Data Masking

MadhusudanAthin · ‎30-03-17

How to mask sensitive data in Blue Prism?. The PCI DSS compliance document says, we can mask the sensitive data, but how can we mask?

Denis__Dennehy · ‎31-03-17

Within object studio, any sensitive data should be stored as password data items. Any Application Modeller elements will be used to read or write data should have their data types changed from text to password. Encryption should be turned on for your Work Queue - so any sensitive data held in the request cannot be retreived outside of a runtime production session No client or sensitive data should ever be stored in the session log, loggin should be turned off for any process steps that might include the use of such data. All of the above steps, and any other similar steps that are stipulated in your Security Policy (which you should have as part of your internal Robotic Operating Model) - should be checked as part of your UAT sign off, and your solution should also be periodically audited to ensure adherence.

MadhusudanAthin · ‎03-04-17

Thanks Denis. I would like to mask the data . for example, account number 123 456 789 should mask as XXX XXXX 789. Is this possible in Blue Prism and how to implement this?

Denis__Dennehy · ‎03-04-17

As per my previous response. You would store the data within a Blue Prism work queue with the encryption option turned on. You would store any sensitive data within a Password Data item. The data will not be masked by any system the data is entered into as that is governed by how the elements within the system itself works. I would question the need to mask account numbers - as for support that is a useful customer identifyer to search logs with and provides an audit trail with Blue Prism of what actions have been taken for that client. Maybe discuss your security requirements in more detail with your Blue Prism DEM or Trusted Advisor.

SS&C Blue Prism Community

Data Masking