Dynamic Data Masking Policies in Data 360

Dynamic data masking conceals sensitive data without altering its usability, accuracy, or relationships. It applies to all Data 360 objects and fields, regardless of the access method.

Data 360 protects sensitive data by encrypting it at rest, which prevents unauthorized access even if the database is compromised. With dynamic data masking, authorized users can view the data, but sensitive data is masked to prevent them from seeing it in plaintext.

Masking works together with other security features. First, access policies determine if users can see data. Then, masking policies determine if the user sees the data masked or unmasked. This is also known as dynamic or query-time masking.

Supported masking methods include redaction (with selective redaction), nullification, and rounding of datetime or numeric values for structured data.

• Dynamic Masking Types in Data 360
  Dynamic data masking policies protect sensitive data by changing or hiding values when you query them. This is done based on user information, roles, or policy rules, but it doesn't change the data itself.
• Create a Dynamic Data Masking Policy for Structured Data in Data 360
  Protect sensitive information by restricting data visibility based on user roles and permissions.
• Masking Unstructured Data in Data 360 (Beta)
  Mask sensitive information in unstructured files, such as PDFs and text documents, so that only authorized users can view it. Masking policies work on sensitive data that’s automatically tagged or identified.
• Create a Dynamic Data Masking Policy for Unstructured Data (Beta)
  Define a masking policy to protect sensitive information in unstructured files such as PDFs and text documents.
• Dynamic Data Masking Best Practices
  Here are some best practices for implementing dynamic data masking in Data Cloud.