Data Masking Is Not Encryption or Tokenization!
Throughout our site we tell you what Data Masking is, however there is often a lot of industry confusion about what Data Masking is NOT. There are several data security methods that are mistaken as other terms for Data Masking. Here we help you understand the differences.
Data Masking is NOT Encryption: Encryption is essentially a process that turns data into a "puzzle" that can potentially be put back together. Encryption takes real data and turns it into gibberish which is not readable or useable by humans or applications. This makes it unusable for many critical IT functions such as application testing. In addition, encryption requires application changes and has significant operational overhead requirements related to performance and key management. So while encryption secures the data, it does not remove the risks like Data Masking does. There remains significant risk should the encryption key fall into the wrong hands or the algorithm gets broken, as was the case for WEP WIFI encryption. Encryption and data masking solve different problems. For a detailed discussion of Encryption vs. Masking, please see this video: Data Masking vs. Encryption
Data Masking is NOT Tokenization: Tokenization is a form of encryption where the data values are replaced by a “token” that can then be used to decrypt to the original value. This form of encryption addresses the data size and format issues commonly encountered when implementing encryption. While an SSN on a screen is a 9 digit number (123-456-7890), an encrypted SSN may look like 7Xh8F$ha.3Dfh234234nfewofh3487@. As you can see, the encrypted value is longer and has no meaning, so it is unlikely that an existing application can handle the encrypted value without significant reengineering and cost. Tokenization suffers from the same drawbacks as encryption, including management overhead and the risk of being broken, and is not a good solution for non-production activities such as application testing.
Data Masking is NOT Data Loss Prevention or Data Leak Prevention (DLP): DLP is defined as more or less "perimeter" techniques for security. These techniques are designed to monitor and help ensure proper usage and access of data, but these measures do not safeguard the data itself. If data is accessed despite DLP, the sensitive information is all vulnerable and there for the taking.
Get all the facts and avoid the potential for costly mistakes—Contact us to learn more about the benefits of Data Masking with DMsuite™ today!