Data Compliance

Your Quick Guide to Enterprise Data Masking

Learn how masking your enterprise data can boost data security and enable business innovation.

Data masking, also referred to as data de-identification or obfuscation, is a method of protecting sensitive data by replacing the original value with a fictitious but realistic equivalent.

With data breach incidents regularly making news headlines and increased pressure from privacy regulations, such as GDPR, CCPA, PCI DSS, CPRA and HIPAA, organizations must ensure that sensitive data is secure across their enterprise.

Masked data is also essential for enabling innovation. As IT leaders realize that data is key to building data-driven applications and unlocking competitive advantage, it’s becoming increasingly important to provide secure access to data that flows across an organization to innovate faster and at scale, without compromising privacy and security.

The vast majority of sensitive data in an enterprise exists in non-production environments used for development and testing. Non-production environments represent the largest surface area of risk in an enterprise, where there are up to 12 copies for non-production purposes for every copy of production data that exists. To test adequately, realistic data is essential, but real data runs considerable data security risks.

Companies need to be able to address these challenges by combining modern security practices, like data masking, with the ability to move data fast to those who need it, when they need it.

There are 6 key components your data masking solution must have to ensure both security and innovation across your enterprise.

Referential Integrity

Application development teams require fresh, full copies of the production database for their testing. True data masking techniques transform confidential information and preserve the integrity of the data.

For example, George must always be masked to Elliot or a given social security number (SSN) must always be masked to the same SSN. This helps preserve primary and foreign keys in a database needed to evaluate, manipulate and integrate the datasets, along with the relationships within a given data environment as well as across multiple, heterogeneous datasets (e.g., preserving referential integrity when you mask data in an Oracle Database and a SQL Server database).

Unmasked vs Masked


Your data masking solution must give you the ability to generate realistic, but fictitious, business-specific data, so testing is feasible but provides zero value to thieves and hackers. The resulting masked values should usable for non-production use cases. You can’t simply mask names into a random string of characters.


The algorithms must be designed such that once data has been masked, you can’t back out the original values or reverse engineer the data.

Extensibility & flexibility

Your data masking solution needs to work with the wide variety of data sources that businesses depend on and should be customizable. Moreover, businesses should not be required to program their own masking algorithms or rely on extensive administrator involved.


Lastly, masking is not a one-time process, it should happen repeatedly as data changes over time. It needs to be fast and automatic while allowing integration with your workflows, such as SDLC or DevOps processes.

Integration with delivery mechanisms

Masking isn’t valuable if you can’t get masked data to those who need it. The process of provisioning data can takes days weeks, so data masking should be seamlessly integrated with data delivery with just a few mouse clicks.

What’s a better way forward? Learn how you can stay compliant with regulations, meet cloud mandates with less risk and protect sensitive data from unauthorized access with Delphix data masking and data virtualization technology.