Another 23% use data masking techniques only in non-production environments, such as dummy data and scrambling, according to the survey of hundreds of IT managers and developers at large organizations.
“Most organizations do not control which information is exposed to DBAs [database administrators]. As a database administrator, they must have full control of the database in order to maintain it, but if the DBA’s computer is exposed, it can view any information in the database”, said David Maman, co-founder and chief technology officer at GreenSQL
Only 12% deploy dynamic data masking solutions in their production environments, according to the survey.
“The DBA, whether accidentally or on purpose, can leak all of the sensitive data out of the organization”, Maman told Infosecurity.
Maman explained GreenSQL's dynamic data masking solution applies rules to enforce access, making sure those who need to access certain parts of the sensitive data have it while those who should not see anything will not be able to. It ensures that the data never leaves the database in its original form, preventing information theft.