SlideShare a Scribd company logo

Dynamic data masking sql server 2016

Antonios Chatzipavlis, profile picture
Antonios Chatzipavlis

Dynamic data masking is a data protection feature in SQL Server 2016 that masks sensitive data in query results without altering the actual data. It can help protect private information by exposing only obfuscated data to unauthorized users. Administrators can configure masking rules for specific columns using various masking functions like default, email, random, or custom string masking. The underlying data remains intact but masked data is returned for users without unmask permissions. It provides data security with minimal performance impact by masking results on-the-fly.

Data & Analytics
1 of 32
Downloaded 126 times
1
2
3
Most read
4
5
6
7
8
9
10
11
12
Most read
13
14
15
16
17
Most read
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
Dynamic data masking sql server 2016
Dynamic Data Masking in SQL Server 2016
SQLschool.gr Team Antonios Chatzipavlis SQL Server Evangelist • Trainer Vassilis Ioannidis SQL Server Expert • Trainer Fivi Panopoulou System Engineer • Speaker Sotiris Karras System Engineer • Speaker
Followus insocialmedia @sqlschool / @panfivi fb/sqlschoolgr yt/c/SqlschoolGr SQL School Greece group
Helpneeded? help@sqlschool.gr
DynamicDataMasking
Presentation Content  Introducing Dynamic Data Masking  Using Dynamic Data Masking  DDM on Azure  Some points to keep
Introducing Dynamic Data Masking
• Protect sensitive data and personally identifiable information • Regulatory Compliance • Expose sensitive data only on a need-to-know basis • Custom obfuscation in application, views or third party solutions are used to address this need The Need
Dynamic Data Masking in SQL Server 2016 • Built-in feature for SQL Server 2016 and Azure SQL DB • Data masked on the fly when queried, underlying data do not change • Control on how the data appear in the result set  Dynamic data masking is a data protection feature that masks the sensitive data in the result set of a query over chosen database fields
• Protects against unauthorized disclosure of sensitive data in the application • Very simple to configure and use • Does not require changes in application code • Centralized masking logic Benefits
• “Dynamic data masking does not aim to prevent database users from connecting directly to the database and running exhaustive queries that expose pieces of the sensitive data” • It is not a method for physical data encryption • It is complementary to other SQL Server security features Keep in mind
Using Dynamic Data Masking  Steps  Masking Functions  Permissions  System view information
Dynamic data masking sql server 2016
• Decide which columns need to be masked • Choose the masking function that best fits your needs for each column • Alter columns to add the masking rules • The underlying data is unaffected • Designate which users should see masked data and configure the permissions. Steps
Default Masking Functions Data Type Family Masked Data String XXXX Numeric 0 Date and Time 01.01.1900 00:00:00.0000000 Binary 0 ALTER COLUMN ColumnName ADD MASKED WITH (FUNCTION = 'default()') Full masking according to the data types of the designated fields.
Email Masking Functions ALTER COLUMN ColumnName ADD MASKED WITH (FUNCTION = ‘email()') Exposes the first letter of an email address and the constant suffix ".com", in the form of an email address. aXXX@XXXX.com
Random Masking Functions ALTER COLUMN ColumnName ADD MASKED WITH (FUNCTION = 'random([start range], [end range])') A random masking function for use on any numeric type to mask the original value with a random value within a specified range.
Custom String (Partial) Masking Functions ALTER COLUMN ColumnName ADD MASKED WITH (FUNCTION = ‘partial(prefix,[padding],suffix)’ Exposes the first and last letters and adds a custom padding string in the middle • Phone: partial(4,”XXXXXXXXXXX”,0) • Credit Card: partial(0,”XXXX-XXXX-XXXX-”,4) • Email: partial(1,”xxxx@xxxx.”,2)
• To retrieve the original data the user must have the UNMASK permission • To add, replace, remove masking of existing columns ALTER ANY MASK permission • The CONTROL permission on the database includes both the ALTER ANY MASK and UNMASK permission ! Users without UNMASK but with UPDATE permission can still update data. Permissions
system view to query for table-columns that have a dynamic data masking function applied to them • Simlar to sys.columns view • is_masked • masking_function sys.masked_columns
Dynamic Data Masking in Action
DDM on Azure
Azure Set up DDM using Azure Portal • Define users excluded from masking • Define Masking rules • Designated fields and masking functions for each one There is a recommendations engine that proposes potentially sensitive fields to mask
Azure Default Full Masking according to the datatypes Credit card XXXX-XXXX-XXXX-1234 Social Security number XXX-XX-1234 Email aXX@XXXX.com Random Number Random number between selected boundaries Custom Text Prefix, Padding String, Suffix
Some points to keep  Limitations and Restrictions  Considerations  Performance
• Not compatible with Always Encrypted columns • Not compatible with File Stream • Not compatible with Column set • A column with data masking cannot be a key for a FULLTEXT index. • Masking rule cannot be defined on a computed column Limitations and Restrictions
• Dynamic Data Masking is applied when running SQL Server Import and Export • Dynamic Data Masking is applied when using SELECT INTO or INSERT INTO to copy data from a masked column • Be careful with updates Considerations
Minimal Performance Impact Data masking is performed right before the data is returned. Performance SELECT * FROM Person.EmailAddress;
Dynamic data masking sql server 2016
Dynamic data masking sql server 2016
S E L E C T K N O W L E D G E F R O M S Q L S E R V E R Copyright © 2015 SQLschool.gr. All right reserved. PRESENTER MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

