(also data obfuscation, data anonymization)
Data masking definition
Data masking is a technique used in data security to protect sensitive or confidential information from being exposed to unauthorized individuals or systems. This technique involves replacing sensitive data with fictitious. The replica maintains the integrity of the original data structure while protecting the sensitive information from unauthorized access. Data masking is an important security tool in industries such as healthcare, finance, and e-commerce.
See also: information hiding
Examples of data masking techniques
- Substitution involves replacing sensitive data with a different value. For example, replacing a social security number with a randomly generated number or replacing a name with a pseudonym.
- Shuffling is rearranging the order of data elements. For instance, shuffling the order of digits in a credit card number, or shuffling the order of words in a sentence.
- Padding involves adding characters to data elements to obscure their original length. For example, adding extra zeros to a bank account number.
- Encryption technique includes converting data into a coded format that can only be deciphered by authorized parties. For example, using a public key infrastructure (PKI) to encrypt and decrypt sensitive data.
- Tokenization is replacing sensitive data with a non-sensitive placeholder called a token. The original sensitive data is stored securely, and the token is used for transactions or processing.