User:Datakitchenchef/sandbox

Data Masking or data obfuscation is the process of de-identifying (masking) specific data elements within data stores.

The main reason for applying masking to a data field is to protect data that is classified as personal identifiable data, personal sensitive data or commercially sensitive data, however the data must remain usable for the purposes of undertaking valid test cycles. It must also look real and appear consistent. It is more common to have masking applied to data that is represented outside of a corporate production system. In other words where data is needed for the purpose of application development, building program extensions and conducting various test cycles. It is common practice in enterprise computing to take data from the production systems to fill the data component, required for these non-production environments. However the practice is not always restricted to non-production environments. In some organisations, data that appears on terminal screens to call centre operators may have masking dynamically applied based on user security permissions. (eg: Preventing call centre operators from viewing Credit Card Numbers in billing systems)

The primary concern from a corporate governance perspective is that personnel conducting work in these non-production environments are not always security cleared to operate with the information contained in the production data. This practice represents a security hole where data can be copied by unathorised personnel and security measures associated with standard production level controls can be easily bypassed. This represents an access point for a data security breach.