Structure Management enables you to perform masking/encryption of both structured and unstructured data, which auto-discovers sensitive information, in addition, for users who already know what needs to be protected in structured and unstructured files. Structures can be defined and mapped to directories/databases for protection tasks to quickly run over. These structures are attached to locations that already have a domain.
The Structure Management screen can be accessed via the navigation panel as shown below.
The Structure Management screen is divided into two panels. The top panel displays the list of all the structures defined. The bottom panel displays the list of all the column names selected for encryption or decryption. It also displays the Sensitive Data Type assigned to each column name along with its position in the file.
To add a structure, click Add New Structure tab on the Structure Management screen. You can edit or delete the details of the structure by clicking the Edit and Trash icons, respectively under the Actions column.
Structures are created to recognize a column delimiter, file pattern, and number of header rows to ignore when masking/encrypting. The file pattern can be an extension or a partial file name, with a wildcard “*” to pattern-match.
The next step is to add the structure of a data. Structures can be manually added, column by column, or can be imported from a file. If structures are imported from a file, then the sensitive type associated with each column is automatically detected, based on the policy(s) assigned to the domain, but can also be overridden to a different sensitive type. The protection option associated with each sensitive type is determined in the policy.
To add a column manually, enter the name of the column in Column Name textbox and its sequence in the file or object in Column Number textbox. Select the Sensitive Type from the given list in the Sensitive Data Type drop-down. The selected sensitive type displays the kind of information the column has in the file or object.
To import columns details from a file, click Browse File icon. A browser panel shows up. Navigate to the file whose structure you want to import and click Select.
Upon clicking Select button, a window pops up displaying Header Rows, Rows To Sample, and Show Sample Rows field. Enter the numeric value in the Header Rows and update the values for Rows To Sample field Show Sample Rows drop-down.
Click Import Columns button, to import the structure details of a file or an object. This feature fetches the column details of a file or object automatically and generate tabular information by displaying the name of the Column Header, its sequence in the file, column datatype format, Detection Results, and the Sensitive Types.
The next step is to map the structure details to the source directory in the Map Structure tab of Structure Management screen. The source directory specifies the path of the encrypted or decrypted file which needs to be encrypted or decrypted, respectively, when the process is executed.
Now, push the structure details to the IDP by clicking Push To IDP button in the Actions column under Structure List screen.
This opens a slider window where you need to specify the module and the cluster information where the structure details need to be pushed. Select the module from Select Module drop-down and the cluster, where structure details are being pushed to, from Select Cluster drop-down. Now, click Save to execute the operation else, click Cancel.
In case of RDBMS, a connection name must be selected in the Select Connection drop-down for mapping structure details to the source directory/database.
Only one structure can be assigned per directory/database, but child directories can have their own overridden structures. Therefore, structured file masking/encryption can only happen across homogenous directories, where all target files have the same format and column headers. Heterogenous directories must perform unstructured masking/encryption, which can be handled directly within a protection task without the need for creating structures. Structures are created within the PK Protect UI or can be automated via RestAPIs with the Customer Success team’s guidance.
The DG metadata repository keeps track of which locations have domains or structures assigned to them, so any tasks with these locations automatically show the domain/structures attached to them. There is no need to manually specify which locations have a domain/structure attached to them within the protection task. Also, only one structure can be included per masking task, so tasks that cover locations with multiple structures must be broken up.