Put on that Mask: Why Protegrity is Offering Dynamic Data Masking

By Raul Ortega, Vice President of Product Management, Protegrity
Posted on:
June 11, 2021
Share on:

As the data-protection industry leader with our vaultless tokenization solution, you’re probably wondering why we would take what seems like a step backwards and start offering a less secure method to safeguard data.

We can’t blame you for wondering, but there’s a rational reason why, with the newly released version 8.1 of the Protegrity Data Protection Platform, we’re now offering dynamic data masking (also known as DDM) as well as monitoring.

In a nutshell, we want to give you choice on how you protect data. We also want to give organizations that aren’t quite ready to embrace something as comprehensive as tokenization to still join our family and be in position to someday further their protection postures should they decide to take that step forward.

That’s the nutshell explanation. Here’s a little more behind our thinking:

What DDM and Monitoring Do

For decades, Protegrity has been the clear industry leader in securing data through tokenization, which has generally been considered the most secure method for protecting data. Tokenization substitutes sensitive data elements (information such as Social Security and bank account numbers) with a non-sensitive equivalent called a token. A token has no intrinsic or exploitable value. Instead, a token is a substitute that irreversibly de-identifies sensitive data and therefore makes the protected data useless to hackers.

While effective, DDM, on the other hand, is nonetheless a less secure method of data protection. As the name might suggest, DDM is a column-level security feature that masks data, while not altering its original form. The sensitive data is still there; it has not been substituted with a non-sensitive token or equivalent. But it is masked from viewing by unauthorized users. DDM is often a default data-protection method often offered natively by platform vendors such as cloud providers. It is simple to implement and allows for rapid protection of data where the level of sensitivity and risk is relatively low.  

Monitoring is yet another data-protection method, and it’s also new with v8.1. It’s often used to safeguard less sensitive data such as someone’s residence (city and state)—essentially, data that does not map to a specific person but, in combination with other data, could allow for a bad actor to identify individuals. When organizations monitor data, they’re usually performing transactional auditing to provide context as to who is accessing data, which data they’re accessing, and how it is being accessed. 

A Fast Track to Data-protection Maturity 

So why would the leader in data protection appear to be “going backwards” towards less-secure protection methods such as DDM and monitoring? The simple answer is we want to provide customers with many data protection choices, enabling them to closely align the level of data protection to the level of data sensitivity, all within a single policy. 

Also, using DDM and monitoring now puts customers on a faster path to data-protection maturity for the day when they decide they need a more comprehensive and stronger protection posture. They will be able to strike a balance between compliance with highly useable native database security such as role-based access control on one end, to the highly secure Protegrity Vaultless Tokenization on a single platform on the other end. 

How it All Works 

In practice, multiple data protection methods at the column level within a single policy significantly expand the ability to analyze data to drive innovation. 

Envision, if you will, an organization that has a customer database that includes name, street, city, state, and Social Security number. With v8.1, the organization can choose to mask the street, monitor city and state, and tokenize the name and Social Security number. This allows less sensitive data such as city and state to be available for analytics, without the need to de-tokenize before use, while the highly sensitive name and Social Security number data elements are replaced by tokens and therefore remain useless. 

Protegrity Continues to Open Doors to Customer Innovation

Protegrity’s product roadmap continues to open doors for customers to protect their data anywhere and everywhere it resides and is used within the enterprise.

Providing a simpler path to data protection maturity helps customers achieve data velocity—the fast speed with which data moves from a source to analytics—and enables them to make the most of all data, without the usual roadblocks and delays. 

< Back to The Protegrity Blog

Subscribe to Stay up to Date

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.