Tokenizing Sensitive Information - PII Protection

The only way to protect sensitive information is to remove the sensitive values everywhere they are not absolutely needed. Data designers can remove the fields completely or change the field values so that they are useless in the case of data theft. Data tokenization and Data encryption are two possible solutions to this issue. Both approaches must be implemented in a way that they return the same non-PII value for a given PII value every time they are invoked.
We're going to talk about tokenization here. Tokenized field values must be changed in a repeatable way so that the attributes still be useful for joining data in queries or reports. This means every data set with the same value for the same PII field will have the same replaced value.  This lets us retain the ability to join across datasets or tables using sensitive data fields. 
Every PII field has a typecode or a key.  That type is used whenever any value for that field is tokenized or detokenized.  This means you have to create a data dictionary containing all the PII fields that can be tokenized.  Applications must use that key whenever they protect a PII field of that type.

Let's talk about tokenizing sensitive information in data stores.  

Tokenization Algorithm

All PII attributes must be identified so that token tables can be added to the token/value store for those attributes. All values in fields flagged as PII are tokenized. 

We tokenize sensitive information by replacing that information with a value that acts pointer/key to a value in a secure data store. Each PII field has its own token table. Each PII attribute is given a name.  That attribute name is used as the token table name wherever that PII attribute exists. 
  1. Create a categorization for each identified PII field.
  2. Pass PII values and their field names to the tokenization service.
  3. The tokenizer saves the PII in its data store
  4. The tokenizer generates a token or returns an existing token if that value already was saved for that field.
  5. The requesting process replaces the PII value with that token and persists it to the local data store if required.
Every value in a PII column is tokenized. Every value in a PII attribute field is tokenized. 

Data Governance

PII and other sensitive information should/must be flagged in the metadata catalog in order to determine which fields need to be tokenized.  Hopefully, organizations are already doing this so they know how to implement PII and non-PII access controls for sensitive information.

Tokenization for Lake Ingestion

Tokenization is implemented as an API that can be called part of batch processes, streaming processes, or applications.  This process flow shows an environment where there is a standard Data Lake ingestion mechanism that tokenizes flagged PII fields.  An organization could take a different approach where data is tokenized at the source prior to submission to big data stores.

Tokenization happens prior to lake ingestion. 
Tokenization happens prior to storage in operational stores.
Cross-application APIs may use the tokenized values by contract.

Video



Revision History

Created 2020 07 14
Updated 2023 03 14 - Happy Pi Day

Comments

Post a Comment

Popular posts from this blog

Installing the RNDIS driver on Windows 11 to use USB Raspberry Pi as network attached

Image
I do a lot of my development and configuration via ssh into my Raspberry Pi Zero over the RNDIS connection. Some models of the Raspberry PIs can be configured with  gadget drivers  that let the Raspberry pi emulate different devices when plugged into computers via USB. My favorite gadget  is the network profile that makes a Raspberry Pi look like an RNDIS-attached network device.  All types of network services travel over an RNDIS device without knowing it is a USB hardware connection. A Raspberry Pi shows up as a Remote NDIS (RNDIS) device when you plug the Pi into a PC or Mac via a USB cable. The gadget  in the Windows Device Manager picture shows this RNDIS Gadget connectivity between a Windows machine and a Raspberry Pi. The Problem Windows 11 and Windows 10 no longer auto-installs the RNDIS driver that makes magic happen. Windows recognizes that the Raspberry Pi is some type of generic USB COM device. Manually running W indows Update  or  Upd...
Read more

Understanding your WSL2 RAM and swap - Changing the default 50%-25%

Image
The Windows Subsystem for Linux operates as a virtual machine that can dynamically grow the amount of RAM to a maximum set at startup time.  Microsoft sets a default maximum RAM available to 50% of the physical memory and a swap-space that is 1/4 of the maximum WSL RAM.  You can scale those numbers up or down to allocate more or less RAM to the Linux instance. The first drawing shows the default WSL memory and swap space sizing. The images below show a developer machine that is running a dev environment in WSL2 and Docker Desktop.  Docker Desktop has two of its own WSL modules that need to be accounted for.  You can see that the memory would actually be oversubscribed, 3 x 50% if every VM used its maximum memory.  The actual amount of memory used is significantly smaller allowing every piece to fit. Click to Enlarge The second drawing shows the memory allocation on my 64GB laptop. WSL Linux defaul...
Read more

Almost PaaS Document Parsing with Tika and AWS Elastic Beanstalk

Image
The Apache Tika project provides a  library capable of parsing and extracting data and meta data from over 1000 file types.  Tika is available as a single jar file that can be included inside applications or as a deployable jar file that runs Tika as a standalone service. This blog describes deploying the Tika jar as an auto-scale service in Amazon AWS Elastic Beanstalk.  I selected Elastic Beanstalk because it supports jar based deployments without any real Infrastructure configuration. Elastic Beanstalk auto-scale should take care of scaling up and down for for the number of requests you get. Tika parses documents and extracts their text completely in memory. Tika was deployed for this blog using EC2 t2.micro instances available in the AWS free tier. t2.micro VMs are 1GB which means that you are restricted in document complexity and size. You would size your instances appropriately for your largest documents.   Preconditions An AWS account. AWS ac...
Read more