e
q
u
e
s
t
a
d
e
m
o < back
Data Masking Types
{TOC}
DataMasking Types
TEXTThere different ways to mask data which are used for different needs, with different organizational roles, and in different scenarios.
Static SDM
TEXTUsing stable non-changing environment that originally has a copy of production database, often times called "golden copy" to anonymize data set is called "static data masking". Mainly used to refresh non-production environments and prevent insider's threat.
Dynamic DDM
TEXTCertain categories of employees, based on their role in the organization, should have access only to a part of the record or to a whitened values in the application. Such categories examples might be customer service representatives who do not have access to the credit card besides the last four digits, or judicial clerks who should not have access to addresses and names.
Examples of a masked credit card number data is:
4XXX-XXXX-XXXX-5558
On-a-Fly (In ETL)
TEXTWhen specific conditions in development require to mask data without using a staging environments, due to absence of exra space, or a need to move data in almost -real- time, algorithms are used on the fly. These methods could be used as static as well when necessary but provide extra flexibility.
Obfuscation – extreme masking
TEXTRemoving values all together is very safe and efficient way to mask data, but very inconvenient in use - as it requires a creation of the artificial data set later and in such a way as not to break referential integrity. While it is an economical and immediate way to do it at the beginning, it proves to be very expensive in total cost of ownership ( TCO).