DataSunrise Dynamic Data Masking for Google SQL
Data Masking is a security feature that outputs random characters instead of real database records. It allows third-party developers to query production environment for troubleshooting purposes while they don’t get access to genuine data. DataSunrise performs masking dynamically, which doesn’t require additional hardware resources. Customizable masking rule settings help to adjust wide-ranging corporate requirements.
Real-time Data Masking
Masking is applied to protect personal identifiable or commercially sensitive data while it must remain usable for certain purposes. Original data is replaced with random characters or fictive data. Masking is applied when a company hires third-party developers for application development, conducting tests or building program extensions. There is no need for data to be genuine, but it must be consistent enough to support proper functioning of the outsource party’s application.
Apart from collaborating with outsource vendors, data masking is an efficient measure for purposes of access privilege assignment when a company has a call center or other department that require partial access to the database.
DataSunrise performs masking dynamically. The advantage of dynamic masking in comparison with static masking is that it is performed at the moment of request, so there is no need to create a stand-alone copy of real database.
How it works
Let’s see how data masking works using the following table created on MySQL.
The table displays the information about clients. Let’s assume that we need to provide an access to this table for workers of bank’s marketing department. They need to know only clients’ names and their phone numbers.
Entering DataSunrise interface we set masking rules:
1) Select users, for whom masking rule is applies
2) Select columns that need to be hidden
3) Choose a masking type. There is an opportunity to choose among pre-defined patterns for specific data type (e-mail, credit card number, phone number, date) or set characters or words that would be used instead of original data.
User makes a query to the database to see the table with client information. DataSunrise intercepts the query as it is deployed as a proxy between users and the server. The query matches parameters of masking rules, so DataSunrise changes it according to existing security policies and redirects modified query to the database. The database responds to the query by displaying the table with masked data. The results are given below:
In the rule settings you can also add your email address in order to receive notifications when certain masking rule is triggered. As you can see, all selected columns are masked and protected. DataSunrise Dynamic Data Masking is another step in building reliable security system on Google Could SQL database.