Informatica has been trying to establish itself in the security space for some time. It exhibited at InfoSec this year, for example, and it will be at the RSA conference in London in October. Nevertheless, most people probably don't think of Informatica in this light.

Of course the security sector is a big space and Informatica is only in a part of it, namely data masking. At least right now.

Informatica has actually had data masking capability since 2005 but the truth is that virtually no-one had woken up to the importance of being able to protect data such as personally identifiable information (PII) or personal health information (PHI) until much more recently. And the same applies to sensitive corporate information.

In 2009 Informatica acquired Applimation, a vendor in the ILM (information management lifecycle) space that offered archival, test data management (TDM) and data masking. Now, there are lots of environments where you may want to mask data but two of the most important are for archival and test data in development environments. In particular, software development is often outsourced and even when it is not there are significant issues around confidentiality and privacy issues so you need robust data masking capabilities to support the environment. As a result, Informatica recognised that it needed to upgrade its existing data masking capabilities, along with those acquired from Applimation, and it started to do this in 2010. Most notably, in that year it introduced support for logical objects (business entities). This is important because you may need to maintain referential integrity and other relationships during the masking process. In the same timeframe it also introduced support for data masking against popular application packages from the likes of SAP and Oracle.

If anything, last year was even more significant. Informatica acquired ActiveBase and its dynamic data masking solution. It introduced masking for semi-structured and unstructured data by leveraging Informatica's (B2B) ability to transform semi-structured data (e.g. SWIFT, EDI, XML) and unstructured data (e.g. PDF, Word, Excel). And it started to support federated masking where logical objects are spread across different data sources. The company also introduced a feature known as masking validation. This is especially useful for auditors because it automated the process of checking that you have masked what you were supposed to mask.

There are two releases this year, one which came out last quarter and the next one will come out at the end of the year. The most significant details of these releases include dynamic data masking support for DB2 released last quarter and the introduction of dashboards solely for privacy monitoring in the next release. Of course there are also a bunch of other enhancements and improvements but these are perhaps the most significant that apply to data privacy as opposed to TDM more generally. I am also privy to Informatica's roadmap for data privacy and while I can't share details of the company's plans I can say that they are significant.

The real question is whether this expertise in data masking is enough to make Informatica a genuine security company? There are two answers to this question and the first depends where you put data privacy: is it a security issue or is it really a governance issue? If you think it's the latter then Informatica is not a security company but if it's the former (or both) then it is, at least in part, a player in the security space. The second answer will depend on Informatica's future actions. Right now, Informatica partners with other vendors for functions such as database activity monitoring and encryption. But we all know that Informatica is an acquisitive company and I think it not unlikely that it will acquire one or more of its partners in one or more of these areas in due course. Then it will have no difficulty in being understood to be in the security space. In the meantime it has one of the leading data masking solutions in the market and that alone is sufficient to justify its presence at relevant security conferences and exhibitions.