More Related Content

PPTX
Azure Data Explorer deep dive - review 04.2020
Riccardo Zamana
 
PDF
DP-300 Administering Relational Databases Azure_Oct2020
KareemBullard1
 
PPT
Database performance tuning and query optimization
Usman Tariq
 
PDF
Performance tuning in sql server
Antonios Chatzipavlis
 
PDF
ETL Using Informatica Power Center
Edureka!
 
PPTX
Slowly changing dimension
Sunita Sahu
 
PPTX
Gobernanza de datos - Azure Purview
dbLearner
 
PDF
DataMinds 2022 Azure Purview Erwin de Kreuk
Erwin de Kreuk
 
Azure Data Explorer deep dive - review 04.2020
Riccardo Zamana
 
DP-300 Administering Relational Databases Azure_Oct2020
KareemBullard1
 
Database performance tuning and query optimization
Usman Tariq
 
Performance tuning in sql server
Antonios Chatzipavlis
 
ETL Using Informatica Power Center
Edureka!
 
Slowly changing dimension
Sunita Sahu
 
Gobernanza de datos - Azure Purview
dbLearner
 
DataMinds 2022 Azure Purview Erwin de Kreuk
Erwin de Kreuk
 

What's hot (20)

PPTX
Row-level security and Dynamic Data Masking
SolidQ
 
PPTX
Oracle Data Redaction
Alex Zaballa
 
PDF
Practical Enterprise Security Architecture
Priyanka Aash
 
PDF
Enterprise Architecture vs. Data Architecture
DATAVERSITY
 
PDF
Overview of Data Loss Prevention Policies in Office 365
Dock 365
 
PPTX
Chapter 6: Data Operations Management
Ahmed Alorage
 
PPT
DB security
ERSHUBHAM TIWARI
 
PPTX
Breakdown of Microsoft Purview Solutions
Drew Madelung
 
PPT
Semantic search
Andreas Blumauer
 
PDF
Sigma and YARA Rules
Lionel Faleiro
 
PDF
The Importance of Metadata
DATAVERSITY
 
PPTX
Enterprise Security Architecture Design
Priyanka Aash
 
PPTX
How to Build & Sustain a Data Governance Operating Model
DATUM LLC
 
PPTX
Data Governance for Enterprises
Chaitanya Avasarala
 
PDF
Threat Hunting with Cyber Kill Chain
Suwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
PDF
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
PDF
Best Practices in Metadata Management
DATAVERSITY
 
PDF
Data Architecture - The Foundation for Enterprise Architecture and Governance
DATAVERSITY
 
PPTX
Azure conditional access
Tad Yoke
 
PDF
Data Warehouse or Data Lake, Which Do I Choose?
DATAVERSITY
 
Row-level security and Dynamic Data Masking
SolidQ
 
Oracle Data Redaction
Alex Zaballa
 
Practical Enterprise Security Architecture
Priyanka Aash
 
Enterprise Architecture vs. Data Architecture
DATAVERSITY
 
Overview of Data Loss Prevention Policies in Office 365
Dock 365
 
Chapter 6: Data Operations Management
Ahmed Alorage
 
DB security
ERSHUBHAM TIWARI
 
Breakdown of Microsoft Purview Solutions
Drew Madelung
 
Semantic search
Andreas Blumauer
 
Sigma and YARA Rules
Lionel Faleiro
 
The Importance of Metadata
DATAVERSITY
 
Enterprise Security Architecture Design
Priyanka Aash
 
How to Build & Sustain a Data Governance Operating Model
DATUM LLC
 
Data Governance for Enterprises
Chaitanya Avasarala
 
Threat Hunting with Cyber Kill Chain
Suwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
Best Practices in Metadata Management
DATAVERSITY
 
