Data masking hides sensitive data in a way that allows authorized users to continue working with it, while preventing access by unauthorized users. The technique substitutes real information with realistic dummy data, protecting the original data during non-production tasks such as testing, training, and analysis.
Key aspects of data masking include
-
Protection: Ensuring sensitive data is not exposed to unauthorized users.
-
Usability: Keeping the masked data useful for legitimate purposes.
-
Compliance: Adhering to regulatory requirements for data privacy and protection.
Enable Data Detection and Redaction
To configure data detection and redaction options for a session, navigate to Settings → Data Masking.
By default, the Mask card numbers and Custom regular expression options are disabled, and their fields display default values in a disabled state. The Mask unprotected fields option is enabled by default.
Masking can be performed in the following two ways.
-
Mask card numbers - This enables masking for card numbers based on the selected configurations. Luhn algorithm check is performed to validate the card numbers. Card numbers can contain only numeric values and a delimiter. Only valid card numbers that match the selected configuration are masked on the screen. Users can configure the card number masking parameters as below:
Detect by digit count - This indicates the number of digits that the card number can contain. Card number detection will happen based on the value selected here.
-
16 Digits - will mask 16-digit card numbers.
-
14 Digits - will mask 14-digit card numbers.
-
Both 14 and 16 Digits - will mask both 14- and 16-digit card numbers.
-
13 to 16 Digits - will mask any 13-to-16-digit card numbers.
Portion to redact - Provides us the option to select what portion of the detected data needs to be masked.
Delimiter - we can select delimiter/s of choice. Card numbers containing the selected delimiter/s will only be detected and redacted. Multiple delimiter options can also be selected.
-
Comma [,]
-
Hyphen [-]
-
Space [ ]
-
No delimiter
For example, in the screenshot below, the digit count is set to 16, and the Portion to redact option is set to Show last four digits and then saved.
Below is the result, card numbers will be masked, and it shows the last four digits as per the Data Masking options configuration.
Note: A card number can contain only a single type of delimiter. If a card number with a delimiter is selected, then the card number should follow the patterns mentioned below. Card numbers not following the patterns below will not be detected.
1. 16-digit card numbers - ####D####D####D####
2. 15-digit card numbers - ####D######D#####
3. 14-digit card numbers - ####D######D####
4. 13-digit card numbers - ####D###D###D###
Here '#' represents any numeric value and 'D' represents a delimiter.
-
Custom regular expression - This enables users to provide custom regular expressions for data detection and redaction as per the need. Users need to input their regex in the 'enter a regular expression' input box and click on the 'Add' button to add the regex to the list. The list can contain a maximum of five regexes and cannot have duplicate values. To remove a regex, we need to select the regex from the list and click on the 'Delete' button. The portion of the data that will be redacted in this case is decided based on the selection below.
Portion to redact - This specifies what portion of the data will be redacted in case of a custom regular expression.
-
Show last portion - will redact all digits except the last portion. The portion here is decided based on the length of the match. If the length is less than 8 digits, then only the last two digits are shown, and the rest is redacted. If the length is greater than or equal to 8 digits, then the last four digits will be shown, and the rest of the digits will be redacted.
-
Redact all - All digits will be redacted
For example, in the screenshot below, the custom regular expression 63[7-9][0-9]{13} has been added, the Portion to redact option is set to Show last portion, and the changes are saved.
Below is the result. Based on custom regular expression, numbers will be masked.
3. Mask unprotected fields - This option validates whether data in input fields/unprotected fields will be redacted or not. If checked, masking will be enabled in the input field. If unchecked, it will not be enabled
Sathiyapriya S
Associate Consultant
Share the exciting news about the launch of IBM z17 with your network.
Step 1. Choose a sample message
⚡️IBM z17 is here! Powered by the new IBM Telum II processor, IBM z17 makes more possible, empowering organizations to drive innovation and do more with their data while processing sixty percent more transactions per day than IBM z16. See what sets IBM z17 apart here.
💻 Say hello to the new IBM z17. 👋 Bringing more AI to the core of business, IBM z17 helps organizations simplify compliance, improve productivity, and secure and use their most important data. Explore the z17 and its AI capabilities here.
🚀 Introducing IBM z17 - making more AI possible. With AI capabilities infused across hardware, software and systems, IBM z17 can drive business value by mitigating fraud risk, analyzing medical images, or even helping prevent retail crime – and that’s just the beginning. See how it can help your organization here.
📣I'm thrilled to introduce IBM z17! Here are three things that set the z17 apart ⤵️
1️⃣ IBM z17 is the modern mainframe engineered for the AI age, introducing multi-model AI capabilities along with new security features to protect data, and tools that leverage AI.
2️⃣ IBM z17 is fully designed for hybrid environments, enabling unmatched performance and reliability while changing how devs and systems operators engage with and manage IBM Z.
3️⃣ IBM z17 is built for the most important data, leveraging AI and the expanded Z Security and Compliance Center to simplify sensitive data tagging and access, crypto discovery and inventory and more.
Ready to do more? Get the details here.
Step 2. Add a hashtag
#IBMz #AI
Step 3. Use a social tile
