How to mask sensitive SQL Server data with redaction mask

Applies to

ApexSQL Mask

Summary

This article explains how to mask sensitive SQL server data with redaction mask

Description

With this database masking tool, sensitive data can be masked by using two types of rules:

  • Substitution – this type of mask uses specified generators to replace (masks) entire sensitive data in the specified database
  • Redaction – the type of mask which offers to the user custom value which will replace confidential data

When the users want to mask sensitive SQL Server data without using the different generators, but to use custom values, redaction type of the mask is the best solution.

Redaction mask

Click on the Manage button in the Home tab of this data masking tool is the first step in creating the Redaction mask:

The Manage button in the Home tab

The Manage masks window will be opened, where the Substitution type is checked by default. To create the Redaction mask, first, check the Redaction type and then click on the New button in the Manage masks window:

The create the redaction mask in the Manage masks window

That action will open the Create redaction mask window:

The Create redaction mask window

In the Create redaction mask window beside the Name and the Description text box, there are the following options which by selection will create the method of finding and mask sensitive SQL Server data:

  • Match case – match specific case when searching for a specific data value
  • Use wildcard – use wildcards to find data
  • Partial masking – redact a part of the value using a specific string
  • Include nulls – redact null values using replacement string

Creating the redaction mask using the Match case option

To mask sensitive SQL Server data with selected the Match case option in the Create redaction mask window do the following:

  1. In the Find what text box, type the characters or group of the symbols that will be masked
  2. Then in the Replace with text box, type the desired characters which will be used for masking chosen symbols from the Find what textbox:

The Match case option in the Create redaction mask window

Use wildcards option for creating redaction mask

The Use wildcards is used for finding the group of data that will be masked.

When the Use wildcard option is selected, a wildcard must be added to the Find what text box. To do that, click on the ellipsis button in the Create redaction mask window:

The Use wildcard option used for mask sensitive SQL Server data

That will open the Wildcard editor window in which can be added pattern for searching sensitive data that will be masked:

The Wildcard editor window

Defining patterns for a wildcard is possible with the use of specific characters that can be found by in the Syntax drop-down list. The pattern will be made by combining those special characters:

The special characters in the Wilcard editor window

When the pattern is created, by a click on the OK button, the Wildcard editor window will be closed. The created wildcard will be presented in the Find what textbox.

The next step is to choose symbols which will be used for masking and to type them in the Replace with textbox:

The Replace with text box

Use Partial masking option for creating redaction mask

Partial masking will mask the specified part of the data string. Partial masking is the best to use when the Match case or Use wildcards options are selected next to it.

In the Partial masking option can be chosen the following:

  • First – how many first values of the data will be replaced with the chosen character or the group of the symbols
  • Last – how many last values of the data will be replaced with the chosen character or the group of the symbols

The Partial masking option

When the position and how many characters will be masked are selected, in the Replace with textbox type character or group of symbols which will mask sensitive SQL Server data:

The Replace with textbox in the partial masking

Use Include nulls option for creating redaction mask

The Include nulls option, when selected will mask the nullable values from the sensitive SQL Server data:

Include nulls option to mask sensitive SQL Server data

How to newly created redaction mask applied to the chosen column

When all the options for masking the data in the Create redaction mask window are selected, the next step is to click the Apply button:

The Apply button in the Create redaction mask window

The Apply to columns window will be opened, where the list of sensitive columns in the loaded database will be shown. A selection of desired columns for masking should be created using the arrows from the Available grid to the Applied grid. When the columns are selected click on the OK button:

The Apply to columns window

Then the Create redaction mask window will be shown again and if all required fields are filled, click on the OK button:

The Ok button in the Create redaction mask window

The newly created redaction mask will appear in the Manage mask window:

The newly created redaction mask in the Manage masks window that can be used for mask sensitive SQL Server data

The Redaction mask created in this way can be used to mask sensitive SQL Server data.

 

Related posts:

  1. How to partially mask SQL Server data using redaction rule
  2. How to mask SQL Server data with the substitution mask
  3. How to mask data in SQL databases using the substitution rule type with the SQL script generator
  4. Mask SQL Server data with the Use original generator
  5. How to mask sensitive SQL Server data with external data sources