DataSunrise Dynamic Data Masking for MariaDB

MariaDB Data Masking is designed to ensure privacy and security of corporate sensitive data. The real production data is obfuscated to limit its exposure and avoid intentional and unintentional data leaks. The tool transforms original data to hide sensitive information but keeps it looking realistic.

Tech Info

MariaDB Data Masking is designed to protect personally identifiable and sensitive data. Data masking is useful when a company hires third parties or needs to limit business information exposure to unauthorized employees – analysts, developers, testers, etc. There is no need for the data to be genuine, but it must be consistent enough to support proper functioning of a third-party or custom application.

DataSunrise provides both static and dynamic data masking. With static data masking the third party is provided with a stand-alone copy of the real database containing some neutral data instead of sensitive data. With dynamic data masking sensitive information is obfuscated on-the-fly, while being transferred to the third party. In this case, actual database contents remain intact and only database output is obfuscated.

Dynamic Data masking for MariaDB tool is deployed as a proxy between a client and the database. Clients access production database through DataSunrise proxy only. Any direct communication between a client and the database is disabled. DataSunrise intercepts a client query, changes it according to existing security rules and redirects the modified (“masked”) query to the database. Having received “masked” query, the database outputs obfuscated data instead of real values originally requested by the client. This way the real data never leaves the database.

DataSunrise provides general purpose masking methods and obfuscation algorithms for emails, credit card numbers, dates, time, etc. Users are also enabled to create their own masking algorithms.

This is how the table with masked columns looks like:

MySQL table masked

Related Articles