Dynamic Data Masking Mechanism on Cloud Platform

Page 1

International Research Journal of Engineering and Technology (IRJET)

e-ISSN: 2395-0056

Volume: 09 Issue: 08 | Aug 2022

p-ISSN: 2395-0072

www.irjet.net

Dynamic Data Masking Mechanism on Cloud Platform Chirag Dave, Deepa Dave Chirag Dave, Program Manager, Department of Education Deepa Dave, Snowflake Lead Consultant, Under Armor ---------------------------------------------------------------------***---------------------------------------------------------------------

Abstract - In recent years, Cloud Computing is gaining popularity and has changed the overall business computing environment. It is flexible and cost effective. However, this change has brought its own set of Data Security challenges.

In this paper, the author has focused on explaining the application of Dynamic Data Masking policies using ELT tool named Data Build Tool (DBT). This paper attempts to describe a detailed approach to create the DDM policies on Cloud Datawarehouse (Snowflake) and applying those DDM policies to DBT models which will selectively mask the plain text data and view columns at query time within Snowflake before sharing it outside the organization. This white paper addresses the Data masking aspects for most of the projects which use Snowflake and DBT as their Data Warehouse and ELT tool respectively.

Chart -1: DBT Orchestration

Detailed Description of DDM policies that are available in DBT:

Key Words: Cloud Computing, Data Security, Data

Sharing, Data Masking, Data Build Tool, Snowflake, DBT Macro, DDM Policies

If your role access is approved in the DDM policy you will see the raw value, otherwise a masked value will be returned.

1. INTRODUCTION

1. Hashed DDM (for string data types)

With humongous Data Sharing capabilities on Cloud Platform, Organization’s sensitive information has been the utmost threat, as most of third-party infrastructure can access this information remotely and from anywhere around the world. One of the instrumental solutions to overcome this Data Security threat, is to protect this sensitive information from unauthorized access is with the implementation of Dynamic Data Masking (DDM) on Cloud Data Warehouse.

Purpose: Maintains privacy while allowing the column value to still be joinable to other objects that have the same Hashed DDM policy

Policy: hash_mask Masked Value: sha2(concat(lower(val), 'salt')) 2. Asterisks DDM (for string data types)

2. BACKGROUND OF THE PROJECT

Purpose: Maintains privacy while allowing approved

There are numerous projects that have sensitive Customer and Personally Identifiable Information, which requires special Authentication for anyone in the organization to access it. The Customer may also be responsible to not share this information with Third Party vendors and Consultants. Below outlined is the high-level architecture of the project and the highlighted area is where the masking policies has been applied.

Snowflake roles to see the raw value.

3. SOLUTION IMPLEMENTATION

Snowflake roles to see the raw value.

Dynamic Data Masking is a Column-level Security feature that uses masking policies to selectively mask plain-text data in table and view columns at query time.

Policy: asterisks_binary_mask

© 2022, IRJET

|

Impact Factor value: 7.529

Policy: asterisks_mask Masked Value: ********** 3. Asterisks DDM (for binary data types) Purpose: Maintains privacy while allowing approved

Masked Value: to_binary('**********', 'utf-8') |

ISO 9001:2008 Certified Journal

|

Page 1321


Turn static files into dynamic content formats.

Create a flipbook