China's Personal Information Protection Law (PIPL) has come into effect on November 1, 2021

The PIPL is a game changer for any company with data or business in China. It will add another layer of complexity with respect to compliance with China’s security and data laws and regulations.

Key Highlights of the Law

 

What is data masking?

Consequently, data protection has become the top priority of many organizations. That’s why data masking has become an essential technique many businesses need to protect their sensitive data.

Data masking, also known as data obfuscation, hides the actual data using modified content like characters or numbers.

The main objective of data masking is creating an alternate version of data that cannot be easily identifiable or reverse engineered, protecting data classified as sensitive. Importantly, the data will be consistent across multiple databases, and the usability will remain unchanged.

There are many types of data that you can protect using masking, but common data types ripe for data masking include:

  • PII: Personally identifiable information
  • PHI: Protected health information
  • PCI-DSS: Payment card information
  • ITAR: Intellectual property

Data masking generally applies to non-production environments, such as software development and testing, user training, etc.—areas that do not need actual data. You can use various techniques to mask which we will discuss in the following sections of this article.

Importance of data masking

Data masking is important to companies in several ways:

  • Helps companies to stay compliant with PIPL and GDPR by eliminating the risk of sensitive data exposure. Because of this, data masking offers a competitive advantage for many organizations.
  • Makes data useless for cyberattackers while preserving its usability and consistency.
  • Reduces risks associated with sharing the data with integrated third-party applications and cloud migrations.
  • Avoids risks associated with outsourcing any project. Because most organizations merely rely on trust when dealing with outsourced persons, masking prevents data from being misused or stolen.

Types of data masking

There are several types of data masking types you can depending on your use case. Of the many, static and on-the-fly data masking are the most common.

Static data masking (SDM)

Static data masking generally works on a copy of a production database. SDM changes data to look accurate in order to develop, test, and train accurately—without revealing the actual data. The process goes like this:

  1. Take a backup or a golden copy of the production database to a different environment.
  2. Remove any unnecessary data, and mask it while in stasis.
  3. Save the masked copy to the desired location.

Dynamic data masking (DDM)

DDM happens dynamically at run time and streams data directly from a production system so that masked data will not need to be saved in another database. It is primarily used for processing role-based security for applications, such as processing customer inquiries and handling medical records. Thus, DDM applies to read-only scenarios to prevent writing the masked data back to the production system.

You can implement DDM using a database proxy which modifies the queries that come to the original database and passes the masked data to the requesting party. With DDM, you do not have to prepare a masked database in advance, but the application can have performance hindrances.