The implementation phase of a management system deployment is a complex process where instances of testing and training occur. During these stages, there’s personnel interacting with sensitive data, some of whom might not be security cleared to operate with it. For this reason, it is considered to be the riskiest phase of the deployment chain. In this situation the subject of this article, data scrambling, proves worthy.

What is Data Scrambling?
Data Scrambling is a procedure that allows us to obfuscate or remove sensitive data from a certain source, for example a database, vía an irreversible randomization process, which makes it impossible to derive the original data from the scrambled results. The outcome of this is what is called data anonymization.

When in an ERP or management system, this process allows us to create a “clone” of the data that has a series of alterations which protect the confidentiality of the information, but keep the overall structure of it, allowing for a testing workflow that shares a logic with the process of the real data in the production environment.

The complexity of this procedure resides in that the data must remain meaningful, it has to serve the purpose of testing and thus can’t be fully randomized; some fields such as social security numbers, postal codes, or credit card numbers, must pass the format validation checks in order for the system to operate without errors.

Workday Data Scrambler
Data Scrambler, introduced in WD33, allows us to scramble data in the context of an implementation tenant. By doing this we can get into testing or training situations without ever compromising employees information.
It is important to notice that, as of today, this feature can only be used in implementation tenants.
Currently it supports the scrambling of over 60 fields, with many more in queue to be added in future releases.
Workday warns that the tool has the ability to permanently and irreversibly replace certain field values, but not necessarily all personal information, so its usage should be accompanied by a thorough inspection of the results to make sure that they are as desired.
One example of this could be that, when scrambling the worker name field, mentions made as plain text in the comments section won’t be affected.

How Data Scrambler operates
The appearance of data after having been scrambled depends on the field selected as well as the scrambling method.

  • In the case of the First name, for example, the method available will replace the name with a string of random consonant-vowels.
  • Other fields that require a certain format to be kept, such as IDs and postal codes, have more complex rules for achieving meaningful scrambled data.
  • The overall structure of organizational data stays the same, including the organizational chart.

Using Data Scrambler

The first necessary step is signing the Data Scrambler authorization form, which can be found on community.
Steps for carrying out a successful data scrambling process:

  1. Configure Scramble Administration domain. Workday recommends that it should be assigned to someone with the Security Administrator role.
  2. Create scramble plan: during this step one chooses what data to scramble and in which way. Some fields have more than one method or even configuration settings.
  3. Generate data scramble values.
  4. Start data scramble to replace values with scrambled values.
  5. View and carefully evaluate results to make sure they fit our needs.

The overall procedure duration varies depending on the amount of data to be scrambled. Early adopters of the tool reported from 4 to 10 hours to finish the scramble plan. Workday aims for the goal of 24 hours or less to scramble a whole tenant.

At BNB, our clients’ security and confidentiality have always been number one priority
It is our job to keep clients up to date with the latest features and services. That’s why we are offering Data Scrambler at the implementation phase, which gives you an extra layer of security through data anonymization.
Do not hesitate to contact us.

 

Stefano Di Domenico