You need to design an enterprise data warehouse in Azure SQL Database with a table titled customers.
You need to ensure that the customer supportive staff can identify the customers by matching the few characters of their email addresses but the full email addresses of the customers should not be visible to them.
Which of the following would you include in the solution?
Click on the arrows to vote for the correct answer
A. B. C. D. E.Correct Answer: D
Dynamic data masking is helpful in preventing unauthorized access to sensitive data by empowering the clients to specify how much of the sensitive data to disclose with minimum impact on the application layer.
In this policy-based security feature, the sensitive data is hidden in the output of a query over specified database fields, but there is no change in the data in the database.
For example: *******abc@gmail.com.
Option A is incorrect.
Row-level security is used to enable the restricted access i.e who can access what type of data.
Option B is incorrect.
Encryption is not the right solution.
Option C is incorrect.
Column level security won't help in limiting the exposure of sensitive data.
Option D is correct.
In the given scenario, there is a need to use Dynamic data masking to limit the sensitive data exposure to non-privileged users.
Option E is incorrect.
Dynamic Data Masking is the right answer.
To know more about dynamic data masking, please visit the below-given link:
The most suitable option for this scenario would be Dynamic Data Masking (DDM).
Dynamic Data Masking is a feature in Azure SQL Database that can be used to obscure or mask sensitive data within a database table. This feature allows us to protect sensitive data from unauthorized access by revealing only a part of the data, such as masking the first three digits of a credit card number or hiding the email domain name.
In this scenario, the customer supportive staff needs to identify the customers by matching the few characters of their email addresses, but the full email addresses of the customers should not be visible to them. Dynamic Data Masking would allow us to partially mask the email addresses by hiding the domain name or certain characters in the email address while still allowing customer support staff to identify the customers by matching the visible characters.
The other options listed may provide security features, but they are not the most suitable for this scenario.
Column-level security and row-level security could be used to restrict access to certain columns or rows of a table based on the user's role, but they do not provide a partial view of the data, which is required in this scenario.
Encryption would protect the data from unauthorized access, but it would not provide a partial view of the data, which is required in this scenario.
Therefore, Dynamic Data Masking is the most appropriate solution for this scenario, as it provides partial masking of sensitive data while still allowing authorized users to access the data they need.