DON'T HIDE SECRETS IN THE CLEAR
Everything in clear text?
It's not an all-or-nothing choice.
Many use cases, such as testing, QA, or customer support don't require clear-text data.
Instead, only parts of it in the clear would be sufﬁcient to enable the execution of business processes.
What is data masking?
And how is it different?
Masking replaces a given number of characters of a sensitive value with a set of masking characters.
Masking can be helpful to obscure sensitive data or to provide a sufﬁcient amount of information to identify the data associated with the sensitive value - without showing the sensitive value itself.
You can mask data in a variety of ways using techniques such as partial x-ing or nulling out, substitution, shuffling, or number and date variance.
From test data to irreversible anonymization
When pseudonymization is not enough.
Due to the irreversible nature of this protection method, reverting sensitive values to clear text is not possible.
Typical use cases for masking are the irreversible protection of test data or data in non-production environments, the irreversible anonymization of PII, or the limited visibility of data for employees or customers.
When data does not need to be reversed, data masking can provide powerful data-centric protection.
comforte helps companies worldwide protect sensitive data, significantly reducing the risk of data breaches.
Dynamic data masking
Benefits and considerations.
Dynamic data masking protects data on its way through the application stack. In most implementations, the data stream is intercepted and clear text values are substituted with masked values based on user rights and policies.
While this solution provides strong benefits when it comes to executing data security policies, you should be aware of a high risk of misconfiguration and data exposure as the data still remains unprotected on core databases and on the move.
Static data masking
Useful in the right situation.
Static data masking changes the data permanently, usually at the database level.
While static data masking limits the usability of a dataset permanently and might therefore be inappropriate for production environments, it is more secure, as it reduces the risk of accidentally exposing the clear text values due to misconfiguration. This could especially be important when giving access to sensitive data to untrusted parties.
Are they really different?
Yes. Protection methods not only vary in how they change the data. You should consider far more when choosing the right mechanism for a specific use case.
Read this e-book to learn more about protection methods and their use cases.Download E-Book