e
q
u
e
s
t
a
d
e
m
o < back
Data Masking Types
{TOC}
DataMasking Types
There different ways to mask data which are used for different needs, with different organizational roles, and in different scenarios.
Static SDM
Using stable non-changing environment that originally has a copy of production database, often times called "golden copy" to anonymize data set is called "static data masking". Mainly used to refresh non-production environments and prevent insider's threat.
Dynamic DDM
Certain categories of employees, based on their role in the organization, should have access only to a part of the record or to a whitened values in the application. Such categories examples might be customer service representatives who do not have access to the credit card besides the last four digits, or judicial clerks who should not have access to addresses and names.
Examples of a masked credit card number data is:
4XXX-XXXX-XXXX-5558
On-a-Fly (In ETL)
When specific conditions in development require to mask data without using a staging environments, due to absence of exraextra space, or a need to move data in almost -real- time, algorithms are used on the fly. These methods could be used as static as well when necessary but provide extra flexibility.
Obfuscation – extreme masking
Removing sensitive values from the files and databases all together is a very safe and efficient way to mask data, but very inconvenient in use - as it requires a creation of the artificial data set later on. This data set should be done in such a way as not to break referential integrity. While it is an economical and immediate way to do masking at the beginning, it proves to be extreme, and very expensive in total cost of ownership ( TCO).