Personal tools

Data Masking

Hong Kong_10
(Hong Kong)


- Overview

Data masking, also known as data sanitization, is the process of modifying sensitive data so that it is not usable to unauthorized intruders, but can still be used by authorized personnel or software. Data masking can also be called tokenization or anonymization. 

No one can deny the value of data to today's organizations. As data breaches and cyberattacks continue to increase, it is increasingly necessary for organizations and government agencies to protect sensitive information from unauthorized access, use, disclosure, modification or destruction. 

Data security is the practice of implementing measures to ensure the confidentiality, integrity, and availability of data to appropriate end users. 

There are many technologies used in data security. We focus on data privacy and the two most popular methods of protecting sensitive data: data masking and tokenization.

Essentially, these are techniques that generate fake data, but they do so in different, technically complex ways, so it's important to understand their differences in order to choose the right approach for your organization.


- Techniques of Data Masking

Data masking techniques include: 

  • Shuffling: A form of data substitution that rearranges the order of the original data. For example, shuffling employee names across multiple employee records. The output data looks like accurate data but doesn't reveal any actual personal information.
  • Substitution: Also known as pseudonymization, this technique substitutes the original data with random data from lookup files. For example, swapping sensitive information, such as a name or drivers license number, with a fictional alias.
  • Redaction: In development and testing environments, sensitive data is replaced with generic values. This technique is useful when the sensitive data itself isn't necessary for QA or development.
  • Referential Integrity: True data masking techniques transform confidential information and preserve the integrity of the data. For example, George must always be masked to Elliot or a given social security number (SSN) must always be masked to the same SSN. 


[More to come ...]

Document Actions