Next Generation Data Masking Engine

Abstract

This paper introduces Magen, an advanced masking engine. Magen is a policy-based masking engine that supports a wide range of payloads and use cases. Our graph-based policies and engine support the masking of composite payloads and recursively handles nested payloads based on their type (e.g., json in xml). The engine supports a myriad of advanced masking methods such as format preserving encryption and format preserving tokenization, enabling on-the-fly dynamic masking of payloads as well as the static masking of large data sets. Magen allows users to easily define their own policies for the masking process and specify their formats (data classes). This engine was developed as part of a multi-year effort and supports real life scenarios such as: conditional masking, robustness to illegal values, enforcement of both format and masking restrictions, and semantic data fabrication. Magen has been integrated as a cloud SaaS within IBM Data and AI offerings and has proved its value in various use cases.