Architectures of Database Masking

It is often necessary to hide data in test and development databases to prevent it from inappropriate visibility. There are many elements which can cause troubles when masking data. Data masking provides a substitute control that permits secured data to remain functional, but a cautious understanding of masking architecture is required to ensure that secrecy and privacy are adequately protected.

There are two key types of architectures which are used in the designing of data masking software.

  • On the Fly, Server-To-Server, Data Masking Architecture
  • In-Situ Data Masking Architectures

On the Fly, Server-To-Server, Data Masking Architectures
In this architecture, the data does not exist in the target database past to masking. The anonymous rules are applied as part of the procedure of moving the data from the source to the target. Usually, this type of masking is incorporated into the duplicating process which creates the target database. The chief advantage of this architecture is that the data is never present in the destination database in its unmasked form. One of the disadvantages is that if there are any errors in the process, they necessarily disrupt the transfer of the data. It ‘s hard to mask data after the transfer has finished; this may occur in situations where the masked target database has been developed, and it is later decided that a particular column of data needs to be masked.

In-Situ Data Masking Architectures
In this method, the replica of the database to be masked is created by other ways and the software merely works on the replicated database. There are two forms of in-situ masking: masking rules which are implemented and controlled as a separate unit on the target and data masking system which are controlled by a different system. After that, it gets connected to the target and controls the implementation of the rules.
The advantage of this architecture is that it is possible to apply supplementary masking actions at any time. The masking functions are different from the copy process so obtainable replicating solutions can be used and the data masking rules are probably easier to retain. The main disadvantage is that the data is present in the target database in its unmasked form. So, increased security measures will be needed during that time.

Similar Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *