October 29, 2015 By Steve Tallant 2 min read

Those of us involved in information technology have traditionally used the label legacy for applications running on the mainframe accessed via green screens. Many of us can remember the struggles of getting these legacy Web applications upgraded so that desktops and laptops could easily be used. Then we went through a huge shift to develop and deploy applications that could be accessed via a browser on the Internet — the ultimate in thin client experience and portability optimization.

Legacy Apps Aren’t Going Anywhere

Well, many of those Web applications are still around and used within enterprises, and given their age, they can easily now be considered legacy. They’ve endured the test of time and are functional but probably haven’t been upgraded in a while and the personnel who initially developed them may have moved on, as well.

These legacy Web applications were also developed before many of today’s strict privacy rules and regulations were introduced. They may present to users information that they really should not have access to, such as payment card information (PCI), personal health information (PHI), personally identifiable information (PII) and other individual or proprietary corporate information.

I was recently talking with a company that had put together a portal many years ago that drew information from a couple disparate systems for presentation to customer-facing personnel. Though this certainly helped the agents by providing information at their fingertips, it pulled all the customers’ data, including items like their full Social Security number. In their usage, the agents never really need to see the full value; they really only needed the last four digits of that number for validation. Providing that extra information only created risk and the potential for theft.

How Dynamic Data Masking Can Help

This is where introducing dynamic data masking functionality can help provide necessary data privacy protection and extend the life of these legacy applications. A dynamic data masking appliance can integrate with the Web server stack to identify sensitive data elements and decide how to present them back to the end user.

Based on rules, users can be individually identified or put into classifications for the purposes of rules applicability. Then, based on the data element and the appropriate rule applied, sensitive data can be completely or partially masked. This fine level of granularity can provide flexibility in applying the right level of masking while still delivering the content users need.

The bottom line is for organizations to think about these legacy Web applications and evaluate whether there are data privacy gaps in what information is presented back to users. If that’s the case, dynamic data masking could be the ideal solution.

Download the 2015 Gartner Magic Quadrant for Application Security Testing report

More from Application Security

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Audio-jacking: Using generative AI to distort live audio transactions

7 min read - The rise of generative AI, including text-to-image, text-to-speech and large language models (LLMs), has significantly changed our work and personal lives. While these advancements offer many benefits, they have also presented new challenges and risks. Specifically, there has been an increase in threat actors who attempt to exploit large language models to create phishing emails and use generative AI, like fake voices, to scam people. We recently published research showcasing how adversaries could hypnotize LLMs to serve nefarious purposes simply…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today