DataSunrise data masking restricts sensitive data within a database from exposure to non-privileged users. This prevention of unauthorized access to sensitive data is done by creating a structurally similar but inauthentic data to provide it for some external services. This is to protect the sensitive data from being exposed to the wrong people, it maintain the security of the data within the database.
In proxy mode DataSunrise is able to monitor SQL statements that database clients send to a database and hide original data with random or predefined data. DataSunrise supports data masking in proxy mode only. It evaluates each SQL statement by using the list of rules in order or rule priority. DataSunrise then executes the first rule that applies to the SQL statement and skips the rest of the rules.
For example a banking customer representative can only be allowed to access or see the last four digits of a customer’s social security number or the credit card number. This ensure no exposure of such sensitive data. A developer can define a masking rule that can be applied to each query result that masks all but the last four digits of any credit card number or any social security number.
DataSunrise works in the following
How to Set Up DataSunrise Data Masking
- Click rules on the left pane.
DataSunrise shows a list of audit rules.
- Click the rule +button
- Specify all of the fields under main settings.
- Database type. This is to specify the type of database being protected which can either be Oracle or PostgreSQL
- Database instance. This is to specify the database instance that receives the SQL statement. Select <Any> to monitor all of the database instances that are defined in the DataSunrise. In any case one is interested in adding a new database instance, click the plus sign (+) button and specify of the fields in the New Database Configuration window.
- This specifies the proxy that processes incoming SQL requests.
- Rule Priority. DataSunrise applies the data masking rules in order of their priority values. Specifies the integer priority value of the rule. It is also important to note that multiple rules can have the same priority. DataSunrise executes rules that have the same rule priority in the order these rules were created.
- Log Events. This indicates whether DataSunrise logs data masking events.
- Log Data. This indicates whether DataSunrise includes data that the database returns to the SQL statements.
- Max row count to log. If you selected Log Data, specifies the maximum number of rows to log. By default, DataSunrise uses the value that is specified in the MaxSaveRowsCount firewall setting.
- Log 1st Event Only. Indicates whether DataSunrise logs only the first occurrence from a series of these events.
- Enable Rule. This indicates whether the data masking rule is active.
- Specify all of the fields under Filter Sessions.
- Process Application Requests. This specifies the name of an application which SQL statements will be processed by this rule.
- Process Requests from Database Users. This specifies the names of database users which SQL statements will be processed by this rule.
- Process Requests from Hosts. This Specifies host names or IP addresses of computers that are monitored by this rule.
- Under Filter SQL statements, specify all of the fields.
- Masking Type. This specifies the type of the data masking rule. Which are:
Fixed. Return a specified value for the masked columns.
Random. Return random data for the masked columns.
Function call. Call a stored procedure to mask data.
- Mask Value. This specifies a mask value or a stored procedure name.
- Columns for Masking. This is to specify columns which data you want to mask.
- After following the following procedure you click save.
DataSunrise data masking is able to work with an Oracle Database user and a PostgreSQL Database User. It can also be installed in both windows drivers and Linux drivers.
You can try DataSunrise Data Masking here.