Data Architecture - The Foundation for Enterprise Architecture and Governance
DATAVERSITY
 
Azure conditional access
Tad Yoke
 
Data Warehouse or Data Lake, Which Do I Choose?
DATAVERSITY
 
Ad

Viewers also liked (10)

PDF
Row level security
Antonios Chatzipavlis
 
PDF
Introduction to Azure Data Lake
Antonios Chatzipavlis
 
PDF
Exploring sql server 2016
Antonios Chatzipavlis
 
PDF
Live Query Statistics & Query Store in SQL Server 2016
Antonios Chatzipavlis
 
PDF
Microsoft SQL Family and GDPR
Antonios Chatzipavlis
 
PDF
Introduction to azure document db
Antonios Chatzipavlis
 
PDF
Introduction to sql database on azure
Antonios Chatzipavlis
 
PDF
Exploring sql server 2016 bi
Antonios Chatzipavlis
 
PDF
Introduction to Machine Learning on Azure
Antonios Chatzipavlis
 
PDF
Azure SQL Data Warehouse
Antonios Chatzipavlis
 
Row level security
Antonios Chatzipavlis
 
Introduction to Azure Data Lake
Antonios Chatzipavlis
 
Exploring sql server 2016
Antonios Chatzipavlis
 
Live Query Statistics & Query Store in SQL Server 2016
Antonios Chatzipavlis
 
Microsoft SQL Family and GDPR
Antonios Chatzipavlis
 
Introduction to azure document db
Antonios Chatzipavlis
 
Introduction to sql database on azure
Antonios Chatzipavlis
 
Exploring sql server 2016 bi
Antonios Chatzipavlis
 
Introduction to Machine Learning on Azure
Antonios Chatzipavlis
 
Azure SQL Data Warehouse
Antonios Chatzipavlis
 
Ad

Similar to Dynamic data masking sql server 2016 (20)

PPTX
Keeping Private Data Private
Dobler Consulting
 
PPTX
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...
Karen Lopez
 
PPTX
Designer's Favorite New Features in SQLServer
Karen Lopez
 
PPT
SQL Server 2016 Security Features
Sam Nasr, MCSA, MVP
 
PPTX
"Test Data Management In a Nutshell" by Satyajit Singh
Agile Testing Alliance
 
