Skip to main content


Home Dynamic data masking

Dynamic data masking

Dynamic data masking definition

Dynamic data masking (DDM) is a way to protect sensitive information in database systems by obscuring specific data elements in real-time. The primary goal of DDM is to protect sensitive data from being exposed to unauthorized users, especially when multiple users with varying levels of clearance need access to the same database. By doing this, it helps organizations to comply with data protection regulations.

See also: data masking, information hiding

Here’s how it works:

  • When a user or application sends a request to a database that contains sensitive information (like credit card numbers), DDM automatically masks or hides the sensitive data in the query results. This is done in real-time without altering the actual data stored in the database.
  • Administrators can set up rules for which data should be masked and how. For example, a rule that says to replace all but the last four digits of a Social Security number with asterisks.
  • DDM can be configured to provide data differently based on the user's role or permissions. For instance, a customer service representative might see masked credit card numbers, while a manager in the finance department might see the full information.