DataSunrise is sponsoring RSA Conference2024 in San Francisco, please visit us in DataSunrise's booth #6178

Static Data Masking

Static Data Masking


Static data masking, or SDM, is a technique used for protecting sensitive data by creating a masked copy of a database. The masked data is functionally and structurally similar to the original data but does not reveal any sensitive information. Organizations with strict regulations regarding the exposure of sensitive data rely on static data masking to safeguard their business and comply with data privacy regulations.

In this article, we will explore static masking in depth, how it differs from dynamic data masking, and how DataSunrise implements static masking to protect sensitive data.

Differences between Dynamic and Static Data Masking

Both static and dynamic data masking serve the purpose of protecting sensitive data, but they differ in their approach. Static data masking creates a separate, masked copy of the database, where sensitive data is replaced with realistic but fictitious information. This approach is safer because no traces of the original sensitive data are left in the masked copy. Static masking is particularly useful when organizations need to grant database access to external parties for research, testing, or analysis purposes.

On the other hand, dynamic data masking masks data in real-time as it is queried from the database, without storing the masked data. Dynamic masking is more lightweight since it doesn’t require creating a full copy of the database, but only masks the query results. To better understand the differences between static and dynamic masking, and when to use each approach, please refer to our article on dynamic data masking.

How DataSunrise Implements Static Data Masking

DataSunrise provides users with powerful tools for securing their data across a wide variety of database management systems (DBMS), including SQL Server, Oracle, PostgreSQL, MongoDB, and even cloud-based databases like Amazon Redshift. With DataSunrise’s intuitive interface, users can easily implement static data masking into their projects without modifying the source database.

Static data masking content image

DataSunrise operates as a proxy, so no changes to the database are needed—only access to the database and proper configuration of the DataSunrise server. Users can configure static masking by specifying masking rules, which consist of four main sections : Source and Target Instances, Transferred Tables, Startup Frequency, Remove Results Older Than (optional).

Source and Target Instances

In this section, users define which specific data elements will be obfuscated through static masking. This involves selecting the source database instance from which the sensitive data will be extracted and specifying the target database instance where the masked data will be stored.

Transferred Tables

DataSunrise’s static masking feature provides the ability to preserve the integrity and consistency of the masked data by maintaining unique constraints, foreign key relationships, indexes, check constraints, and other database-specific elements. This ensures that the masked database remains fully functional and can be utilized for various non-production purposes without encountering data integrity issues or disrupting the relationships between tables.

Static Data Masking Transffered Tables

Startup Frequency

In this section users can choose to initiate the masking process manually, run it once at a specified time, or configure recurring masking jobs at regular intervals, such as minutely, hourly, daily, or according to a custom schedule.

Remove Results Older Than

When organizations frequently mask data, it’s important to manage the storage space used by masked databases. DataSunrise helps solve this problem by allowing users to automatically delete old masked data. This feature lets organizations set how often outdated masked databases are removed, optimizing storage resources and ensuring that the latest masked data is available for non-production use.

Static Data Masking Remove Result Older Than

Real Experience of Using DataSunrise for Masking

Let’s say we have a PostgreSQL database with a “customers” table containing users’ name, credit card number, email address and etc. Right now when querying the data it looks like this:

Static Data Masking Actual Data

For integrating DataSunrise with the database all we need to do is connect it as a proxy to DS. After that we create a masking rule:

Static Data Masking Masking

After applying the rule, mask data and making select request to the now proxy we get this:

Static Data Masking Obfuscation

Benefits of Static Masking with DataSunrise

By leveraging static data masking with DataSunrise, organizations can:

  1. Protect Sensitive Data: Safeguard personally identifiable information (PII), financial information, and other sensitive data from unauthorized access, reducing the risk of data breaches.
  2. Comply with Regulations: Meet data privacy regulations, such as GDPR, HIPAA, CCPA, and PCI DSS, by masking sensitive data before sharing it with external parties or using it in non-production environments.
  3. Enable Secure Data Sharing: Share masked data with external partners, such as vendors, consultants, or researchers, without compromising data privacy, fostering collaboration and leveraging external expertise.
  4. Simplify Implementation: Implement data masking quickly and easily with DataSunrise’s intuitive interface, automated data discovery, and pre-built masking algorithms, without the need for extensive coding or database modifications.
  5. Maintain Data Consistency: Ensure that the masked data maintains referential integrity and consistency across multiple tables and databases, allowing the masked database to be used for testing, development, and analytics purposes without causing data integrity issues.


Static data masking is an essential tool for organizations seeking to protect sensitive data from unauthorized access and comply with data privacy regulations. DataSunrise provides a powerful and flexible static masking solution that enables companies to create masked copies of their databases easily and securely.

By leveraging DataSunrise’s static masking capabilities, organizations can safeguard sensitive information, enable secure data sharing with external parties, and maintain data consistency across non-production environments.

As data privacy and security remain top priorities for organizations worldwide, static masking will continue to be a critical component of any comprehensive data protection strategy, and DataSunrise is well-positioned to meet the evolving needs of organizations in this area. Conact our team of experts to schedule a demo and discover the possibilities it provides now.


Name Shuffling

Name Shuffling

Learn More

Need Our Support Team Help?

Our experts will be glad to answer your questions.

General information:
[email protected]
Customer Service and Technical Support:
Partnership and Alliance Inquiries:
[email protected]