Masking Methods

Supplying test data presents users with several challenges when the production data contains personally identifyable information (PII). General data protection provisions, industry-standard data protection rules and the company-specific “Code of Conduct” demand that PII be masked for testing purposes. XDM™ helps DBAs in setting up a compliant data masking process.

XDM is a copy tool for relational database systems that simplifies and automates the supply of test data. You can run the XDM copy processes either ad hoc or with a scheduler. While defining a copy process, you can select which masking rules to use. Data masking is done during the copy process so that the original data never appears in test or development systems.

XDM offers many built-in masking methods. And you can manually specify which columns they should be applied to. Alternatively, XDM can enforce masking based on table names and column names. This prevents accidental exposing of PII when setting up new copy processes.

XDM‘s built-in masking methods include:

  • Mapping old values to new values using a lookup table
  • Shuffling existing values within a dataset
  • Altering credit card numbers and account information, such as IBAN or BIC
  • Masking of social security numbers
  • Common date values such as date of birth, billing date, or creation dates of records
  • Changing values depending on other data (for example, to create valid combinations of ZIP code, city and street name
  • And many more

In addition, you can also add user-defined masking scripts.


Single Point of Control
It is important that masking methods are used consistently when multiple database systems and platforms are in use. XDM is able to apply the selected procedures on Db2 for LUW, Db2 for z/OS, Oracle, MSSQL, IMS, and VSAM. You only specify them once, afterwards you can use them on all supported platforms. This allows you to mask data in different systems in the same way.

Referential Integrity
Masking rules may also influence records that otherwise would not change during the copy. Masking columns that are part of a foreign key can become a challenge: Data in dependent tables must be modified in the same manner so that all rows of a child table still have a parent row.

In the example above, there is a foreign key relationship between the rows of the DEPT and the EMP tables. When masking the column DEPTNO in the DEPT table, then column DEPT in the EMP table must be masked in exactly the same way. Otherwise, inconsistencies may occur.

XDM is able to mask complex data models by identifying the relations in the database systems. It ensures that key columns in dependent tables use the same masking methods. Relationships which are not stored in the database itself can be defined in XDM‘s repository. This allows XDM to mask data consistently even when information about the relationship between the tables only exists in the application code.

Easily Locate Sensitive Data
The component CDI (Critical Data Identifier) provides fast and simple detection of columns that contain personally identifiable data. XDM uses various heuristics to analyze the data model and examine column contents.

CDI‘s analysis includes pre-defined categories, such as: first and last name, addresses with street, city and zip code, phone and fax numbers, e-mail addresses, and banking information (account numbers, BIC, IBAN). CDI can also search for user-defined data patterns.

The result of the analysis is a report on the attributes to be protected. This report can be used as a basis for decision making and for the development of masking rules.

XDM – Masking at a Glance

  • Searching for and identifying sensitive data
  • Various methods for masking PII such as name, address, account information, credit card numbers, email addresses, etc.
  • Centralized administration, supports many different platforms and database systems
  • Consistent masking of colums in a foreign key
  • Fully automated, easy to integrate into a scheduler