PDF
Data masking a developer's guide
Sriramachandra Murthy
 
PPTX
Snowflake Data Access.pptx
Anup Mukhopadhyay
 
PPTX
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
Jürgen Ambrosi
 
PDF
Oracle Data Masking
Inprise Group
 
PPTX
Karen's Favourite Features of SQL Server 2016
Karen Lopez
 
PDF
Data masking techniques for Insurance
NIIT Technologies
 
PPTX
Securing SQL Azure DB? How?
Boris Hristov
 
PPTX
MySQL Enterprise Data Masking
Georgi Kodinov
 
PPTX
DevTalks.ro 2019 MySQL Data Masking Talk
Georgi Kodinov
 
PPTX
Securing SQL Azure DB? How?
Boris Hristov
 
PPTX
SQL Server 2016 New Security Features
Gianluca Sartori
 
PPTX
Masking and Encryption Considerations.pptx
Joe Orlando
 
PDF
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix LLC
 
PDF
Data goverance two_8.2.18 - copy
Sandra (Sandy) Dunn
 
PPTX
Seguridad en sql server 2016 y 2017
Maximiliano Accotto
 
Keeping Private Data Private
Dobler Consulting
 
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...
Karen Lopez
 
Designer's Favorite New Features in SQLServer
Karen Lopez
 
SQL Server 2016 Security Features
Sam Nasr, MCSA, MVP
 
"Test Data Management In a Nutshell" by Satyajit Singh
Agile Testing Alliance
 
Data masking a developer's guide
Sriramachandra Murthy
 
Snowflake Data Access.pptx
Anup Mukhopadhyay
 
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
Jürgen Ambrosi
 
Oracle Data Masking
Inprise Group
 
Karen's Favourite Features of SQL Server 2016
Karen Lopez
 
Data masking techniques for Insurance
NIIT Technologies
 
Securing SQL Azure DB? How?
Boris Hristov
 
MySQL Enterprise Data Masking
Georgi Kodinov
 
DevTalks.ro 2019 MySQL Data Masking Talk
Georgi Kodinov
 
Securing SQL Azure DB? How?
Boris Hristov
 
SQL Server 2016 New Security Features
Gianluca Sartori
 
Masking and Encryption Considerations.pptx
Joe Orlando
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix LLC
 
Data goverance two_8.2.18 - copy
Sandra (Sandy) Dunn
 
Seguridad en sql server 2016 y 2017
Maximiliano Accotto
 

More from Antonios Chatzipavlis (20)

PPTX
Data virtualization using polybase
Antonios Chatzipavlis
 
PDF
SQL server Backup Restore Revealed
Antonios Chatzipavlis
 
PDF
Migrate SQL Workloads to Azure
Antonios Chatzipavlis
 
PDF
Machine Learning in SQL Server 2019
Antonios Chatzipavlis
 
PDF
Workload Management in SQL Server 2019
Antonios Chatzipavlis
 
PDF
Loading Data into Azure SQL DW (Synapse Analytics)
Antonios Chatzipavlis
 
PDF
Introduction to DAX Language
Antonios Chatzipavlis
 
PDF
Building diagnostic queries using DMVs and DMFs
Antonios Chatzipavlis
 
PDF
Exploring T-SQL Anti-Patterns
Antonios Chatzipavlis
 
PDF
Designing a modern data warehouse in azure
Antonios Chatzipavlis
 
PDF
Modernizing your database with SQL Server 2019
Antonios Chatzipavlis
 
PDF
Designing a modern data warehouse in azure
Antonios Chatzipavlis
 
PDF
SQLServer Database Structures
Antonios Chatzipavlis
 
PDF
Sqlschool 2017 recap - 2018 plans
Antonios Chatzipavlis
 
PDF
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
Antonios Chatzipavlis
 
PDF
Statistics and Indexes Internals
Antonios Chatzipavlis
 
PDF
Implementing Mobile Reports in SQL Sserver 2016 Reporting Services
Antonios Chatzipavlis
 
PDF
Auditing Data Access in SQL Server
Antonios Chatzipavlis
 
PDF
Stretch db sql server 2016 (sn0028)
Antonios Chatzipavlis
 
PDF
Troubleshooting sql server
Antonios Chatzipavlis
 
Data virtualization using polybase
Antonios Chatzipavlis
 
SQL server Backup Restore Revealed
Antonios Chatzipavlis
 
Migrate SQL Workloads to Azure
Antonios Chatzipavlis
 
Machine Learning in SQL Server 2019
Antonios Chatzipavlis
 
Workload Management in SQL Server 2019
Antonios Chatzipavlis
 
Loading Data into Azure SQL DW (Synapse Analytics)
Antonios Chatzipavlis
 
Introduction to DAX Language
Antonios Chatzipavlis
 
Building diagnostic queries using DMVs and DMFs
Antonios Chatzipavlis
 
Exploring T-SQL Anti-Patterns
Antonios Chatzipavlis
 
Designing a modern data warehouse in azure
Antonios Chatzipavlis
 
Modernizing your database with SQL Server 2019
Antonios Chatzipavlis
 
Designing a modern data warehouse in azure
Antonios Chatzipavlis
 
SQLServer Database Structures
Antonios Chatzipavlis
 
Sqlschool 2017 recap - 2018 plans
Antonios Chatzipavlis
 
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
Antonios Chatzipavlis
 
Statistics and Indexes Internals
Antonios Chatzipavlis
 
Implementing Mobile Reports in SQL Sserver 2016 Reporting Services
Antonios Chatzipavlis
 
Auditing Data Access in SQL Server
Antonios Chatzipavlis
 
Stretch db sql server 2016 (sn0028)
Antonios Chatzipavlis
 
Troubleshooting sql server
Antonios Chatzipavlis
 

Recently uploaded (20)

