Not logged in - Login / Register

View History

Data Masking Types

DataMasking Types

There are different ways to mask data. Different methods are used for different needs, with different organizational roles, and in different scenarios.

Static: SDM

Using stable non-changing environment that originally has a copy of production database, often times called "golden copy" to anonymize data set is called "static data masking". Mainly used to refresh non-production environments and prevent insider's threat.

Dynamic: DDM

Certain categories of employees, based on their role in the organization, should have access only to a part of the record or to a whitened values in the application. Such categories examples might be customer service representatives who do not have access to the credit card besides the last four digits, or judicial clerks who should not have access to addresses and names.

Examples of a masked credit card number data is:


On-a-Fly (In ETL)

When specific conditions in development require to mask data without using a staging environments, due to absence of extra space, or a need to move data in almost -real- time, algorithms are used on the fly. These methods could be used as static as well when necessary but provide extra flexibility.

Obfuscation – extreme masking

Removing sensitive values from the files and databases all together is a very safe and efficient way to mask data, but very inconvenient in use - as it requires a creation of the artificial data set later on. This data set should be done in such a way as not to break referential integrity. While it is an economical and immediate way to do masking at the beginning, it proves to be extreme, and very expensive in total cost of ownership ( TCO).