1. Field of the Invention
Embodiments of the disclosure relate in general to the field of computers and similar technologies, and in particular to software utilized in this field. Still more particularly, it relates to providing policy-controlled distribution of data.
2. Description of the Related Art
In recent years, companies have become increasingly concerned not only about the security of their information, but also how it is used and to where it goes. As a result, a wide variety of security mechanisms have been implemented to not only authenticate users and information-consuming applications, but to also control how they access the information as well. In particular, these companies are concerned about maintaining the integrity of key business data related to their customers, partners, employees, products, suppliers, resources, etc. This information, often referred to as master data, is commonly used to support transactional and operational processes as well as analytics and reporting. Master data is generally centralized, but there are times when it is copied to other repositories (e.g., to a warehouse for analytics, for a legacy application that can only use its own database, or something outside of the enterprise that doesn't have direct access to the meta data).
Companies are also concerned about the internal and external release of personally-identifiable information (PII), which refers to information that can be used to uniquely identify or trace an individual's identity. Examples of PII include an individual's name, social security number, biometric records, etc., which may be used alone, or in combination with other personal or identifying information such as date and place of birth or mother's maiden name. Depending on their intended use, many companies are requiring that certain PII data elements be masked or transformed. As an example, the first twelve digits of an individual's credit card number may be replaced with an ‘X’ in a promotional mailer. As another example, the letters of a person's first and last name may be transformed (e.g., ‘Joe Smith’ for ‘Tom Jones’), yet their physical address remain unchanged (e.g., ‘111 State Street) when used for testing a mailing list application.
As a result, companies are beginning to implement data release policies to ensure that users and applications can only access information to which they are entitled or authorized. However, such policies often lack flexibility, which may unnecessarily restrict legitimate access to information. In other cases, data release policies lack scalability, which may limit the ability to apply policies tailored to the individual needs of a wide spectrum of information consumers. Furthermore, current approaches to data release policies are often difficult to enforce once the data has been released. As an example, an application that provides master data may share a common data release policy enforcement mechanism with an application that consumes it. If this is the case, then a data release policy associated with the master data can be enforced. However, if that is not the case, or if the master data consuming application is associated with no data release policy enforcement mechanism whatsoever, then the enforcement of the data release policy becomes more problematic or impossible. In view of the foregoing, there is a need for flexible, scalable, and enforceable release policies for the release of information based not solely on the information itself, but rather with agreements with respect to consumers of the data.