AWS Partner Network (APN) Blog

How to achieve both data privacy and utility on AWS with DataMasque

By Snehanshu Bhaisare, Senior Partner Solutions Architect – AWS
By Chamandeep Singh, Senior Security Partner Solutions Architect – AWS
By Aimee Lin, Chief Product Officer – DataMasque

DataMasque logo
Connect with DataMasque

Unintended Data access threats continue to grow making data privacy a serious concern for organizations. A concern that is well-justified, as cybersecurity unintended exposure of data can be devastating, leading to financial losses, reputational damage, and regulatory liabilities.

Under regulations like GDPR, HIPAA, and ISO 27001, organizations must safeguard sensitive data while utilizing valuable data to make informed decisions and foster innovation. This has created a tension between the need for data utility and the importance of data privacy.

The use of substantial customer data by companies for internal system testing and development increases risk because of the less secure nature of these environments. Alternative approaches like handcrafting data often reduce fidelity, utility, and functionality, while manual de-identification can result in insufficient protection and make the data easier to reverse engineer.

However, this does not have to be the case. With DataMasque, it’s possible to balance data privacy and data utility.

Comprehensive Data Masking Solutions to Power Innovation and Protect Privacy

DataMasque empowers organizations to balance data utility and privacy effectively. Their offerings range from enterprise-grade automated masking for large databases and file stores to specialized templates for Oracle Siebel or FHIR data protection. By replacing real data with realistic synthetic values, DataMasque enables development, testing, and analytics teams to access production-quality data without compromising compliance or risking unintended access as shown in Figure 1. Their solutions integrate seamlessly with AWS services, allowing customers to innovate freely while maintaining stringent data protection standards.

Datamasque capabilities

Figure 1 – DataMasque’s offering

Customer Use Cases

While adhering to data privacy legislation and standards is critical, masking sensitive data provides many other significant business benefits. The common use cases include enabling organizations to mask data when moving to AWS and enabling development and test teams. Also helping to power business intelligence insights and enabling artificial intelligence (AI) and machine learning (ML) capabilities.

Enabling organizations to mask data when moving to AWS: Organizations that store their sensitive data on-prem can now mask their data within this environment before third party migration partners access the environment.This significantly accelerates cloud migrations as partners confidently work on de-identifed data without risking unintended access. Once the migration occurs, the same masking process can be integrated into their data provisioning pipelines. Organizations use DataMasque on AWS because of its ease of use, ability to mask complex data, lightweight integration and out-of-box compliance artifacts.

Enabling development and test teams: For effective development and testing, these teams require access to high-quality data that represents production without being exposed to sensitive data or having to hand craft test data which is time consuming and unrealistic when compared to production data. By masking Personally Identifiable Information (PII) and sensitive data, development and test teams can work with production-realistic datasets that maintain data integrity and consistency.

Best Western Hotel Group has spent less time keeping data masking current and more time on development since it started using DataMasque.

This will provide improved data and help us develop faster, so we’ll be able to reduce time-to-market for new products and features,” says Joseph Landucci, Director of Technology Management at Best Western. “For instance, we can develop offerings that add value to the business and increase revenue, such as creating new marketing products.

For more details on how Best Western implemented DataMasque, you can check out the full case study on AWS.

Powering Business Intelligence insights: Organizations have access to a wealth of data that due to its sensitivity, many insights are never realized. DataMasque safeguards data utility while removing personally identifiable information. DataMasque uses a powerful masking engine to maintain consistency, distribution, and numerical fidelity in de-identified data, providing providers with the same data functionality and statistical benefits.

Enabling AI and ML: Data privacy and security concerns can prohibit the use of sensitive customer data like PII, financial information or healthcare records for fine-tuning and training models. When organizations attempt to train or fine-tune the models using real customer data, data leakage and model memorization become a risk. DataMasque helps protect sensitive information while preserving the patterns, statistical properties, and relationships in the data. It also minimizes bias, both of which are crucial for effective model training.

DataMasque’s Approach to Achieving Data Privacy and Utility

Sensitive Data Discovery The first step to address the exposure risk of sensitive data such as personally identifiable information (PII), is the discovery of PII across databases and files. DataMasque provides built-in data discovery functionality, including metadata keyword search and in-data patterns from both our built-in keyword and patterns, as well as custom patterns set by the user.

Maintaining Data Consistency and Data Integrity DataMasque supports masking of primary keys and unique keys, and automatically maintains referential integrity of foreign keys, and can be configured to preserve logical relationships. This ensures data consistency across all occurrences of information “types” masked using the same algorithm across files, tables, databases, and database engines.

Automated and Secure Data Provisioning DataMasque’s API-first architecture and seamless integration with existing Continuous Integration/Continuous Deployment (CI/CD) tooling enables a fully automated data provisioning pipeline. The solution also supports irreversible masking using cryptographically secure SHA-512 salted hash, providing robust data protection.

Solution Architecture

DataMasque’s solutions leverage a containerized and API-first architecture that seamlessly integrates with customers’ existing AWS environments. Figure 2 shows how DataMasque integrates with AWS services to provide a scalable, secure, and automated data masking experience. Services that include HAQM Simple Storage Service (HAQM S3), AWS HealthLake, HAQM Elastic Kubernetes Service, AWS Secrets Manager, and AWS Step Functions,

Datamasque architecutre on AWS

Figure 2 – DataMasque solution architecture.

At the core of the DataMasque platform is its powerful data discovery and masking engine. This engine scans customers’ data sources to identify and classify sensitive information, then applies advanced masking algorithms to replace real data with realistic, functional synthetic values. The masking process maintains data integrity and data consistency, ensuring the masked data remains valuable and meaningful for development, testing, and analytics use cases.

By replacing real data with realistic yet fully synthetic values, DataMasque enables development, testing, and analytics teams to access production-quality data without compromising compliance or risking data unintended access. Seamlessly integrating with AWS services, DataMasque’s solutions give customers the freedom to innovate while maintaining the highest standards of data protection.

Conclusion:

As an AWS Partner, DataMasque is recognized for its innovation, receiving the Rising Star Independent Software Vendor (ISV). DataMasque is a Security Competency Partner, exclusive “de-identification” partner for the AWS HealthLake service, and its solutions are available on the AWS Marketplace.

Adhering to data privacy regulations while ensuring data utility is a critical challenge for organizations today. DataMasque’s solutions on AWS provide a powerful and automated approach to masking sensitive data, enabling organizations to leverage the full value of their data while maintaining compliance and protecting customer privacy.

By combining DataMasque’s proven data masking capabilities with the security, scalability, and analytical power of AWS services, organizations can unlock new business insights and drive innovation without compromising data protection.

Start masking your data today by accessing a free trial of DataMasque through the AWS Marketplace. To learn more about how DataMasque can fit into your data provisioning process, speak to our account team.

Connect with DataMasque

.

DataMasque – AWS Partner Spotlight

DataMasque is an AWS Advanced Technology Partner that removes sensitive data from the databases and replaces it with realistic and functional masked values that enable effective development, testing, and analytics.
Contact Partner | Partner Overview | AWS Marketplace | Case Studies