Dynamic Versus Static Data Masking
Masking is considered to be a critical technology in data privacy protection. Generally speaking, it increases security of a corporate database when it is required to share it with out-source companies, off-shore partners, quality assurance or development departments, etc. In simple words, data masking functionality allows production data in a database be safely and freely used for any nonproduction purposes: sensitive data is cryptic to an unauthorized user but the database itself remains fully functional to perform obligations. First, there is no risk of sensitive data leaks. Second, it guarantees no privacy regulation or standard is violated.
Fields with data that must be kept private can be obfuscated or masked statically or dynamically. Static data masking represents a replicated database that is totally identical to the original production database except all confidential data is obscure or concealed. As for dynamic data masking, this functionality cloaks sensitive data at the moment a query is sent to the database, so data in a database response is replaced with fake characters or completely concealed from non-privileged users.
To make masking process clear to understand and show the functionality in action, let’s refer to a real example of a database security solution – DataSunrise Data and Database Security Suite with its integrated DataSunrise Dynamic Data Masking and Static Data Masking features.
DataSunrise Static Data Masking obfuscates sensitive contents of a database and copies it to another database. The duplicated database remains realistic and consistent, and unintelligible data does not hinder work of outsourcers, contractors, operators or testers or anyone with no business need to access it. This method requires extra hardware resources to store a replicated dummy database, as well as updating in accordance with original database activity. Still, database protection is at high level, as no confidential data may accidentally leave it unmasked.
With DataSunrise Dynamic Data Masking actual data in a database remains intact and does not require any modifications beforehand. It masks sensitive data on-the-fly, i.e. it intercepts a query, modifies it as per predefined masking policies and then sends the query to the database. Any non-privileged user gets a response with dubious or hidden data instead of original information, while a privileged user is able to see intact data columns. Thus, DataSunrise Dynamic Data Masking ensures availability and integrity of a database yet guarantees sensitive data confidentiality.
DataSunrise Dynamic Data Masking with flexible pre-built as well as custom data masking rules can also be activated as part of regulatory compliance to obey privacy standards. DataSunrise Data and Database Security is a multifunctional solution, and easily satisfies almost all security needs, including automatic protection in compliance with GDPR, HIPAA, ISO 27001, SOX and PCI DSS requirements. To apply data masking policies, sensitive data is found in a production database by the built-in Sensitive Data Discovery tool. As soon as tables that needs obfuscating are located, the Regulatory Compliance Manager component creates privileged and non-privileged roles for DB users that have or do not have access to sensitive database contents. Configurated masking rules prevent anyone with no right to sensitive data see it in a response to the query. Control of masking policies is performed via real-time notifications sent to an administrator as well as compliance reports generated within desirable frequency period.
Both static and dynamic data masking security features do not restrict access to the database. Masking cloaks information that is confidential to avoid risk of being accidentally or intentionally leaked. So, when integrity and availability of a database for nonproduction activity is on your priority list, decide on reliable sensitive dynamic or static data masking solutions. Be sure your sensitive data is not exposed in contractors’ hands or during database development and testing procedures.