HUSH HUSH MASKING SSIS COMPONENTS MANUAL
Hush Hush is a collection of SSIS data flow transfo rmation components that encapsulate entities and their rules of generation, with the exception b eing Generic Alpha Numeric component. The components expect string type data on input and provide string type data on output.
HUSH HUSH MASKING SSIS COMPONENTS MANUAL Hush Hush is a collection of SSIS data flow transfo rmation components that encapsulate entities and their rules of generation, with the exception b eing Generic Alpha Numeric component. The components expect string type data on input and provide string type data on output. Every component allows for one field only on input. It creates another field that has the masked value in it. The name of the new column is a concat enation of the word “Masked”, underscore and input field’s name.
Each component is strongly typed. It expects specif ic types of data. Upon input, it will confirm data type and rules of formation. Without this info rmation, the component will fail. Three types error handling allow for “fail component”, “redirec t row”, and “ignore failure”.
Components employ two major algorithms. One allows
for the random substitution of values.
The other utilizes proprietary encryption–like algo
rithms. Both components use entity type in a
title. The later ones have the word “Dynamic” in th
Random components replace data in a truly random fa shion. Values don’t’ get bound to original values; they can also repeat. The randomness introd uces the danger of inconsistency among the masked data comparing to original. In order to main tain referential integrity and -when necessary -uniqueness as it is often a case with SSN or credi t card numbers, one has to create additional structures, so-called mapping tables. One has to in sure that corresponding values are mapped into the table without duplication. There are sever al ways to achieve this, methods include using distinct clauses at the source, the use of unique i ndexes and simply by looking up components of SSIS.
Dynamic components retain referential integrity wit hout any additional structures. However, by the nature of encryption, there is a possibility of decryption by unauthorized parties. Therefore, the decision is up to the practitioner on whether t o use the “Dynamic” or the “Random”component. Some of the components (with a l esser security threat) at this time only provide the encrypted algorithm. Newer versions wil l have random algorithms for entities as well.
Only Social Security Numbers, Credit Card numbers, US Phone numbers, and Phone Numbers guarantee that unique data sets will map to a corre sponding, unique data set. Names, Address elements, components, URLs, Dates of Birth and Zip Codes do not guarantee unique data set on output but provide sufficient amounts of output val ues to test upon for various KPIs.