Data masking#
Data masking is the process of applying a mask on data to hide sensitive information and replace it with new data or scrubbed data.
Data masking divides into two categories:
Static Data Masking vs. Dynamic Data Masking:
Static Data Masking |
Dynamic Data Masking |
|---|---|
Happens on a physical copy of the database |
Happens on the original database |
Original data not retrievable |
Original data intact |
Mask occurs at the storage level |
Mask occurs on-the-fly at query time |
All users have access to the same masked data |
Mask varies based on user permission |
In Querona both data masking techniques are available, yet are implemented slightly differently than in a database server: static data masking is automatically used when a persistent cache is built, meaning that data written to the DBMS handling the cache is replaced with masked values.
Original data can be retrieved only by Querona and the seed value used to scrub the data must be known.