Thales background banner

Secure Static Data Masking

CipherTrust Batch Data Transformation

Static Data Masking

Static Data Masking refers to the process of transforming selected data in various data stores to unreadable or unusable forms, typically in order to utilise data sets while preventing misuse of sensitive data.

The startling breadth of static data masking use cases begins with these, each of which begin with “masking sensitive data”:

  • Prior to third-party data sharing
  • In databases shared with development, QA, research or analytics
  • Prior to adding a data set to a data lake or big data environment
  • In advance of starting big data extract, transform and load (ETL) operations

There are countless more static data masking use cases. CipherTrust Batch Data Transformation from Thales has use cases beyond static data making. Here are some examples:

  • Preparing a database for tokenisation or encryption deployment
  • Rekeying data in a database following a new key version or key rotation

CipherTrust Batch Data Transformation is part of the CipherTrust Data Security Platform. It leverages the power of CipherTrust Application Data Protection and CipherTrust Tokenisation to protect vast quantities of data quickly.

Batch Data Transformation
  • Benefits
  • Features
  • Specifications

Secure, cost-effective static data masking

Not every static data masking solution is secure. With Batch Data Transformation, you can depend on the security of centralised key management provided by CipherTrust Manager, which can provide up to FIPS 140-2 Level 3 key security. Meanwhile, every investment in the Data Security Platform makes it more valuable to you.

Accelerate Transformation of Existing Sensitive Data

Following deployment and execution of CipherTrust Data Discovery and Classification you can rapidly protect discovered sensitive information in database columns quickly and efficiently using either encryption or tokenisation with minimal disruption, effort and cost.

Enable database sharing with reduced risk

Static data masking enables you to remove the sensitive information before sharing with internal or third-party developers and big data environments while simultaneously maintaining your data integrity and supporting mission-critical testing and analytical activities.

Static Data Masking where you need it

Batch Data Transformation and its data protection tools are all software and completely cloud friendly. You can mask data on premises and use it in the cloud, mask data in the cloud and use it there, or secure data in one cloud and use it in another. The CipherTrust Data Security Platform provides a wide range of data protection capabilities from on-premises to cloud, enabling secure digital transformations. Learn how to bring your own encryption to the cloud.

Efficient Encryption

Large volumes of data are encrypted quickly with Batch Data Transformation in conjunction with CipherTrust Application Data Protection. Policy files define encryption options including standard AES encryption or format preserving encryption, while identifying the database columns to be protected and the number of records in each batch.

Flexible Tokenisation

An alternative to encryption for static data masking is tokenisation. Batch Data Transformation can use the CipherTrust Tokenisation Server to tokenise select database columns. Detokenisation is supported so that applications can access the clear data again when required, or, irreversible tokenisation can ensure that third parties never gain access to original sensitive data.

Flexible Conversion Between Data Stores

CipherTrust Batch Data Transformation can protect data while it is moving, for example, from a database to various flat file formats or in reverse.

Data Transformation Options

  • Cipher Block Chaining using the AES-CBC-PAD encryption mode
  • Format Preserving Encryption (FPE) with ASCII and Unicode character set options
  • Format preserving alpha/numeric
  • Tokenisation, reversible or irreversible

Source and Destination Transformation Options

  • Database to database
  • Flat file (CSV) to database
  • Database to flat file
  • Flat file to flat file

Hardware and Operating System Requirements

  • Processor with 4 cores, 16GB RAM (minimum)
  • Java Runtime Environment (JRE)
  • Windows
  • Linux – RedHat, CentOS, Ubuntu and SUSE

Related Resources

CipherTrust Batch Data Transformation - Product Brief

CipherTrust Batch Data Transformation - Product Brief

Static Data Masking refers to the process of transforming selected data in various data stores to unreadable or unusable forms, typically order to utilize data sets while preventing misuse of sensitive data.

CipherTrust Data Security Platform - Data Sheet

CipherTrust Data Security Platform - Data Sheet

As security breaches continue to happen with alarming regularity and data protection compliance mandates get more stringent, your organization needs to extend data protection across more environments, systems, applications, processes and users. With the CipherTrust Data...