Friday, July 14, 2017

New security feature in SQL Server 2016: Dynamic Data Masking

Dynamic Data Masking which is available in SQL Server 2016 allows you provide another level of security to your data, by masking data that you do not want unauthorized (by policies) users to peek into. Data in the database itself is unchanged. SQL Server 2016 has other security features besides dynamic data masking.

Data leaks and hacking has become too common place. SQL Server 2016 provides yet another way to protect data by this new feature, Dynamic Data Masking (DDM).  Developers and administrator should (must) use this feature to mask data from intentional prying eyes.

DDM is a nice feature that you should implement if are dealing with sensitive information (Credit card numbers, Social Security Numbers, etc).

Here is an image of credit card numbers being masked (perhaps not by DDM in this view)



Credit card masking imaged source: http://www.gsapps.com/images/masking2.gif

Read here about masking using JavaScript:

https://stackoverflow.com/questions/25367230/masking-a-social-security-number-input

Do you need special permission to create a table with a dynamic data mask?

No, you do not. Of course you need standard permissions like Create table, Alter on schema permissions.

The Alter Any Mask permission and Alter permission on  a Table are needed, though.

Read more about Dynamic Data Masking here:
https://docs.microsoft.com/en-us/sql/relational-databases/security/dynamic-data-masking