Data Masking Isn’t the Same as Encryption (And Why the Difference Matters)

BY:

Mar 2, 2016

Data-Masking-Isnt-the-Same-as-Encryption-And-Why-the-Difference-Matters

Both protect data, but one makes information permanently useless.

Encryption or Masking: which is the better form of data protection? The only way to answer this question is to ask another one. Do users need the data exactly as it was when it’s no longer protected?

If the answer is yes, your choice is data encryption. The only thing encryption has in common with masking is that the data is useless to anyone who captures it. It’s what’s needed after data encryption or masking that determines which process you should use. You need to know the difference.

Two simple definitions

Encryption protects your data by transforming it into unreadable information that’s useless to anyone who steals it. They need the encryption solution to revert the data back to its original state. The real data is preserved within this unreadable format.

Masking protects your data by transforming it into a readable format that’s useless to anyone who steals it. The actual data is replaced by fictional information. There is no encryption solution to revert the data to its original state. The real data was replaced and is gone forever.

The names were changed to protect the innocent

You go online to your bank’s website and pay the electric bill. The data shared between you, your bank, and the electric company must be unreadable by anybody who intercepts it. It’s encrypted while in motion. The actual information is still there. But only you, your bank, and the electric company have the encryption key.

Your bank wants to bring you innovative product improvements. They’ve got employees or software development companies working on the next generation of banking apps. These developers must validate their code using data they know has actually been used to make successful transactions.

How could they check their work if they can’t read the information? Encryption in this development environment doesn’t work. So the bank masks this data. Real names, addresses, bank balances, and all other sensitive personal information is replaced with fictional data. It will simulate bank customers, but they could never be identified by it. The developers can use it to validate real-world scenarios.

No going back

That’s the most elemental way to look at the difference between encryption and masking. It also determines which data protection method should be used.

Data encryption protects information as it’s transferred between computers or networks. No matter how many times it travels or where it goes, it ultimately must be restored to the original state. Information with this requirement is often called production data.

Data masking doesn’t need any protection. It’s fake. There’s no need to restore it to the original state. The masking process of converting sensitive personal data is also called anonymization or de-identification. Information with this requirement is often called development data.

Unfair question?

Which data process offers the best protection? There’s an obvious answer. But it’s like comparing a Tesla to a Toyota and asking which vehicle gets better gas mileage. The criterion for comparison is irrelevant for one of these vehicles.

Masking is clearly more secure than encryption but it renders data useless. Masked data has no value for anyone who intercepts or steals it. This information cannot be used for anything other than to run tests on software in a development state. Hackers don’t want or care about masked development data. It gives them access to nothing valuable. They want production data. It’s a source of authentic, sensitive, and personal information. Unencrypted, please.

Related Blogs

  • A contact center agent handling a call" alt="">
    Amazon Connect Introduces Audio Device Settings for Custom Contact Control Panel

    Amazon Connect now offers more freedom to agents in the selection of their preferred audio device setting in the Contact Control Panel — here’s how to go enable it Key Takeaways: The new audio...

    Learn More
  • This image shows a magnifying glass made up of people on a white background. This is meant to illustrate a close analysis of customers in order to serve them better." alt="">
    How to Use Amazon Contact Lens to Analyze Conversations

    Get real-time insight into customer sentiment and trends with Contact Lens for Amazon Connect Key Takeaways: Contact Lens for Amazon Connect gives contact center managers a better understanding of...

    Learn More
  • Bringing customers around the world together with an integrated contact center." alt="">
    Amazon Connect: How to Configure Contact Center Agent Settings in a Custom Contact Control Panel

    The Amazon Connect Streams API can now be used to change the visibility option on the settings page of the Contact Control Panel — bringing multiple benefits to contact center managers Key...

    Learn More