Securing On-Premise Data Through Data Masking


Cloud computing has grown in popularity over the years due to the several benefits it offers like higher scalability, flexibility and low infrastructure costs. At the same time, security has always been a prime concern, particularly in applications handling sensitive personal and commercial data. Enterprises face a relentless onslaught of security challenges ranging from DDoS attacks, Database compromise, unauthorized entry, breach of access control, login flaws, vulnerabilities across sessions, multiple authentications, caches, etc. A study of 2200 companies reveals that 48% of respondents with on-premise data centres suffer data attacks.

So, the challenge is how to provide greater security for enterprise data? How can companies make data available to their employees for development, testing or analysis purposes without running the risk of a data breach?

Data Masking or data obfuscation provides an efficient way of addressing security concerns with storing data in the cloud. It involves replacing sensitive data with fake but realistic data prior to moving to the cloud.

Advantages of Data Masking

Following is a list of a few advantages of using Data Masking:

  • It provides a viable solution to five types of threats – data breaches, data loss, account or service hijacking, insecure interfaces and malicious use of data by insiders
  • Masked data retains its integrity and structural format
  • Data can be shared with authorized people, including developers and testers, without fear of exposing production data
  • Significantly reduces data risks associated with increasing cloud adoption
  • Cost effective and less complicated than encryption, and mitigates insider threat
Masking Techniques

Multiple data masking techniques are used to ensure that the data is kept secure. Notable among them are:

  • Substitution – Substitute values with other similar values. For example, substitute names with other names of the same gender.
  • Shuffling – Move values vertically and randomly across the column. This is useful in disassociating sensitive data relationships.
  • Blurring – Altering an existing value within a defined range.
  • Tokenization – Substituting data elements with random place holder values.
What is Dynamic Masking?

This is the process of masking production data at the point when the data request is actually made. There are two types of dynamic masking:

  • View-based masking maintains the production version and the masked version of the data in the same database. Users who are not approved to view production data or who trigger the security filter in any way are shown masked data. The decision to show masked or production data is made in real-time based on pre-programmed rules.
  • Proxy-based masking introduces a proxy layer between the user and the database. The user query passes through the proxy that substitutes the result of the query with masked values. This provides data protection without the need to alter the database.

Another recent technique is query substitution that intercepts and redirects the query to retrieve data from masked columns. Such queries are very flexible and can pick masked data from a view or file or even link to another database.

As organizations cannot afford to shy away from the cloud because of the security threats due the benefits they offer. Using techniques like Data Masking help to provide an effective way to leverage the benefits of the cloud without compromising on security. To know more about how Cigniti can help you take advantage of Security testing, log on to or write to

About Cigniti:
Cigniti Technologies, Global Leaders in Independent Software Testing (IST) Services, has its European headquarters in London. Cigniti’s over 1800 people team is spread across US, UK, India, Australia, and Canada. Cigniti is the world’s first IST Services Company to be appraised at CMMI-SVC v1.3, Maturity Level 5, and is also an ISO 9001:2008 & ISO 27001:2013 certified organization. Gartner recognizes and lists Cigniti as a Pure-Play Testing services provider with multi-domain skills. Forrester cites Cigniti among the 9 services firms and systems integrators working to enable Quality at Speed. NelsonHall ranks Cigniti Technologies as a Leader in Software Testing NEAT Charts. Everest Group recognizes Cigniti as a Major Contender with a “Best in Class” rating for Buyer satisfaction in the PEAK Matrix™ for Independent Testing Services, while Forbes recognizes Cigniti as Asia’s 200 best under-billion companies.