PDF
[EN] Industrial Machine Downtime Prediction
Mônica N. de Resende
 
PPTX
Introduction to Knowledge Engineering Part 1
busyprogrammersguide
 
PPTX
ALIMENTARY AND BILIARY CONDITIONS 3-1.pptx
chepkoitcheruiyot
 
PDF
BF and FI - Blockchain, fintech and Financial Innovation Lesson 2.pdf
JamesWilliams752225
 
PPT
Quality review (1)_presentation of this 21
abobaker13
 
PPTX
Data_Analytics_and_PowerBI_Presentation.pptx
ZubyrAhmed
 
PPTX
oil_refinery_comprehensive_20250804084928 (1).pptx
TusharPrajapati65
 
PPTX
Market Analysis -202507- Wind-Solar+Hybrid+Street+Lights+for+the+North+Amer...
LEDLUXX Smart Lite TEC
 
PPTX
Computer network topology notes for revision
BatoolRawat
 
PPTX
Acceptance and paychological effects of mandatory extra coach I classes.pptx
ZaheerAhmad228692
 
PPTX
SAP 2 completion done . PRESENTATION.pptx
POORNIMAN26
 
PDF
Mega Projects Data Mega Projects Data
saidsalah8181
 
PPTX
AI Strategy room jwfjksfksfjsjsjsjsjfsjfsj
ankitpratapsingh28
 
PPTX
01_intro xxxxxxxxxxfffffffffffaaaaaaaaaaafg
Vittaya Boon Suwansiri
 
PPTX
Introduction to Basics of Ethical Hacking and Penetration Testing -Unit No. 1...
AshutoshDeshmukh33
 
PPTX
STUDY DESIGN details- Lt Col Maksud (21).pptx
AyeshaAsha11
 
PDF
"Python Programming for Geospatial Data Science." ...
institute of Geoinformatics and Earth Observation at PMAS ARID Agriculture University of Rawalpindi
 
PDF
annual-report-2024-2025 original latest.
nityanema19
 
PPTX
IBA_Chapter_11_Slides_Final_Accessible.pptx
SrikantKapoor1
 
PPTX
mbdjdhjjodule 5-1 rhfhhfjtjjhafbrhfnfbbfnb
CHINTU5000
 
[EN] Industrial Machine Downtime Prediction
Mônica N. de Resende
 
Introduction to Knowledge Engineering Part 1
busyprogrammersguide
 
ALIMENTARY AND BILIARY CONDITIONS 3-1.pptx
chepkoitcheruiyot
 
BF and FI - Blockchain, fintech and Financial Innovation Lesson 2.pdf
JamesWilliams752225
 
Quality review (1)_presentation of this 21
abobaker13
 
Data_Analytics_and_PowerBI_Presentation.pptx
ZubyrAhmed
 
oil_refinery_comprehensive_20250804084928 (1).pptx
TusharPrajapati65
 
Market Analysis -202507- Wind-Solar+Hybrid+Street+Lights+for+the+North+Amer...
LEDLUXX Smart Lite TEC
 
Computer network topology notes for revision
BatoolRawat
 
Acceptance and paychological effects of mandatory extra coach I classes.pptx
ZaheerAhmad228692
 
SAP 2 completion done . PRESENTATION.pptx
POORNIMAN26
 
Mega Projects Data Mega Projects Data
saidsalah8181
 
AI Strategy room jwfjksfksfjsjsjsjsjfsjfsj
ankitpratapsingh28
 
01_intro xxxxxxxxxxfffffffffffaaaaaaaaaaafg
Vittaya Boon Suwansiri
 
Introduction to Basics of Ethical Hacking and Penetration Testing -Unit No. 1...
AshutoshDeshmukh33
 
STUDY DESIGN details- Lt Col Maksud (21).pptx
AyeshaAsha11
 
"Python Programming for Geospatial Data Science." ...
institute of Geoinformatics and Earth Observation at PMAS ARID Agriculture University of Rawalpindi
 
