The Explainer: Dynamic Data Masking and Monitoring

By Albert McKeon
Posted on:
June 18, 2021
Share on:

1. Dynamic Data Masking Cloaks Data

As the name implies, dynamic data masking actually masks data. Just as protective masks have obscured people’s smiles (and frowns) during the pandemic, this data-protection method covers sensitive data. People who shouldn’t see the data won’t see it.

2. It Doesn’t Alter Data; It Simply Protects it

Also known by its shorter acronym DDM, dynamic data masking doesn’t alter, in any way, the sensitive data that’s in need of protection. The data is still there. Unlike, say, tokenization, another form of data protection, DDM doesn’t substitute the data with a non-sensitive token. It simply masks the sensitive data. The data remains in its original form.

3. It’s Not the Best Protection Method But It’s Effective

Although not as comprehensive or as strong as tokenization or other data-protection methods, DDM still does the job. It’s effective when nothing more than low-level protection is needed, like masking the street addresses of individuals in a column of a larger dataset. Organizations might want to conceal the addresses only with DDM because it’s quick to apply and that information, when in a bigger dataset, won’t reveal any identifying details about people.

4. DDM Can Be Coupled with Monitoring  

Data monitoring is yet another data-protection method, and it’s ideal to apply in tandem with DDM. Like data masking, monitoring can safeguard less sensitive data, such as the city and state of a person’s address—data that does not map to a specific person but when pieced together with other unprotected data, could allow for a hacker to identify individuals. When organizations monitor data, they’re usually performing transactional auditing to provide context as to who is accessing data, which data they’re accessing, and how it is being accessed. 

5. DDM and Monitoring Are Only Two Tools in a Big Protection Toolbox

Dynamic data masking and data monitoring alone will not help organizations safeguard sensitive data and preserve the privacy of customers, partners, and employees. But when businesses use a data protection platform that offers DDM and monitoring along with a robust array of data protection methods—tokenization, encryption, anonymization—they are demonstrating they understand the complexity of data protection. They’re proving to customers that they’re effectively aligning a protection method with the level of data sensitivity. For example, a business can choose to mask a customer’s street, monitor city and state, and tokenize the name and Social Security number. This allows less sensitive data such as city and state to be available for analytics, without the need to de-tokenize before use, while the highly sensitive name and Social Security number data elements are replaced by tokens and therefore remain useless to bad actors. Data is simultaneously protected and available to provide valuable business insights.

< Back to The Protegrity Blog

Subscribe to Stay up to Date

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.