Data masking also known as the data obfuscation is the act of hiding the original data with random data or characters. The prime reason for implementing masking to a data sector is to secure data that is classified with personal sensitive data, personal identifiable data or commercially sensitive data but the data should be usable for undertaking valid test cycles and also should look real and appear consistent.
It is more general to have masking implemented to data that is represented outside of a corporate production system. More clearly where information is desired for building program extensions, production systems to fill the data component and conducting various test cycles. It is the most general practice in organization computing to move data from the production systems to populate the data component needed for these non- production environment.
But this method is not always limited to nonproduction environments. Data that appears on terminal screens to call center operators might have masking dynamically applied based or security permissions in some organizations — for example, stopping call center operators from seeing Credit Card Numbers in billing systems.
The main objection from the perspective of corporate governance is that personnel conducting work in these non- production environments are not always security cleared to operate with the information present in the product information.
This method shows a security hole where data can be copied by an unauthorized person and security techniques related to standard production level controls can be bypassed easily. This proves a data security breach or an access point. The overall method of data masking at an organization level must be tightly coupled with Test Management Practice and associated methodology and must incorporate processes for the masked test data subsets distribution.
The data used in data masking or obfuscation should be meaningful at different levels. The data must be useful to application logic and also for Social Security Number validation and Credit Card algorithm validation check. For example, if elements of addresses are to be masked and suburbs and cities are replaced with another suburbs or cities then if there is a feature within the application that validates postcode lookup or postcode then that feature must be allowed to operate without error and go on as expected.
