There’s lots of talk about putting security close to the data. One way of doing this is data masking, which obscures or modifies data as it is used according to a set of rules.
In this interview, Amit Walia of Informatica explains how data masking means that people see only the data they need to see, and that this is done in a transparent, non-intrusive manner. Which data are masked varies according to each user and each application, based on policies you create. And as this happens between the database and the application, there’s no need to change any of the application logic.
In terms of security solutions, data masking can be seen to site somewhere between encryption and tokenisation: it’s close to the data and implementation-light.
There are two flavours – dynamic data masking for accessing data from a production system, or persistent (static) data masking used, for example, for testing environments where you need a set of data that matches the nature of the data that will be used eventually in the production version.
Walia believes this technology addresses one of the most pressing threats today – the insider. It means you don’t expose all your data, even with those members of your staff who need to use production databases.