Data Security: Empowered With Data Masking And Data Encryption
Data security is the practice of keeping data protected from corruption and unauthorized access. The focus behind data security is to ensure privacy while protecting personal or corporate data using Data masking and Data Encryption.
Confused between Data masking and Data encryption?
Well within the data community encryption is considered a form of data masking. Though many would identify both as one and the same, but Data masking and Data encryption are two technically distinct processes for data security.
At the same time, there are few similarities between data masking and data encryption, although the differences are substantial. Each of them is designed to ensure data security, which can be substantially improved when both are used in synergy.
So, what is the basic difference between masking and encryption?
Encryption is the reversible process where as masking reversibility is hard.
In my tenure I have worked on many projects and handled sensitive data to perform research and development task. Passing sensitive data through many hands, it is at great risk of theft or misuse. Through the process of redacting (stripping, covering over, or removing) the important elements of the data set, such as names, addresses, are protected. This process, however, is often irreversible.
There are many tools are in market to mask the data. In past, I have used Informatica ETL tool to mask sensitive data using Data Masking transformation. Same can be achieved using alter column and setting ‘Masked’ function on column level in SQL. Data masking using SQL Masked function is preferred as it easy method. For complex masking I prefer dedicated masking tools like Delphix or ETL tool.
Data encryption process mostly used to protect data which is transferred between computers or networks so that it can decrypt later. Data is extremely vulnerable to a breach. Conversion of data into non-readable gibberish (or even format preserved cipher text which is hard to crack) creates highly secure results. The only way to gain access to the data is to unlock it with a key or password which can only be accessed by those authorized.
In database EncryptByPassPhrase(‘passcode’,’Value’) function will convert value into encrypt format, to read encrypted value DecryptByPassphrase (‘passcode’, ‘Encrypted value’) function will convert to its original value.
Note: passcode should remain same while encrypt and decrypt value.
To summarize, if you want to protect your production data from unauthorized entry, but the data is important in its current context, then use encryption and decryption method. However if you need to use your production data in a test environment, where the actual content of the data is meaningless, then use masking.