Azure Data PlatformSQLAzureSQLServerSQLServer on Azure VM

Dynamic Data Masking Intro

Dynamic Data Masking is a great new feature introduced in Azure SQL Database and SQL Server 2016 to mask the data in selected columns containing sensitive data with minimum impact to the application. The beauty of the feature is, it masks sensitive data in the result set while the data remains same (unchanged) in the database. You can easily configure this feature for your existing application because the actual masking takes place only in the result set.

If you are already familiar with the introduction and want to know more about the implement then you can read the next blog which is: Configure Dynamic Data Masking using Azure SQL Database portal.

Here are some key points I would like to highlight related to Dynamic Data Masking:

  1. Zero\minimal impact to the application.
  2. Data remains same in the database.
  3. You can designate special set of Users\DB Roles who will still be able to see un-masked sensitive data.
  4. You get different type of masking rules straight out of the box i.e., Email masking rule for all email columns.
  5. All of these things can be managed either by Azure Portal (for Azure SQL Database) or by simple T-SQL statements for your on-premises SQL Server 2016 instances.

You might be thinking why this new security feature has been introduced when we already have Encryption, Always Encrypted and Row Level Security. The answer is pretty simple you won’t use a sword where a simple knife is required. It all depends upon scenarios and requirements & varies from case to case basis. There are use cases where you want your selective set of users to query and fetch the data in partially readable format. A classic example would be a customer care executive authenticating you on the basis of the last four digits of your credit card number or google\third party app shows you part of your alternate Email ID and asks you to complete the same. For all these cases vendors have been developing one or the other home grown solutions but there was no out of the box feature available in MS SQL Server till date. Dynamic Data Masking is perfect for all those cases and giving the feature inbuilt it reduces the overall time to market for your applications.

In coming days we’ll dig further into this topic and cover some really cool examples.

feel free to leave a comment. 🙂

Sarabpreet Singh Anand
Subscribe now to get latest Tips\blog posts in your Inbox