Masking data in database queries

Once you have re-pointed your application’s database queries to the UserClouds proxy, you can begin intercepting and masking data flowing into your application.

Types of Masking:

  • Transformation: This is an irreversible data masking technique. For example, transforming [email protected] to s****@*****.com.
  • Tokenization: This is a reversible data masking technique. The data is transformed into a unique semi-random string (or token), which can later be exchanged for the raw data. The token is associated with an access policy at creation time, which governs the circumstances under which the token can be resolved or de-tokenized.

Steps to Mask Outbound Data for a Particular Query:

  1. Trigger the Query: Trigger the query in the application if you haven’t already (e.g., by loading a table of data or a user profile).
  2. Select and Edit the Query: In the UserClouds Console, go to Accessors (under Access Methods), select the query in your list of data accessors and click "Edit".
  3. Find the Column to Mask: Scroll down to the columns section and locate the column you would like to mask, such as SSN or email.
  4. Apply a Transformer: Use the dropdown to apply a new transformer and click "Save".
    • If you mask data using a transformer of type TokenizeByValue or TokenizeByReference, the data will be tokenized (i.e., reversibly masked).
    • In this case, you will need to select a token access policy, which will determine the circumstances under which the token can be resolved back into the raw data.

Now, UserClouds will intercept that query and mask the data in the specified column according to the data transformer. You can test this in your application UI to ensure it is working as expected.

For more details, see sections on Transformers, Access Policies and Accessors.