Azure SQL Database Now More Secured with Dynamic Data Masking Feature Availability

Dynamic Data Masking (DDM) is now generally available for Azure SQL Database version V12. DDM is specifically designed to protect sensitive data by limiting access to the sensitive data in the database by clouding it on the fly in query results. DDM changes the data stream to forbid the data requester from getting access to the sensitive data while the original data remains same.

This means that the users will be able to hide their sensitive or confidential data in the application by masking certain fields in the database itself. Even the data exposure to engineers or the iTOps personnel can be prevented who usually connect to the production data for troubleshooting or maintenance purposes.

The feature is exceptionally simple to configure and deploy and demonstrates Microsoft Azure’s promptness to ensure safety and privacy of data. Users can enable masking by outlining the masking rules or provisions over the designated fields that determines the way in which the data will appear on these fields during the query results.

Let me explain how it’ll go…

User can either define a partial mask or full mask over the data. If it defines partial mask, then, in the selected field, only some of the data will be exposed, let’s say only the first and last characters will appear, while remaining characters will be masked. Whereas in full masking, no data will get exposed and the field’s data will get replaced by a constant value.

Therefore, when the queries will be performed in the database, either through application or via using a tool like SSMS, data in the designated fields will be masked as per the user defined policies. You can even list the excluded users who shall always get full access to original data.

On the whole, DDM is typically one of the security features for Azure SQL Database. Here are a few listed benefits of using it:

• Easy creation of Data Masking Policy via Azure Portal, PowerShell cmdlets or T_SQL Configuration
• AAD authentication is supported by DDM, and the AAD groups and users can avail DDM exclusion permissions
• Database procedures or application code modification not required

Concluding

Microsoft Azure Platform is emerging as one of the few cloud platforms that are putting rigorous efforts to serve customer’s data protection requirements. DDM is highly capable of protecting data, monitoring and controlling database activities, thereby ensuring complete data security and confidentiality for the users.