Designing and implementing a data masking strategy
Data masking is a technique used in SQL technologies to hide sensitive data in SQL query results from non-privileged users. For example, the credit card info of a customer might be masked as XXXX-XXXX-XXXX-1234 instead of showing the complete number while querying a customer table in Synapse SQL. The data itself is not changed in the tables, but the queries and views modify the data dynamically to mask sensitive information.
This feature helps enforce the following two requirements of IAC:
- Not everyone should have access to all the data – it should be on a need-to-know basis.
- Maintain customer privacy at all costs.
You can easily create a data mask in Azure Synapse SQL (and in Azure SQL too) using a feature called Dynamic Data Masking (DDM). The following screenshot shows how this can be done in Azure Synapse SQL:
Figure 12.9 – Setting up DDM from the Azure portal
From the...
