Data Masking/Tokenization/Anonymization replaces sensitive information with fictitious data while retaining the original data format. The data masking process lets you continue to work with your data as if it were not encrypted. Databases, business applications and collaboration software continue to work as if the data was real, but unauthorized personnel only have access to the fake data and can’t extract meaningful sensitive information.
When data files containing personally identifiable information (PII), restricted health data, charge card data or intellectual property are masked, the data is no longer sensitive and data breaches no longer reveal private data. Only people you authorize can unmask and read your data. Everyone else, from hackers and other third parties to insiders and even your IT specialists sees only fake data. Your data remains safe until you authorize the intended partner to use your data.
How It Works
As individual characters are entered into an application, data masking software changes them to different characters of the same type. For example, a credit card number is made up of four blocks of four numbers. Data masking software changes the numbers to different numbers as you type them. The resulting credit card number still looks like a valid number but it is made up of random digits and is not linked to the credit card owner. As a result, the masked number is useless and is not considered PII.
The software keeps track of the changes and if you authorize someone, or some processes, to see the real data, the software changes back the credit card number to the original on the authorized person’s device. The data is masked before it leaves your device and is only legible again after it reaches an authorized partner. In between, your data is completely secure.
Data Masking Applications
While data masking can keep obviously restricted data such as PII or health information secure, the process of masking data is so secure and transparent that it can be used broadly in a variety of business situations.
Software testing
While you may keep production data sets from your operations secure, production data often has to be used for non-production purposes. Typical applications that use such data are testing, training and modelling. You may want to try out new software but you have to test it first using sample data. New employees have to be trained with data that looks like the real thing. When you analyze or run models on your process, you have to use real data. In all these cases, the data is sensitive and several sets may be used within the company. Masking lets you secure this data and make sure it doesn’t get into the wrong hands
Insider Threats
A second issue, which can be addressed successfully with data masking, is the insider threat problem. You may feel confident in your perimeter security but insiders such as subcontractors, inspectors and consultants operate within your perimeter and may have access to your data. Disgruntled employees, whistleblowers, or employees motivated to steal sensitive data pose the same kind of problem. Protecting your data inside your security perimeter using standard encryption is not a satisfactory solution because commonly used encryption makes data access complicated and limits the kind of processing you can do without decrypting the entire data set. Data masking secures your data against any insiders who are not authorized to see it. Everyone will see false data unless you give them the authorization to unmask the data.
Compliance – GDPR
All companies doing business with European citizens will have to address is that of the EU General Data Protection Regulations (GDPR). The GDPR have been passed and come into effect in May 2018. The regulations limit what data a business can collect, what data it can keep and they impose stringent requirements for security with potentially substantial fines for data breaches.
Data masking addresses the requirements of the GDPR in two ways. Businesses can keep data they have collected if the data is anonymized. Data masking allows businesses to keep the data itself for analysis because it is no longer personally identifiable. When data is anonymized, the data is no longer subject to the GDPR (Chapter 5). Data breaches do not result in fines because no private information is disclosed. The GDPR regulations specifically mention data anonymization as a means of compliance with the regulations.
CloudMask Data Masking and Tokenization
The CloudMask patent technology (USA, Canada, and EU) uses dynamic data masking to anonymize data from the time it created on your end device to when an authorized partner uses it. This end-to-end encryption using data masking lets you continue to search, process and access your data quickly and conveniently but keeps it safe from unauthorized parties.
CloudMask is simple to set up and its implementation and operation are transparent and intuitive. The application adds an additional layer of security to your perimeter and other data security strategies.
With CloudMask, only your authorized parties can decrypt and see your data. Not hackers with your valid password, Not Cloud Providers, Not Government Agencies, and Not even CloudMask can see your protected data. Twenty-six government cybersecurity agencies around the world back these claims.
Watch our video and demo at www.vimeo.com/cloudmask
