All over the world regulators require organisations to comply with data protection and privacy laws. The terms of the relevant legislation may vary but the intent is the same: to protect information about individuals from those unauthorised to see that information, regardless of whether the people viewing the information are internal to the organisation or external to it. However, it is not just the fear of fines for non-compliance that is an issue for companies but also the reputational damage and loss of customer trust that can occur when data is not adequately protected and when knowledge of that fact comes into the public domain (which it increasingly does). In addition, organisations may want to protect sensitive information for intellectual property reasons that go beyond the scope of relevant legislation.
In practice, there are a variety of ways in which sensitive data can be protected. In this paper we will discuss data masking and, in particular, the data masking product provided by Delphix. While encryption and tokenisation may be useful in some circumstances, masking is usually the most appropriate technology for protecting data in non-production or non-operational environments for testing, development, Q&A, training, archival and demonstration data, as well as in supporting querybased environments (including both data warehouses and data marts).
This paper argues that using manual methods for data masking will typically be inadequate, time-consuming, and costly. While we will discuss data masking with respect to Delphix and its offering's unique features, many of the arguments in favour of masking tools go beyond that of any particular product.