Data Masking Isn’t the Same as Encryption (And Why the Difference Matters)


Mar 2, 2016


Both protect data, but one makes information permanently useless.

Encryption or Masking: which is the better form of data protection? The only way to answer this question is to ask another one. Do users need the data exactly as it was when it’s no longer protected?

If the answer is yes, your choice is data encryption. The only thing encryption has in common with masking is that the data is useless to anyone who captures it. It’s what’s needed after data encryption or masking that determines which process you should use. You need to know the difference.

Two simple definitions

Encryption protects your data by transforming it into unreadable information that’s useless to anyone who steals it. They need the encryption solution to revert the data back to its original state. The real data is preserved within this unreadable format.

Masking protects your data by transforming it into a readable format that’s useless to anyone who steals it. The actual data is replaced by fictional information. There is no encryption solution to revert the data to its original state. The real data was replaced and is gone forever.

The names were changed to protect the innocent

You go online to your bank’s website and pay the electric bill. The data shared between you, your bank, and the electric company must be unreadable by anybody who intercepts it. It’s encrypted while in motion. The actual information is still there. But only you, your bank, and the electric company have the encryption key.

Your bank wants to bring you innovative product improvements. They’ve got employees or software development companies working on the next generation of banking apps. These developers must validate their code using data they know has actually been used to make successful transactions.

How could they check their work if they can’t read the information? Encryption in this development environment doesn’t work. So the bank masks this data. Real names, addresses, bank balances, and all other sensitive personal information is replaced with fictional data. It will simulate bank customers, but they could never be identified by it. The developers can use it to validate real-world scenarios.

No going back

That’s the most elemental way to look at the difference between encryption and masking. It also determines which data protection method should be used.

Data encryption protects information as it’s transferred between computers or networks. No matter how many times it travels or where it goes, it ultimately must be restored to the original state. Information with this requirement is often called production data.

Data masking doesn’t need any protection. It’s fake. There’s no need to restore it to the original state. The masking process of converting sensitive personal data is also called anonymization or de-identification. Information with this requirement is often called development data.

Unfair question?

Which data process offers the best protection? There’s an obvious answer. But it’s like comparing a Tesla to a Toyota and asking which vehicle gets better gas mileage. The criterion for comparison is irrelevant for one of these vehicles.

Masking is clearly more secure than encryption but it renders data useless. Masked data has no value for anyone who intercepts or steals it. This information cannot be used for anything other than to run tests on software in a development state. Hackers don’t want or care about masked development data. It gives them access to nothing valuable. They want production data. It’s a source of authentic, sensitive, and personal information. Unencrypted, please.

Related Blogs

  • On a blue background are the letters AI in white. Superimposed over this is a robotic face wrapped with a connectivity symbol. A word bubble says can I help you." alt="">
    How AI Chatbots are Changing the Call Center Game

    With Amazon Lex Chatbots and Contact Lens, you can create tomorrow’s customer experience today. Key Takeaways: AI chatbots are revolutionizing not just call centers, but the way customer service is...

    Learn More
  • Six office workers sit at computers on opposite sides of a table in a brightly lit office." alt="">
    4 Challenges of Managing WorkSpaces at Scale and How to Solve Them

    A skills gap in IT staff and rising employee costs make managed services the right choice Key Takeaways: Research says it takes a minimum of 10 dedicated full-time IT staff members to manage DaaS...

    Learn More
  • The customer call center in an AI world." alt="">
    How Artificial Intelligence Is Reinventing the Call Center

    Today’s most important AI call center trends – is your call center ready for them?  Key Takeaways:  Learn how to improve customer service operations using automation while still providing...

    Learn More