Dynamic Data Masking

Increase permitted use cases in the cloud with dynamic data masking and privacy controls.

What is Dynamic Data Masking

Dynamic data masking protects data at query time by modifying or hiding sensitive values without changing the underlying data. Immuta implements a suite of security and privacy controls that are applied dynamically using this approach.

How Immuta does Dynamic Data Masking

Data policies are written in plain language

Author an attribute-based access control policy in plain language, without requiring specialized engineering resources. If your team prefers, they can also write policy-as-code.

Employ pre-built controls

Specify how to protect sensitive data using one or more of the 60+ prebuilt security and privacy controls that can be applied dynamically at query time for anonymization, pseudonymization, obfuscation, or minimization.

Protect data in real-time

Take the decision-making out of data consumers’ hands with safe and instant access to authorized data from any BI tool, workbench, or notebook using dynamic policies.

Security & Privacy Controls

Dynamic Data Masking

Copying data and manually removing or anonymizing values can delay analysis and weaken data utility. Immuta’s dynamic masking policies support hashing, regular expression, rounding, conditional masking, replacing with null or constant, with reversibility, with format preserving masking, and with k-anonymization, as well as external masking — all without ever copying or moving data.

Conditional Data Masking

Protect yourself from data leaks without resorting to manual changes. Immuta automates access restrictions based on masking policy conditions, such as time-based windows, user’s geography, and data in adjacent cells or reference tables. Immuta’s conditional logic in masking policies provides flexible policy enforcement while reducing risk.

Differential Privacy

Differential privacy statistically guarantees that any individual record within a data set cannot be identified. Immuta is one of the few data platforms to provide differential privacy. It is one of our dynamic privacy enhancing technologies PETs) that works by injecting noise into queries to protect the privacy of individual records and enable increased data sharing.

Dynamic K-Anonymization

Eliminate manual, code-based approaches that require a team of mathematicians to prevent re-identification. Immuta enables data teams to apply k-anonymization at query time from any connected database, allowing you to seamlessly prepare sensitive data for use. Compared to other approaches, k-anonymization has been shown to be the most effective for data masking.

Randomized Response

Protect yourself from data attacks without resorting to time-intensive security methods that require coding or new ETL pipelines. Immuta’s randomized response helps achieve local differential privacy for specific columns, making it possible to put mathematically guaranteed limits on an attacker’s ability to exploit your data.


Increase permitted use cases

Easily apply dynamic security and privacy controls on sensitive data to meet requirements from legal and compliance teams for cloud use cases. Policies are authored in plain language so any stakeholder can understand how sensitive data, such as PII, PHI, or other sensitive data, is being protected.

Accelerate time to data

Get safe and instant access by applying dynamic security and privacy controls at query time for each user. Eliminate the engineering resources and costs required to write code or copy data to protect sensitive data.

Reduce engineering burden

Apply security and privacy controls dynamically at query time without having to copy and manage protected data sets. This reduces the need for specialized engineering resources to implement dynamic data masking, while reducing risk by using proven and advanced techniques.

Have 29 minutes?

Let us show you how Immuta can transform the way you govern and share your sensitive data.