Dynamic Data Masking (DDM) is a new security feature in Microsoft SQL Server 2016 and Azure SQL DB. The main documentation is here(also see link under Resources at end). This post is a quick how-to intro to DDM, including applying it in a database and managing which principals see masked or unmasked data. I’ll also answer a few questions that commonly come up.
What is DDM?
Picture this scenario. You have a database table which storessensitive data, such as social security numbers, in the clear (unencrypted). Anyone with appropriate access can runselect *against this table and see all the sensitive data.
This becomes a concern in organizations where production data is periodically restored into development, test, and/or staging environments. Developers, testers, and other people need to work with the data, but have visibility to sensitive data. This is clearly concerning (and may be unlawful in some jurisdictions). How do we give these roles the data they need, while protecting sensitive data?
Read the entire article here, Get started with Dynamic Data Masking in SQL Server 2016 and Azure SQL DB Patrick’s Azure Blog
via the fine folks at Microsoft