Data Masking

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> We already established that data
00:00
masking is a data obfuscation technique.
00:00
But we're going to go a little deeper
00:00
into data masking because it's so often used,
00:00
especially in development environments within the Cloud.
00:00
The learning objectives for this lesson are: talk
00:00
about the use cases for data masking,
00:00
the types of data masking,
00:00
and talk about the benefits and limitations for when
00:00
each data masking approach is appropriate.
00:00
There are two main data masking methods,
00:00
static data masking and dynamic data masking.
00:00
Static data masking is primarily used to provide
00:00
high-quality data for development and
00:00
testing of an application
00:00
without disclosing sensitive information.
00:00
There could be a number of reasons for this,
00:00
primary reason being it
00:00
enforces least privilege, testers or developers.
00:00
They don't need to see the private information of
00:00
people who use the application real-time,
00:00
they just need realistic data to ensure that
00:00
whatever new features or
00:00
improvements they're putting in, are working properly.
00:00
Masking is used to prevent them from
00:00
seeing the sensitive information production.
00:00
It also helps to ensure that the data is protected in
00:00
accordance with whatever regulations or
00:00
standards your organization may be subjected to.
00:00
Whether that's GDPR or
00:00
Payment Card Industry or
00:00
maybe you're in the health care situation.
00:00
Another instance where static data masking
00:00
is used exponentially,
00:00
when you're doing analytics,
00:00
there's no real need to have
00:00
the actual private sensitive information
00:00
of individuals disclosed.
00:00
So information that is subjected to
00:00
static data masking can be used to
00:00
provide those analytical insights.
00:00
It doesn't necessarily need
00:00
such fine-grained information,
00:00
that applies to the individual.
00:00
It maintains their privacy,
00:00
while also enabling the organization
00:00
to derive insights from the data.
00:00
Training is another instance
00:00
where masked data is appropriate.
00:00
There's no need for a trainee to really
00:00
see the customer's information,
00:00
they just need to understand what
00:00
each field means in the context of their role.
00:00
Dynamic data masking is often
00:00
used for reporting purposes.
00:00
It's really used to protect data in transit.
00:00
When a data is leaving a database or an application,
00:00
masking is applied to protect the sensitive information.
00:00
That ties into another way that
00:00
dynamic data masking is often applied.
00:00
It's often applied based on an individual's role.
00:00
Role-based access is enforced when
00:00
a person tries to query certain data
00:00
from a database or withdraws a report,
00:00
their access is checked
00:00
against the rules in the database,
00:00
and based on their level of access,
00:00
they are only enabled to
00:00
withdraw or see information of a certain level,
00:00
other sensitive information that's above
00:00
what they need to see for their role is masks.
00:00
Quiz question. A developer is testing
00:00
an application update before
00:00
it is promoted to production.
00:00
The developer wants to use mass production data for
00:00
testing purposes because he
00:00
wants to maintain the use of privacy.
00:00
Which mask would be most appropriate?
00:00
Static data masking,
00:00
dynamic data masking or masking is not required?
00:00
This is really an example where static
00:00
data masking is most
00:00
appropriate because we are permanently
00:00
changing the data,
00:00
and it's going to be used just mimic
00:00
the performance of production data
00:00
in the development environment.
00:00
Dynamic data masking is not really relevant here
00:00
because there's no real data
00:00
being transferred back and forth,
00:00
it's only reporting contexts.
00:00
It really is just trying to ensure
00:00
>> that the data reflects
00:00
>> the behavior of the
00:00
production environment they're trying to improve.
00:00
In summary, we've talked about the use cases
00:00
for data masking,
00:00
and we talked about the types of data masking.
00:00
I'll see you in the next lesson.
Up Next