- Purpose-Based Access Control (PBAC)
- Attribute-Based Access Control (ABAC)
- Plain language data policies
- Distributed Stewardship
Author data policies as a team
Orchestrate and enforce data policies in real-time
- Fine-Grained Data Security (row-, column-, & cell-level)
- Dynamic Data Masking
- Policy Orchestration
- Transparent Policy Enforcement
- Secure Data Collaboration
- Access Request Workflows
- User Impersonation
Apply advanced privacy controls
- Privacy Enhancing Technologies (PETs)
What is dynamic data masking?
Dynamic data masking is the process of using fake, hidden, or purposefully “noisy” data to conceal or mask the sensitive elements in a data set. Within existing databases, masking techniques such as k-anonymization, differential privacy, and randomized response can protect sensitive data from being reverse-engineered or re-identified. These masking techniques help ensure data remains private without hindering its ability to be used for analysis.
What is considered sensitive data?
Sensitive data is any information that must be kept confidential and protected from unauthorized access. Two well-known categories of sensitive data are personally identifiable information (PII), like first and last names, email addresses, and credit card numbers, and protected health information (PHI), such as medical records, lab results, and medical bills. Other types of sensitive data also exist, including commercially sensitive data, like private company revenues, HR analytics, and IP, as well as classified information, like top secret, secret, and confidential data. Direct identifiers, like names, are often considered highly sensitive, but indirectly identifying attributes like hair color, height, and job title, can also be considered sensitive when combined with other data sets.
What are secure masking techniques?
Dynamic Data Masking shields confidential information in production data in real-time, without making any physical changes to the data set, and prevents data requesters from accessing the sensitive information.
k-Anonymization automatically anonymizes and hides infrequent, identifiable responses when specific columns are queried.
Conditional Data Masking uses dynamic access restrictions, based on policy conditions and characteristics, to mask columns, cells, and rows for certain users.
Randomized Response introduces plausible deniability into data to anonymize specific columns.
Differential Privacy injects noise into queries to protect the privacy of individual records.
The Top 5 Barriers to Data Sharing and How to Overcome Them
Technology has made our world increasingly interconnected and interdependent, and as a result, the need...
The Complete Guide to Data Security Compliance Laws and Regulations
Compliance regulations in the data security space are constantly changing and evolving, with more new...
What Is a Data Clean Room?
As data has become one of the most prized resources for companies around the world,...
What is Data De-identification and Why is It Important?
Data de-identification is a form of dynamic data masking that refers to breaking the link between data...
Imagine going to a library in search of a specific book with a piece of...Read more
Have 29 minutes?
Let us show you how Immuta can transform the way you govern and share your sensitive data.