Manage Access to Sensitive Data
Mask, anonymize or redact sensitive data without creating database views or duplicating data.
Many organizations need to control who has access to sensitive data, like Personally Identifiable Information (PII) data, Payment Card Industry (PCI) data or Personal Health Information (PHI) data. Typically this requires deploying a static or dynamic data masking solution. But even with dynamic masking solution, data engineering teams still need to understand where sensitive data resides and define which data transformation to apply on each database column. This approach is challenging at scale when new data is introduced and existing data changes.
A better approach is to use Satori's universal data inventory and masking capabilities. When users query data, Satori automatically classifies it for any of the dozens of built-in data types in addition to any manual tagging Satori administrators can apply. By creating a policy to apply a masking profile on a dataset, when users query data, depending on their identity, the masking profile will be applied. You can even use a different masking profile for different users.
This approach requires zero configuration on the data store side, is universal across different types of data stores and highly maintainable - if a new table with sensitive data is added to a dataset, it will be automatically classified and the masking profile will be applied when needed.
To start managing access to sensitive data, follow these steps:
Create a masking profile
- Go to the Masking view on the main navigation panel
- Select a masking profile template from the template gallery and click create profile.
- Update the name and description of the profile.
- Adjust the data transformations to fit your needs and save the profile.
Create and configure a dataset
- Create a new dataset in the management console
- Add the relevant tables, schemas or databases to the dataset
Configure a masking policy on the dataset
- Go to the Custom Policy tab
- Click the Add button to add a new rule.
- Set a name for your rule and select the Mask action.
- Select the masking profile you created in the previous step.
- In the identity tags section choose which users should see masked data.
- Set a priority and click Generate.
- Save the custom policy.