Network Protection Policy -  Data Centric Approach

 


Data masking is the process of transforming data in order to protect it from unauthorized access. Data masking is often used to protect sensitive data, such as credit card numbers or social security numbers, from being exposed.

There are four types of data masking:


1. Static data masking :

           Data is first masked in the database before being copied to a test environment, allowing companies to migrate test data to untrustworthy environments or third-party vendors.


2. Dynamic data masking: 

              DDM eliminates the requirement for additional data storage. Data is left unmasked in the database until it is requested, at which point it is masked and transferred across. To conceal the data, the contents are shuffled in real-time on-demand. Unauthorized users are never given access to unmasked data. To achieve DDM, you'll need a reverse proxy. On-the-fly data masking is used to describe other dynamic data masking approaches.


3. Tokenization :

           Tokenization is the process of replacing a sensitive data element with a non-sensitive equivalent, called a token, that has no extrinsic or intrinsic meaning or value.


4. Encryption : 

The most difficult and safe method of data masking is encryption. Here, you utilise an encryption method to hide the data and encrypt it with an encryption key.


For production data that must be restored to its original condition, encryption is a better option. However, as long as only authorised individuals possess the key, the data will be secure. The keys can be used to decrypt the data and examine the real data if any unauthorised entity gains access. Therefore, it is essential to handle the encryption key properly.


Importance of Data Masking: 


For the following reasons, data masking is important for many organisations:


Data loss, data exfiltration, insider threats or account breaches, and unsecured third-party system interfaces are just a few of the serious risks that are addressed by data masking.


reduces the worries about data security that come with using the cloud.


While maintaining many of the data's inherent functional characteristics, an attacker cannot use it.


Data is accessed by authorised individuals like testers and developers without disclosing production data.


Data sanitization is feasible because unlike sanitization, which hides the previous values, traditional file deletion leaves data traces on storage media. Generated using