RE: data exchange between oracle and sqlserver
- From: "Goulet, Richard" <Richard.Goulet@xxxxxxxxxxx>
- To: "erenb@xxxxxxxxxxxxxxx" <erenb@xxxxxxxxxxxxxxx>, "joan.hsieh@xxxxxxxxx" <joan.hsieh@xxxxxxxxx>, oracle_l <oracle-l@xxxxxxxxxxxxx>
- Date: Thu, 2 Feb 2012 15:51:40 +0000
From my reading of this it appears that the PII is needed by the third parties
for their business purposes. That being the case an encryption/masking option
doesn't work very well when pulling the data unless you can undo it on the
other side. At the same time I agree with the developer that it should not be
laying around on a server or laptop where it is vulnerable to unauthorized
exploitation. And I assume that those files have to be somewhere where the
outside third party can access them. That gives you basically three options;
1) encrypt the files immediately after creation using a key that you can share
with the third party, 2) placing the files on a secured share and then transfer
them via https again using a cypher key, 3) creating the files then allowing
the third party to sftp the files to their site using a cypher key. We've used
approach 2 and 3 over here depending on the third parties choices and they
work very well. Course you should probably have some Unix based system experts
who can lock down the server in the DMZ as we have.
Richard Goulet
Senior Oracle DBA/Na Team Leader
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On
Behalf Of Eren Bayazitoglu
Sent: Wednesday, February 01, 2012 3:32 PM
To: Joan.Hsieh@xxxxxxxxx; oracle_l
Subject: RE: data exchange between oracle and sqlserver
Hello Joan,
We've come across with these type of sensitive information projects and have
helped many clients through our data masking technologies.
The way it works is that, the data is scanned to automatically discover and
categorize as sensitive (as per PCI, HIPAA, etc.) and mask (aka anonymize,
de-identify, etc.) so it's no longer sensitive, but realistic enough to run
accurate testing and QA.
Referential integrity is preserved throughout this process and it can be
configured so that each individual data is always masked to the same masked
data, over time and across multiple data bases, including Oracle and SQL.
Please feel free to download the Best Practices White Paper on
http://www.datamasking.com/resource-library/white-papers or let me know if you
have any questions.
Cheers!
Eren Bayaz
Data Security Consultant
Camouflage Software Inc.
www.datamasking.com
T: 709.722.1200 x214 F: 709.576.6775
Toll Free: 1.866.345.8888
66 Kenmount Road . St. John's . NL . Canada . A1B 3V7
Notice - This message and any attached files may contain information that is
confidential and/or subject of legal privilege intended only for use by the
intended recipient. If you are not the intended recipient or the person
responsible for delivering the message to the intended recipient, be advised
that you have received this message in error and that any dissemination,
copying or use of this message or attachment is strictly forbidden, as is the
disclosure of the information therein. If you have received this communication
in error, please notify the sender immediately and delete this communication
from your mail box.
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On
Behalf Of Hsieh, Joan
Sent: Wednesday, February 01, 2012 3:05 PM
To: oracle_l
Subject: data exchange between oracle and sqlserver
Hi list,
The following is the question from our developer who is looking for a solution
for the new system and business requirement. He proposed ODBC gateway, ETL
tools. I would greatly appreciated if you can provide any other ideas.
Thanks,
Joan
We are looking into integrating PeopleSoft Campus Solutions (aka PSCS and new
SIS) with various third parties. Some of these will be done using XML messages
over HTTP. Unfortunately we still have vendors who rely on files or table load
mechanisms only.
One of the critical integrations is between Financial Aid's PowerFAIDS (SQL
Server db) and PSCS. This software works only through inserting data into an
interface table or through file loads (which then load the same interface
table). All outbound interfaces are through queries which generate file
exports. We are trying to avoid the file exports.
We are trying to eliminate file base integration as it is insecure and requires
the use of shared drives. These files will contain legally protected Personal
Identifiable Information which should not be lying around on servers or
people's computers.
Business requirements require the exchange of information twice per business
day for some interfaces, or once per day for others (which is why I think the
ETL method would work adequately).
--
//www.freelists.org/webpage/oracle-l
--
//www.freelists.org/webpage/oracle-l
--
//www.freelists.org/webpage/oracle-l
Other related posts:
