Not logged in - Login


R
e
q
u
e
s
t

a

d
e
m
o
< back

Why Data Masking

{TOC}

Why Data Masking

The Business Case

As the public demands a better degree of protection, so the laws become stricter. As such, companies try to make sure they protect themselves with all possible means. The two most common measures are encryption and data masking.

Data masking (another(also termsknown used areas data anonymization, data de-identification, and data obfuscation, for the nuances of industry perception please refer here)obfuscation) has become mainstream in IT functions of healthcare, financial, educational, governmentgovernment, and other types of organizations caryingcarrying sensitive personal data in the last decade. Organizations use it to protect against internal threat,threats, to hide sensitive information while exposing data to external users, and to exchange data with third parties.

A lot ofMany organizations doemploy itdata masking to comply with legislation, while others use it as a preventative measure even if not obligated by law. law. There are reputational costs and class-action litigation costs, as well as credit check costs for financial institutions and fraud costs for health insurance organizations.

Compliance

Data Masking is a trusted and proven method of data protection that meets the requirements of data privacy laws such as the GDPR, HIPAA, CCPA, GLBA, FERPA and more. Data masking allows organizations to maintain the convenience of using their customers' data while removing any real identifiers. Using data masking, the data can be de-identified, so that personal information remains anonymous in the context of support, analytics, testing, or outsourcing.

Whether your business operates in the healthcare, financial, educational or government sector, data masking is a trusted method for meeting the requirements of the privacy laws relevant to your industry. The cost onof non-compliance and data breaches areis very high. They are much higher than just the FTC fines - although FTCThe fines themselves indeed could run into millions of dollars per multiple U.S. Courtscourt rulings. "It is not only appropriate,appropriate but critical, that the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information," says Federal Trade Commission Chairwoman Edith Ramirez. There

In aredevelopment

Most reputationalbusinesses costsuse test data for testing, QA, and class-actiontraining litigationpurposes costs, as well as credit checks costs for financial institutions and fraud costs for health insurance organizations.

The laws are becoming more plentiful and stricter - as public demands better degree of protection.

As such, companies try to make sure they protect themselves with all the possible means. Among different measures twooutside of the mostdevelopment commonenvironment, arebut encryptionoften don’t give much thought to how that data is protected. Data masking protects data in non-production environments by substituting identifiable values like names, surnames, social security numbers, and credit card numbers with similar values that cannot be used to identify an individual. For this reason, data masking.masking as part of the development cycle prevents security gaps from occurring in the normal flow of data in your organization and sanitizes data before it travels within and without the business.

Data Masking !=VS Encryption

Both, data masking and encryption are used to hide data's original values.

Yet, they are not the same, both by purpose and by the implementation.

The Purpose


The purpose of encryption is to hide data from the hacker. In data security classification, the hacker is an external threat and has no access to encryption keys. Both data in transit and data on the disk are well protected with encryption against hackers outside of the organization.

The purpose of data masking is to hide data from the developer. The developer often does have the key to encryption. Not only that, encrypted data, unless there is a specific provision, might not fit the predefined field sizes in the storage and makes it extremely hard to comprehend values for the developer. The difficulty in comprehension slows down development.

The Implementation


Encryption is a method that allows the intended communication information or message, referred to as plaintext, beingto be encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. Thus, the information itself does not change the content, but changes a presentation.

Data masking, or de-identification, is a method that allows the intended information to change its content in such a way that it retains the form of the information presentation yet completely loses the content. While sometimes statistical methods allow to guess original values for some types of data masked with certain methods, given certain precautions, one can reduce the probability of re-identification.

Download a Trial