September 10, 2009, Updated September 13, 2012

By tinkering with the screen display rather than the file, IBM Israel’s new data masking technology lets companies keep confidential data concealed, even from their own workers.

The problem with security is that it isn’t always so secure, admits Chani Sacharen, of IBM Research in Haifa, Israel. While most of us worry about hackers, simple data workers and customer service agents are often the biggest threat.

As they access a customer’s account to do their jobs, they are also privy to confidential information ranging from credit card and bank account details to passwords.
Now IBM’s Israeli research lab has come up with an innovative approach that could help keep prying eyes off your data.

Called Magen (Masking Gateway for Enterprises), and the Hebrew word for “shield”, the patented data masking technology ensures that the information you want to keep secure never even shows up on the screens of unauthorized personnel.

Hiding data pixel by pixel

“Instead of tinkering with the file, we tinker with its display,” Sacharen, IBM Israel’s spokesperson, tells ISRAEL21c. “Using our masking technology, information we don’t want to distribute gets blanked out on the screen.”

The Magen system is ideal, says Sacharen, because it allows companies to hide data on the screen, pixel for pixel, without extensive programming. It’s an add-on that can work with any application.

Haim Nelken, manager for Integration Technologies at IBM Haifa describes it as an “agnostic,” meaning that it isn’t dependent on any internal data criteria, application or operating system.

Instead, the customers decide which fields in which application displays they want to hide, based on the structure of the record on the screen.

Today, most companies rely on a time-consuming process in which programmers comb through the database and install sophisticated security routines tailored to the specific applications.

Choosing what you want to mask

This often involves creating multiple copies of the databases, which is very inefficient, not to mention expensive. In the end, many companies just leave all the information on-screen and hope for the best.

“Magen uses a list of rules to blank out certain pieces of data that are defined as sensitive,” says Sacharen. “What’s great about the system is that it’s so flexible. The customers can choose what they want to mask and even how certain pieces of data should be masked. So maybe as a call agent I will have a blanked out maiden name and social security number, but my shift manager would be able to see the social security number.

“This flexibility makes it easy to update the system when there are new processes introduced in the company or even new government regulations that must be addressed with regards to privacy compliance,” she says.

It’s an alternative to the usual methods of data protection, adds Nelken. “Magen’s screen masking approach eliminates the need to painstakingly tailor ‘data masking’ solutions to specific environments. The bottom line is simpler database security, and reduced costs for protecting sensitive data,” he says.

Greater security, peace of mind

IBM Research in Haifa developed Magen over the past several years. The team is now collecting use cases and responses both inside and outside IBM to determine the optimal strategies to use to offer the system to potential customers.

“Our researchers come up with innovative solutions and smarter ways to solve today’s challenges, while the business models for these technologies are decided within the global IBM corporation,” Sacharen explains, adding that there are tens of thousands of companies that can benefit from the Magen technology.

“Many companies have legacy applications that are full of data. The applications work – have worked for decades, in many cases – and they are not interested in tinkering with them in any way,” Nelken says, meaning that they aren’t prepared to install costly new security routines, despite the obvious need for more security these days.

But with Magen, they don’t have to. “Many of IBM’s customers have expressed a need for a solution like this, and we hope that Magen will eventually bring greater security and peace of mind to many businesses,” Nelken concludes.

More on Innovation