Applies to
ApexSQL Mask
Summary
This article explains what sensitive data is, how to classify data as sensitive and how to work with sensitive data filters
Description
Sensitive data is data that contains critical and/or private information such as personally identifiable information, email address, national id, credit card number, social security number etc.
Sometimes database administrators need to share backup or any other data containing files with internal or external stakeholders and therefore in order to protect the sensitive data, data masking becomes an option
ApexSQL Mask sensitive data filters are used for determining whether data is classified or not against certain conditions. Filters use several conditions to determine whether the column contains sensitive data or not. Default scanning works immediately after the initial data source connection is established:
The option to automatically scan sensitive data can be checked under the General tab in the Options window:
If some additional columns need to be classified as sensitive data, this can be done manually by choosing the All columns button in the Home tab and then checking the desired columns:
ApexSQL Mask filters can be accessed from the Home tab by clicking the Filters button:
Pre-defined filters
There are 50+ predefined filters divided into the 12 categories. By default, all predefined filters are included into the scanning process. Filters can be enabled or disabled by checking and unchecking checkboxes in the Manage data classification filters window:
Predefined filters cannot be edited or deleted.
Custom filters
Custom filters can be created in the same Manage data classification filters window by clicking the New button:
The Name and Description fields correspond to the new filter name and the description that will be shown in Manage data classification filters window. There are 5 type of default generators: Use original, Predefined, Random, Specific value and Regular expression. If the column doesn’t support a selected generator type, the column won’t be marked as classified:
Filtering
By column name
A shown in the picture, Columns names can be entered to match the exact name or the column pattern can be entered which will address the scope of columns that contain defined pattern in their name:
By field length
The Field value represents the minimum and maximum length of data in the column.
By data
The values that are entered in the Regex text box can be added to regex expression list with “+” and are used to check the data from the column whether they correspond to any of defined expressions from the list.
Managing custom filters
Custom filters will be listed in separate section and are will be editable and can be deleted, for enabling and disabling check the checkboxes in the custom filter section:
Importing and Exporting
ApexSQL Mask filters can be exported by choosing Export button in the Manage data classification filters window which will save the current state of predefined and custom checked filters so they can be used again in another project. Importing filters from the Import button will load and override the current state of the default loaded filters.
To apply the all changes from the Manage data classification filters window and re-scan the database again, use the Refresh button from the Home tab and it will show the newly scanned columns that will contains sensitive data:
The columns that are flagged with red circle 
are columns that contain sensitive data
