Today we're pleased to announce DataMasque 2.11, which introduces support for our first NoSQL database, Amazon DynamoDB. While SQL databases are the foundation of DataMasque, the addition of DynamoDB in this release further expands our coverage of non-SQL datasources which began with the addition of file masking in 2.9.
DynamoDB special features
There is a lot more flexibility in how data can be stored in a document or key-value database (like DynamoDB) compared to a SQL database. The lack of schema means that not every document may have the same keys, so some extra options have been added to the DataMasque rulesets to cater for this.
For DynamoDB, DataMasque supports wildcard masking. By specifying "*"
as a column name, wildcard masking rules are applied to all keys in a document that are not covered by explicitly defined rules. This allows, for example, a fixed text replacement to be specified to redact any keys containing PII that might be unknown when designing the ruleset.
A new on_missing_column
option has also been added. Setting this to skip
means that attempting to mask a key that does not exist on a given document won't cause an error. Both these options are only available for DynamoDB.
NDJSON, Avro, and conditional file masking
DynamoDB support is far from the only new feature in 2.11. On the file masking front, we've also added support for masking NDJSON (new-line delimited JSON) and Apache Avro files. For all file types we've also added support for conditional masking. Applying different masks based on the contents of columns has been a long supported feature of DataMasque, and we're excited to bring that flexibility to files too. Data can be extracted from JSON or XML, and used inside conditionals.
Improved conditional masking
On the topic of conditional masking, there has been a major overhaul of conditional handling in DataMasque 2.11, for both files and databases. We're now more flexible with allowing how data of different types can be compared, for example, floats, ints and decimals can now be safely compared.
We've also added a number of shortcuts to make date comparisons easier. The keyword now
can be specified instead of a fixed date in the ruleset, so your rulesets can accurately mask data based on when they were executed. The special comparators age_greater_than
and age_less_than
can be used to mask data differently based on a given birth date. This particular addition is important for rules around masking health data, such as that stored in FHIR format.
The final point to mention on conditional masking is that for both databases and files, conditions can extract data from JSON or XML and use it in comparisons.
Other improvements
DataMasque 2.11 features our biggest changelog ever. There's too many changes to deep dive into them all, so here's just a handful of some other big features and fixes:
- Unique key masking cascades now work for an arbitrary number of levels.
- Much better support for different types of unique keys in the ruleset generator.
- The
delimiter
option can be specified for tabular file masking to set the delimiter of character delimited files. - Better support for XML with namespaces.
- UTF8 included seed files.
The full list of changes can be found in the DataMasque 2.11 changelog. It's a recommended upgrade for all our users.
If you're not already protecting your data with DataMasque, you can get started right now with DataMasque on the AWS Marketplace or please contact DataMasque for Cohesity, on-prem or cloud environment support.