Data masking
In other words, where data is needed for the purpose of application development, building program extensions and conducting various test cycles.
In some organizations, data that appears on terminal screens to call center operators may have masking dynamically applied based on user security permissions (e.g. preventing call center operators from viewing credit card numbers in billing systems).
The primary concern from a corporate governance perspective[1] is that personnel conducting work in these non-production environments are not always security cleared to operate with the information contained in the production data.
For example, if dealing with source data which contains customer records, real life surname or first name can be randomly substituted from a supplied or customised look up file.
Effectively, a method utilising this manner of masking can still leave a meaningful range in a financial data set such as payroll.
If the variance applied is around +/- 10% then it is still a very meaningful data set in terms of the ranges of salaries that are paid to the recipients.
The encryption algorithm often requires that a "key" be applied to view the data based on user rights.
Recently, the problem of encrypting data while preserving the properties of the entities got recognition and a newly acquired interest among the vendors and academia.
These are based on the accepted Advanced Encryption Standard (AES) algorithmic mode recognized by NIST.
It is not a realistic value and will then fail any application logic validation that may have been applied in the front end software that is in the system under test.
Character scrambling or masking out of certain fields is also another simplistic yet very effective method of preventing sensitive information to be viewed.
It is really an extension of the previous method of nulling out, but there is a greater emphasis on keeping the data real and not fully masked all together.
Static data masking is usually performed on the golden copy of the database, but can also be applied to values in other sources, including files.
This type of data masking is most useful for environments that do continuous deployments as well as for heavily integrated applications.
Thus, continuously sending smaller subsets (deltas) of masked testing data from production is important.
Several standards have emerged in recent years to implement dynamic data filtering and masking.
Data masking invariably becomes the part of these processes in the systems development life cycle (SDLC) as the development environments' service-level agreements (SLAs) are usually not as stringent as the production environments' SLAs regardless of whether application is hosted in the cloud or on-premises.
