The Simple Guide to Data Masking


The Simple Guide to Data Masking



A new report reveals that poor privacy practices increase an organization’s chance of being breached by as much as 80%. This week alone saw thirteen universities targeted by a combined ransomware and data breach attack.


Data masking is one of the safest methods of protecting sensitive data. Unlike encryption, which can be reversed using an encryption key, once data has been masked, there is no going back. This is why it is the preferred method of data protection for the health, financial, and education industries, as well as government. 


In this article, we’ll unpack the fundamentals of this proven data security method. 

What is data masking?

Data masking is a process used to locate sensitive data in databases, files, and text, classify it, and finally anonymize it. It does this by replacing the sensitive values with similar, realistic values that cannot be used to identify someone. 


In technical terms, a masking algorithm is used to transform data into masked variables in SSIS. This process protects the real data from being viewed by changing the value, ensuring no sensitive data can be used outside of production. It also creates an audit trail for compliance purposes.


Data masking methods include:

- Encryption algorithm

- Character scrambling

- Deletion

- Number and date variance

- Substitution

- Shuffling


What is it used for?

Data masking is used to protect personally identifiable information, protected health information, payment and credit card information, as well as intellectual property. It forms part of the development life cycle. 


Its many use cases include:

- Protection against internal threats

- Legislative compliance

- Third-party sharing

- Data analytics


While the data masking process is irreversible, masked data still retains its usefulness for business purposes, such as testing and analytics.


What are the different types of data masking?


There are different ways to mask data. Different methods are used for different needs, organizational roles, and use cases.


Static data masking

Static data masking is used in a stable non-changing environment that originally has a copy of the production database, called the "golden copy".  This form of data masking is mainly used to refresh non-production environments and prevent insider threats.


Dynamic data masking

Dynamic data masking is required in instances where certain departments require access to limited amounts of sensitive data. The rest is shielded. For example, customer service agents who only require the last four digits of a credit card number. 



When data needs to be masked in real-time during specific scenarios, such as when there is a lack of space. 



Obfuscation involves removing sensitive values from files and databases altogether. It is the most extreme form of data masking.


With no end to the COVID-19 pandemic in sight and organizations juggling rapid digital transformation, a widespread remote workforce, and being asked to handle sensitive track and trace data, the risk of legal non-compliance and cyber crime is high. If you want to ensure data privacy compliance for your business, data masking provides proven and comprehensive protection that not only aligns with trusted risk frameworks like HITRUST and NIST, but also meets the compliance requirements of laws such as the GDPR, HIPAA, and PCI, among others.   


Thanks to its sophisticated patented algorithms, Hush-Hush is at the forefront of privacy protection and offers a suite of data discovery and masking tools to suit any size business and industry.  


Request your free demo today.

free demo

BuildNumber = dev_20210906.1