DataMasque™

Strengthen and simplify
sensitive data protection

With DataMasque’s total focus on data security, you have the right toolset to meet your compliance requirements through best practice data masking, all seamlessly integrated into your DevOps workflow – in the cloud or on-prem.

Best-of-Breed Data Masking

Many data masking tools fail to effectively safeguard sensitive information from malicious actors, while also rendering data unusable for consumers. We recognise that simplistic masking techniques like data shuffling are inadequate protection, and that indiscriminate replacement of values can break data integrity, inhibiting development and testing activities.

DataMasque offers ease of use without compromising security or data integrity. Our aim is to make the simple things easy, and the complex things possible.

Tick icon

Security

DataMasque supports encryption in transit – all data transmissions are encrypted between DataMasque and your data sources.

The easiest masking is the safest masking. The DataMasque toolkit drives you towards the most secure approach.

Sophisticated safety measures that can preserve data consistency and implicit relationships.

Tick icon

Quality

DataMasque provides simple yet powerful tools to generate realistic, diverse and functional datasets representative of your production data.

DataMasque provides all the functionality necessary to ensure data values can be consistently masked across tables and databases, even those running on different database engines (i.e. the same value is replaced with the same masked value wherever it exists).

Tick icon

Ease of Use

Composable building blocks provide straightforward mechanisms that can be used in combination to satisfy complex masking requirements.

With a YAML-based syntax comparable with tools like Ansible and Kubernetes, DataMasque makes crafting masking rulesets simple. The immediate roadmap includes a drag-and-drop interface for even more user-friendly construction of masking rulesets and masking templates to drive reusability.

Centralised Security Management

First-class data masking on its own isn’t enough – you need a solution that is convenient to manage and gives you full visibility of your security posture. DataMasque’s centralised administration interface makes it easy to manage all of your masking from a single dashboard, and provides you with comprehensive reporting to ensure you are meeting your compliance requirements.

Tick icon

Everything in One Place

The administrative web interface unites all data masking functions on a single dashboard – no need for managing SQL and configuration across servers. The centralised interface also streamlines reuse of masking resources.

Tick icon

Security Reporting

Reports catalogue exactly which tables and columns are covered by your masking rulesets. Coming soon: automated metadata discovery to identify potentially sensitive database columns.

Tick icon

Meeting Your Full Compliance Needs

Detailed read-only audit logs record all changes and data masking operations to meet compliance requirements for privacy regulations (such as GDPR, HIPAA, PCI, CCPA, and ISO27001). These audit logs provide evidence of compliance to auditors.

Modern Architecture

DataMasque has been designed with modern enterprise environments in mind. With horizontal scalability, containerised deployment options, and an automation API, DataMasque can seamlessly slot into your existing data provisioning process or DevOps pipeline – regardless of whether you’re running on-prem or in a public cloud environment.

Tick icon

Horizontal Scalability

DataMasque is designed to scale horizontally, enabling you to parallelise your masking workload.

Tick icon

Containerised for On-Prem and Cloud

DataMasque’s container-based installation streamlines deployment in on-prem and public cloud environments. A marketplace application for the Cohesity Data Platform is also available.

Tick icon

API-Driven for Automation

An API-driven administrative interface automates data masking as part of data provisioning workflows and IT service management processes.

See DataMasque® in action for yourself

Frequently Asked Questions

Have another question? Ask it here

  • DataMasque is a data masking tool that enables you to replace sensitive values in databases with artificial but realistic alternatives while maintaining data integrity. Data masking can enhance testing, development and training by providing realistic and functional data in these scenarios without compromising security, privacy or operational accuracy.
  • DataMasque currently supports Oracle and Microsoft SQL Server with plans for more database integrations in the works. Please see our Support Matrix for details.
  • DataMasque supports the following deployment options:
    • As a Cohesity App through the Cohesity marketplace.
    • As a set of Docker containers deployed with Docker Compose.
  • DataMasque is accessed using a browser-based web interface, which provides a centralized single-pane-of-glass view of your entire data masking environment.
  • DataMasque currently provides a REST API for triggering and monitoring masking runs using pre-configured connections and rulesets. We have plans to open more API endpoints in the future.
  • DataMasque removes sensitive data from your database and replaces it with realistic masked data. By default, masked values are randomly generated, preventing recovery of the original data. When data consistency across tables is required, DataMasque generates masked values using cryptographically secure SHA-512 salted hashes of the original values.
  • DataMasque provides masking algorithms that generate values based on one or more unmasked column values using a cryptographically secure SHA-512 salted hash. Use of these algorithms ensures deterministic masking across columns, tables, and database engines.
  • DataMasque supports masking of primary keys and unique keys. DataMasque automatically maintains referential integrity of foreign keys and also allows users to propagate masked values to implied foreign keys.
  • The DataMasque licensing model is based on the total (cumulative) size of each unique masked database: Each time a new unique database is masked, the total on-disk size of that database is subtracted from the available quota of your licence. Database size is calculated as follows:

    Oracle
    Sizing calculation

    The allocated size includes datafiles and control files.

    Usage query
    SELECT SUM(bytes)/POWER(1024,4) Size_In_TB FROM dba_data_files WHERE online_status <> 'OFFLINE' AND status = 'AVAILABLE';
    Required privileges

    Read-only privilege on dba_data_files, v$database


    Microsoft SQL Server
    Sizing calculation

    The total size of all master files on the server instance.

    Usage query
    SELECT SUM(CONVERT(BIGINT, size))*8.0/POWER(1024,3) Size_In_TB FROM sys.master_files;
    Required privileges

    Read-only privilege on sys.master_files, sys.database_file

What technologies does DataMasque® support?

Don’t see your preferred technology listed?
Get in touch and let us know what you’re after.

Support matrix

DataMasque supports the following platforms and data sources

Platforms Version
Check mark Cohesity MarketPlace 6.5.1
Databases
Check mark Oracle Database 11gR2, 12gR1, 12gR2, 18c, 19c
Check mark Microsoft SQL Server 2012, 2014, 2016, 2017, 2019

Testimonials

Free quote

Get the plan that suits
your business needs

Thank you for getting in touch.

One of our team members will get back to you shortly.

Not sure how to calculate your total source data size?
View the sizing guide in our FAQ.

Disclaimer: We’ll use these details to follow up with you about your DataMasque enquiry. Read the full privacy notice.

30 day free trial

Experience the power of
best-of-breed data masking

Thank you for getting in touch.

One of our team members will get back to you shortly.

Disclaimer: We’ll use these details to follow up with you about your DataMasque enquiry. Read the full privacy notice.