What Is Data Masking?

Data masking is a process that is used to protect the information that is stored in different types of data management systems. The idea is to prevent the data from being corrupted in some manner, as well as making sure that users can only access information relevant to their security clearance. When the database masking techniques employed are successful, the original data is preserved intact while the mask for the data still functions in what appears to be a proper construct. Data masking helps to minimize the risk of enterprise security breaches, both from internal threats by corporate espionage and from illegal access to databases by hackers.

There are a number of different approaches to data masking. Most will involve encrypting data so that it can still be used for testing and development purposes within the organization, but without the need to expose all the sensitive data at the same time. One example would be found with retrieving information from a customer database at a credit card company. Customer service representatives may be able to see the last four numbers of a credit card number or Social Security number, but the remainder of the number would be masked in some manner. This approach still allows the representative to retrieve certain information needed to help a customer, while masking access to data that is not required in order to provide that assistance. As a result, the data and the privacy of the customer remain intact.

One of the key strategies in data masking is to make sure that once this mask is created for a piece of data, it must appear consistently throughout the system. Using the example of a credit card number, the same mask that hides all but the last four digits of the number will display any time the client contacts the Customer Service department. This means the protocols for masking must be uniform even while being sufficient to protect data from use by unauthorized sources.

Any type of data can be protected using the basics of data masking. It is possible to mask customer account numbers, addresses, geographic distributions and any other type of proprietary information that businesses utilize as part of an ongoing operation. Typically, the processes used should be configured so that they cannot be overridden, making it difficult for hackers to break the data mask. At the same time, the methods employed should not create a situation in which those with the highest level of security clearance cannot access the data behind the mask should the need arise.