately from the password.

Data Masking

Data masking is the anonymization of personal data by means of partial or complete deletion, starring, or drawing so that it is not associated with individuals. Since data masking does not leave personal data in databases and documents, it prevents data leaks.

To mask data:

  • Masking can be done with the printing method. In this method, characters containing personal data are stored by replacing them with a fixed character or text.
  • Masking can be done by the generalization method. In this method, data is recorded by taking certain intervals.
  • Masking can also be done by encrypting the data. It provides more secure storage of encrypted data using either symmetric or asymmetric encryption.
Go Back to Blog
Make Comment

Related Posts
What Does Cybersecurity Training Do? - Spex

What Does Cybersecurity Training Do?

Devamını Oku
How Much Salary Does a Cybersecurity Specialist Get? - Spex

How Much Salary Does a Cybersecurity Specialist Get?

Devamını Oku
What is a Certificate of Cybersecurity? - Spex

What is a Certificate of Cybersecurity?

Devamını Oku