annual-report-2024-2025 original latest.
nityanema19
 
IBA_Chapter_11_Slides_Final_Accessible.pptx
SrikantKapoor1
 
mbdjdhjjodule 5-1 rhfhhfjtjjhafbrhfnfbbfnb
CHINTU5000
 

Dynamic data masking sql server 2016

  • 3. SQLschool.gr Team Antonios Chatzipavlis SQL Server Evangelist • Trainer Vassilis Ioannidis SQL Server Expert • Trainer Fivi Panopoulou System Engineer • Speaker Sotiris Karras System Engineer • Speaker
  • 7. Presentation Content  Introducing Dynamic Data Masking  Using Dynamic Data Masking  DDM on Azure  Some points to keep
  • 9. • Protect sensitive data and personally identifiable information • Regulatory Compliance • Expose sensitive data only on a need-to-know basis • Custom obfuscation in application, views or third party solutions are used to address this need The Need
  • 10. Dynamic Data Masking in SQL Server 2016 • Built-in feature for SQL Server 2016 and Azure SQL DB • Data masked on the fly when queried, underlying data do not change • Control on how the data appear in the result set  Dynamic data masking is a data protection feature that masks the sensitive data in the result set of a query over chosen database fields
  • 11. • Protects against unauthorized disclosure of sensitive data in the application • Very simple to configure and use • Does not require changes in application code • Centralized masking logic Benefits
  • 12. • “Dynamic data masking does not aim to prevent database users from connecting directly to the database and running exhaustive queries that expose pieces of the sensitive data” • It is not a method for physical data encryption • It is complementary to other SQL Server security features Keep in mind
  • 13. Using Dynamic Data Masking  Steps  Masking Functions  Permissions  System view information
  • 15. • Decide which columns need to be masked • Choose the masking function that best fits your needs for each column • Alter columns to add the masking rules • The underlying data is unaffected • Designate which users should see masked data and configure the permissions. Steps
  • 16. Default Masking Functions Data Type Family Masked Data String XXXX Numeric 0 Date and Time 01.01.1900 00:00:00.0000000 Binary 0 ALTER COLUMN ColumnName ADD MASKED WITH (FUNCTION = 'default()') Full masking according to the data types of the designated fields.
  • 17. Email Masking Functions ALTER COLUMN ColumnName ADD MASKED WITH (FUNCTION = ‘email()') Exposes the first letter of an email address and the constant suffix ".com", in the form of an email address. aXXX@XXXX.com
  • 18. Random Masking Functions ALTER COLUMN ColumnName ADD MASKED WITH (FUNCTION = 'random([start range], [end range])') A random masking function for use on any numeric type to mask the original value with a random value within a specified range.
  • 19. Custom String (Partial) Masking Functions ALTER COLUMN ColumnName ADD MASKED WITH (FUNCTION = ‘partial(prefix,[padding],suffix)’ Exposes the first and last letters and adds a custom padding string in the middle • Phone: partial(4,”XXXXXXXXXXX”,0) • Credit Card: partial(0,”XXXX-XXXX-XXXX-”,4) • Email: partial(1,”xxxx@xxxx.”,2)
  • 20. • To retrieve the original data the user must have the UNMASK permission • To add, replace, remove masking of existing columns ALTER ANY MASK permission • The CONTROL permission on the database includes both the ALTER ANY MASK and UNMASK permission ! Users without UNMASK but with UPDATE permission can still update data. Permissions
  • 21. system view to query for table-columns that have a dynamic data masking function applied to them • Simlar to sys.columns view • is_masked • masking_function sys.masked_columns
  • 22. Dynamic Data Masking in Action
  • 24. Azure Set up DDM using Azure Portal • Define users excluded from masking • Define Masking rules • Designated fields and masking functions for each one There is a recommendations engine that proposes potentially sensitive fields to mask
  • 25. Azure Default Full Masking according to the datatypes Credit card XXXX-XXXX-XXXX-1234 Social Security number XXX-XX-1234 Email aXX@XXXX.com Random Number Random number between selected boundaries Custom Text Prefix, Padding String, Suffix
  • 26. Some points to keep  Limitations and Restrictions  Considerations  Performance
  • 27. • Not compatible with Always Encrypted columns • Not compatible with File Stream • Not compatible with Column set • A column with data masking cannot be a key for a FULLTEXT index. • Masking rule cannot be defined on a computed column Limitations and Restrictions
  • 28. • Dynamic Data Masking is applied when running SQL Server Import and Export • Dynamic Data Masking is applied when using SELECT INTO or INSERT INTO to copy data from a masked column • Be careful with updates Considerations
  • 29. Minimal Performance Impact Data masking is performed right before the data is returned. Performance SELECT * FROM Person.EmailAddress;
  • 32. S E L E C T K N O W L E D G E F R O M S Q L S E R V E R Copyright © 2015 SQLschool.gr. All right reserved. PRESENTER MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION