Informatica Delivers ‘Industry's First Dynamic Data Masking' Solution

Bookmark and Share

Informatica Corporation has announced the availability of what the company describes as the industry's first dynamic data masking (DDM) solution. Informatica Dynamic Data Masking provides real-time, policy-driven obfuscation of sensitive data to address a wide range of common data security and privacy challenges without requiring any changes to database or application source code and is intended to address problems that cannot be solved by other technologies such as IAM (identity access management), SDM (static data masking).

Informatica Dynamic Data Masking is based on technology developed by ActiveBase, which was acquired by Informatica in July, 2011.

For the past 6 years, Informatica has offered a data masking solution which is focused on persistent data masking or static data masking, for one-way irreversible modification or transformation of the data for non-production environments, says Adam Wilson, general manager for the Information Lifecycle Management division of Informatica. However, increasingly, customers are also asking for a solution that can apply similar principles to data in production. Obviously, says Wilson, that poses a unique challenge because unlike non-production data where it is acceptable to "physically and irreversibly" alter the data, that is not possible for production data.

"What we were able to do in releasing this new data offering is to use a proxy that sits in between the application and the production database, and in real time, it will parse the SQL and access a privacy policy to understand the specifics of the user, their role and their privileges, as well as what information is considered sensitive, and then will rewrite the SQL so that it uses the transformations from the database to ultimately return partially masked,  fully masked, or blocked data based on what that end user is allowed to see," explains Wilson. This does not touch the underlying data that is in the database, and doesn't require any modifications of the application that is generating the SQL, he adds.

By enabling different masking algorithms to be applied dynamically to different sensitive data elements based on user privilege levels, Informatica Dynamic Data Masking's enables customers have much more control over how information gets exposed to end users. Used in conjunction with data encryption to secure data at rest and with database activity monitoring to log and analyze utilization, dynamic data masking provides a complement to ensure end-to-end security for production databases and applications.

"What we recommend as a best practice is to use what we call 'persistent data masking' for creating these non-production environments, and using 'dynamic data masking' for production environments. They are really two different approaches to solving the same problem but they are optimized for solving slightly different scenarios or use cases," says Wilson.  "Together, they create an end-to-end data masking solution across production and non-production."  For more information, go to