Mask Data in SQL Server - Dynamic and Static Masking

8/5/2016



We have recently enjoyed participating in the SQL Saturday Orange County with the seminar on Data Masking. While introducing new and exciting feature of Dynamic Data Masking, Microsoft has created some confusion in many people on when and how to use it. We have prepared a careful analysis of use cases and the demo for the data masking scenarios suitable for dynamic data masking as well as those that require static data masking in SQL Server. We would like to repeat this experience for those people who were not able to attend SQL Server Orange County and will be hosting the webinar in September.

The Agenda:

1. When do we need to mask data? Hierarchy of data access in the organization.

2. What is dynamic data masking and what is static data masking? Industry definitions.

3. Dynamic Data Masking: in SQL server 2016 and in Azure

a. Did you know you will need to alter schema?

b. Which data types does SQL Server 2016 cover? Use of generic and type-specific substitutions.

c. Which data types does SQL Server Azure cover? Use of additional data types.

d. How do I grant access to different people within organization to invoke data masking feature?

e. Performance of data masking and beyond.

4. Why do my developers tell me that Dynamic Data masking is "no good"? How do we mask Data in SQL Server development environments using Static Data Masking.

a. Do developers need real values when they mask data and then perform CRUD?

Answering interesting questions like: how does one distinguish one "xxx-xx-xxxx" value of social security number from another "xxx-xx-xxxx"?

Why do we need to know statistical properties in masked data? what are statistical properties? How do they relate to PHI and HIPAA?

What is "Safe Harbor" in the context of de-identification in SQL Server?

b. Do third parties need data masked with realistically looking values?

What do you mean when you say that you want to send a file with realistic looking data and so that it does not break partner's referential integrity?

c. Do your users ask for real looking values while in acceptance testing?

d. Do you have a variety of databases in the enterprise: Oracle, IBM, mySQL, postGres, Access and files? How do you mask data consistently across all of them while masking data in SQL Server?

If you are interested to in answers to the above questions, please request a private on-line webinar. The generic webinar date will be announced soon.