What is Dynamic Data Masking?

Dynamic Data Masking (DDM) limits sensitive data exposure by masking it to non-privileged users. It can be used to greatly simplify the design and coding of security in an application.

In SummitAI, DDM is applied for all the tables and columns (except the limitations mentioned in the following section) to hide the sensitive data in the result sets of queries. With DDM, the data in the database is not changed. It is easy to use with existing applications since masking rules are applied in the query results.

Data Masking Representation

The sensitive data is masked and the values are represented as follows:

Text values as "XXXX".
Data and Time values as "1900-01-01 00.00.00.000".
Number values as "0".

Data Masking Representation

Figure: Data Masking Representation

Limitations

Data Masking cannot be defined or there will be an impact for the following column types:

Encrypted columns (Always Encrypted)
FILESTREAM
COLUMN_SET or a sparse column that is part of a column set.
After Masking, if a column is involved in the filtered index, the index is dropped and re-created.
Masking cannot be applied in a computed column. But, if any dependent column is masked, the computed column returns the masked data.
Columns involved in the FULLTEXT index.
The schema binding columns
Columns on which filtered index is created. The filtered index is dropped and re-created.
Primary key columns

Feature Exclusion List

The following features are excluded from Dynamic Data Masking:

Concurrent License Notification
CINDE - Notification Service
Performance Improvement for the Alerts Count Calculation Notification
DB Object Related to Asset Software Variance (This is applicable if the SQL Server version is lesser than SQL 2017 CU18)

Why are these features not supported in DDM?

The Notification related features (1-3) do not work when DDM is enabled since they use an internal SQL feature called Service Broker, which currently does not support masking enabled DB objects. These DB objects are used in Notifications. On enabling DDM for Asset Software Variance, for one of the DB objects, SQL errors are found. The DB object is excluded from DDM.

Enabling Data Masking

In order to use the Data Masking feature, the Data Masking feature needs to be enabled in the SummitAI Setup Tool. To enable the feature, please contact the SummitAI Implementation Team.

Disabling Data Masking

In order to disable Data Masking, please contact the SummitAI Support Team.

What is Dynamic Data Masking?

Data Masking Representation

Limitations

Feature Exclusion List

Enabling Data Masking

Disabling Data Masking

Release Notes | Installation Guide | Other Documents