Static Data Masking for Azure SQL Database and SQL Server

08

Nov

Static Data Masking for Azure SQL Database and SQL Server

Static Data Masking for Azure SQL Database and SQL Server
https://azure.microsoft.com/blog/static-data-masking-preview/

The SQL Security team is pleased to share the public preview release of Static Data Masking. Static Data Masking is a data protection feature that helps users sanitize sensitive data in a copy of their SQL databases.  

Static Data Masking

Use cases

Static Data Masking is designed to help organizations create a sanitized copy of their databases where all sensitive information has been altered in a way that makes the copy sharable with non-production users. Static Data Masking can be used for:

 
  • Development and testing
  • Analytics and business reporting
  • Troubleshooting
  • Sharing the database with a consultant, a research team, or any third-party
 

Static Data Masking facilitates compliance with security requirements such as the separation between production and dev/test environments. For organizations subject to GDPR, the feature is a convenient tool to remove all personal information while preserving the structure of the database for further processing.

How Static Data Masking works

With Static Data Masking, the user configures how masking operates for each column selected inside the database. Static Data Masking will then replace data in the database copy with new, masked data generated according to that configuration. Original data cannot be unmasked from the masked copy. Static Data Masking performs an irreversible operation.

In the example below, all entries in the column FirstName have been nullified. The column LastName is made of randomly generated strings. In the EmailAddress column, names have been replaced with randomly generated strings, but the domain extension has been maintained. A similar narrative applies to the Phone column where the area code has been preserved, but not the last 7 digits.

Before and after

To learn more about on Static Data Masking, please refer to our documentation.

Static Data Masking vs. Dynamic Data Masking

Data masking is the process of applying a mask on a database to hide sensitive information and replace it with new data or scrubbed data. Microsoft offers two masking options, Static Data Masking and Dynamic Data Masking

Static Data Masking

Dynamic Data Masking

  • Happens on a copy of the database
  • Original data not retrievable
  • Mask occurs at the storage level
  • All users have access to the same masked data
  • Happens on the original database
  • Original data intact
  • Mask occurs on-the-fly at query time
  • Mask varies based on user permission

How to download Static Data Masking

Static Data Masking ships with SQL Server Management Studio 18.0. The latest preview SQL Server Management Studio 18.0 is available today for download.

Compatibility

Static Data Masking is compatible with SQL Server (SQL Server 2012 and newer), Azure SQL Database (DTU and vCore-based hosting options, excluding Hyperscale), and SQL Server on Azure Virtual Machines.

The team is actively looking for feedback so please do share your thoughts at static-data-masking@microsoft.com.

Share