Dynamic data masking limits sensitive data exposure by masking it to non-privilege users. Dynamic data masking is able to prevent unauthorized access to sensitive data by enabling customers to designate how much of the sensitive data to reveal with minimal impact on the application layer. It is a security feature that hides the sensitive data in the result set of a query over a designated database fields, while the data in the database is not changed.
Dynamic data masking has an advantage for it is very easy to use with existing applications since most of the masking rules are applied in the query results. Many applications can mask sensitive data without modifying existing queries at all thus the simplicity of dynamic data masking.
Take for example, a call center support person may identify callers by the use of several digits of their social security number or credit card number, but those data items should not be fully exposed to the support person.
This is where a developer comes in for they are able to define a masking rule to be applied to each query result that masks all but the last four digits of any social security number or credit card number in the result set. This is able to be used when one is using appropriate data mask to protect personally identifiable information data, a developer can query production environment for troubleshooting purposes without violating compliance regulations.
The purpose of dynamic data masking id to limit exposure o sensitive data, preventing users who should not have access to the data from viewing it. Dynamic data masking does not majorly aim to prevent database users from connectivity directly to the database and running exhaustive queries that expose pieces of the sensitive data.
Dynamic data masking is complementary to other SQL server security features such as auditing, encryption and row level security and it is highly recommended to use this feature in conjunction with them in addition in order to better protect the sensitive data in the database.
Dynamic data masking is available in SQL server 2016 community technology preview.