By Security Features • February 24, 2020

Unmasking Data Masking

Screen Shot 2020-02-19 at 11.16.24 AMOrganizations today are handling massive volumes of data at various levels in their operation. With digitization being implemented on a huge scale, data breaches are now among the primary concerns that business entities are either facing or fearing.

In this blog post, we will touch upon data masking – one of the most popular ways to secure sensitive data.

What Is Data Masking?

While most organizations have stringent cybersecurity measures in place for protecting data in production and storage phases, the situation tends to become more complex in data use processes. The chances of a data breach intensifies when an organization's data ends up being utilized for operations that can hardly be considered secure. This situation is further compounded when operations are outsourced by an organization to external agencies because that translates into organizations having reduced control over environments in which their data is used. This coupled with the reality that governments around the globe are enacting evermore strict data protection and compliance standards (EU’s GDPR and India’s upcoming Data Protection Bill, to name two), only enhances the urgent need for professional data protection.

Data masking, also known as data obfuscation, operates by shielding confidential data, such as credit card information, social security numbers, names, addresses, contact information, etc. from unintended exposure and reduce the risk of being lost to a data breach. Masking protects data in cases where it may become visible to someone who does not have clearance to view said data. For instance, assume that your organization has engaged a contractor to build a database. With data masking, contractors can interact with databases while never actually viewing sensitive information, like client details.

In typical data masking, the format of data is preserved -- and only the values are changed. Data may be masked in a number of ways, including encryption, character shuffling, and character or word substitution. Whatever masking method is chosen, affected values must be changed in such a way that makes detection or reverse-engineering impossible.

What Types Of Data Can Be Protected With Data Masking?

Many types of data can be protected through data masking, including:
1. PII (Personally Identifiable Information)
2. PHI (Protected Health Information)
3. PCI (Payment Card Information)
4. Intellectual Property

What Are The Different Types Of Data Masking?

Data masking can be broadly classified into the following two categories:
1. Static Data Masking - where sensitive information is permanently obfuscated while it is at rest
2. Dynamic Data Masking - where sensitive information is obfuscated in transit, and the original data at rest is left intact and unaltered

What Are The Different Techniques Used For Data Masking?

A few techniques that can be leveraged and incorporated into the data masking process are as follows:
1. Encryption - when data is encrypted, only authorized users can access it using a digital key
2. Character Scrambling - when characters in the original data are jumbled so as to render the data unidentifiable
3. Nulling-out or Deletion - when data becomes null and void for those who are not authorized to access it
4. Substitution - original, real data is mimicked by a substitute value and then assigned to protected data
5. Tokenization - a method in which sensitive data stored in relational databases and files is replaced with non-sensitive placeholder tokens

What Is The Ideal Strategy For Implementing Data Masking?

If the following four steps are followed, data masking efforts will produce the best results:
1. Find data such that sensitive data is identified and distinguished
2. Assess sensitive data in all aspects including location of storage, and which data masking technique is best suited to the data at hand, etc.
3. Implement data masking by concurrently or sequentially employing a combination of techniques
4. Throughly test data masking to better understand if obfuscation processes are producing the desired results

What Are The Advantages Of Data Masking?

1. Effectively providing a solution to the following key issues surrounding data security:
    a. data breach
    b. data loss
    c. data hijacking
    d. insecure data interface, and
    e. unauthorized data use by insiders at an organization
2. Safely retaining the integrity and structural format of original, sensitive data
3. Safer sharing of sensitive data with authorized persons, while minimizing the chances of production data being unintentionally disclosed
4. Reduced data usage risks within a cloud environment
5. Data masking is relatively budget-friendly and uncomplicated

To Sum It Up
With an increasing focus on protecting the privacy and confidentiality of user data, and chances of India's Personal Data Protection Bill being enacted in the upcoming winter session, technologies around data masking will be widely adopted across all verticals to safeguard sensitive data.

The post "Unmasking Data Masking"
was written by Ved Prakhash , Security Boulevard Magazine