Overview
Simple and safe data masking. As data leaves your production environment, DataMasque uses irreversible data masking to replace the sensitive data with realistic, functional and consistent values. DataMasque empowers organisations to use data masking to better leverage its data to make meaningful decisions, accelerate product development and securely share data with partners without compromising the privacy of people. By employing best practice data masking across Postgres, Oracle and MSSQL databases, DataMasque significantly reduces your surface area for a potential breach. DataMasque provides certainty, the certainty of protected, best practice compliant data. The certainty of eliminating risk. The certainty of providing valuable, usable data to your stakeholders.
Notes:
- This software product is valid for 30 days from the time you launch your AWS EC2 instance and supports masking up to 1000 rows per table per masking run.
- After 30 days of using this product, you will no longer be able to run any data masking tasks. You can however continue to login and use the rest of the DataMasque web interface as normal such as the ruleset YAML editor and using the already masked data outside of the DataMasque instance.
- You can upgrade to a <a href="https://aws.amazon.com/marketplace/seller-profile?id=2f3af275-ed6c-43dd-8463-cf52d94fc354"DataMasque's> DataMasque flexible pricing or BYOL product to continue securing your valuable data asset.
Highlights
- Optimised for self-service automation - integrates seamlessly into existing IT management services.
- Drives consistency across tables, databases and database engines.
- Cryptographically secure SHA-512 salted hash to drive irreversibility.
Details
Typical total price
$0.455/hour
Pricing
Instance type | Product cost/hour | EC2 cost/hour | Total/hour |
---|---|---|---|
t3.2xlarge | $0.00 | $0.448 | $0.448 |
c3.2xlarge | $0.00 | $0.535 | $0.535 |
c3.4xlarge | $0.00 | $1.013 | $1.013 |
c3.8xlarge | $0.00 | $2.026 | $2.026 |
c4.2xlarge | $0.00 | $0.515 | $0.515 |
c4.4xlarge | $0.00 | $0.973 | $0.973 |
c4.8xlarge | $0.00 | $1.989 | $1.989 |
c5.2xlarge Recommended | $0.00 | $0.455 | $0.455 |
c5.4xlarge | $0.00 | $0.853 | $0.853 |
c5.9xlarge | $0.00 | $1.919 | $1.919 |
Additional AWS infrastructure costs
Type | Cost |
---|---|
EBS General Purpose SSD (gp2) volumes | $0.10/per GB/month of provisioned storage |
Vendor refund policy
We do not currently support refunds, but you can cancel at any time.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Added:
Added support for the IBM Db2 LUW database.
Added a Locality setting and the ability to upload custom seed files for the chosen locality. The Ruleset Generator uses these locality-specific seed files to generate some masking tasks.
Added support for discovery of list
, struct
and map
Parquet column types (including nested columns of those types).
Added support for assuming another role when connecting to an S3 bucket, allowing for cross-account use of an S3 bucket. This can be configured in the connection settings for any file masking connections that use S3.
The retain_age
mask now supports the force_change
option.
Added several new built-in seed files for:
US companies, addresses and states.
AU companies.
Street Names and Types (e.g. Road, Street, Avenue, etc.).
Added a UI option to change the ruleset file's extension (.yml
or .yaml
) when pushing it to Git. When pulling from Git, DataMasque checks for both extensions.
A user can now set their own Git directory path which overrides the instance default path.
Database connections can now be set to read-only in the UI (previously this was only available via the API).
Added In-Data Discovery rules for gender, street address, and US state names.
Added an In-Data Discovery option to force use of In-Data Discovery on columns that already have metadata matches.
Added an In-Data Discovery option to flag data matching user-specified regex pattern(s) as non-sensitive.
Added a navigation UI to the Settings page.
Added documentation for configuring SAML Single Sign-On to DataMasque using the Okta platform.
Changed:
DataMasque now logs file masking run history to a file .datamasque_run_history.ndjson
. This file is created serving as an indicator that masking has taken place, and can be used for run validation. The validation API supports validating file masking runs using the values from the run history file.
The run validation API now uses a random run_hash
rather than a deterministic one, and the parameter ruleset_hash
has been renamed to ruleset_content_sha256
. Values for these fields can be found in the run history table or file.
Improved run startup performance by not re-validating a ruleset that was marked as valid when saved in the editor.
Improved the performance of the Run Logs page. Long run logs will be truncated for display and can be downloaded to see the full content.
Tasks that require temporary modifications to the database (secure_shuffle
, from_unique_imitate
, from_blob
) are no longer executed in dry runs.
Tasks that get stuck in the Cancelling state for more than 5 minutes will now be forcibly cancelled.
Improved the built-in In-Data Discovery rule for MAC address to minimize false matches.
Improved In-Data Discovery to include credit card issuer validation in addition to Luhn checksum.
Where a column or field has both a metadata match and an In-Data Discovery match, the UI now displays both matches rather than just the latter.
Clicking the Add Ruleset button on the File Masking page now opens the File Ruleset Generator.
The My Account page no longer displays usage information. To view usage information, download the usage report.
Minor wording change to the EULA: "Target System" now means a physical or virtual machine, rather than a physical or virtual node.
Keys other than ROWID
can now be used as the key
column for Oracle databases. Note that DataMasque still recommends use of ROWID
as the key
wherever possible, and the Ruleset Generator will select ROWID
as the key
column.
Fixed:
Temporary indexes created by DataMasque are now correctly cleaned up at the end of a masking run. Additionally, any dangling temporary indexes from previous masking runs are now cleaned up before creating a new one.
Temporary tables and indexes for from_unique_imitate
masks are now correctly cleaned up when created on a schema other than the connection's default schema.
run_data_discovery
tasks no longer return results from views on MySQL and MariaDB.
Masking runs that are cancelled before they can start no longer get stuck in the Cancelling state.
The Ruleset Generator now generates the correct masks for NUMBER
, NUMERIC
, and Oracle LONG
columns.
The File Ruleset Generator now generates include
patterns that accurately match the files to be masked by each task.
The File Ruleset Generator now discovers files in subdirectories of the connection's base directory.
The File Ruleset Generator page now correctly displays errors for malformed custom In-Data Discovery regex patterns.
DECIMAL
columns now correctly compare against the value in the seed file when using the column as a table_filter_column
in a from_file
mask.
UI web responses now use the correct browser-side caching options. This should avoid any stale data being displayed in the UI.
The UI will no longer erroneously display a warning that DataMasque is taking a long time to start.
Masking now works correctly when the destination S3 bucket is empty.
Fixed upload and delete of connection filesets (Oracle wallets or MySQL/MariaDB SSL ZIP files). An error is now shown trying to upload two connection filesets with the same name and type.
DataMasque displays a more descriptive error when the user tries to mask files in Amazon Glacier storage.
from_unique_imitate
no longer produces duplicate warnings for dangerous parameters.
Improved API documentation.
In the documentation, clarified the operation of the glob
and regex
options for include
and skip
in file masking rulesets.
In the documentation, updated the list of supported key column types for all databases.
Additional details
Usage instructions
Please follow the steps below to complete setting up your DataMasque instance:
-
Access the application via a web browser at https://
. The application may take a few minutes to start. Please refresh the page if you encounter the "Unexpected Error" message. -
Complete the first-time installation page by providing the following information:
-
Email address of the DataMasque admin user. This email address is stored on the DataMasque EC2 instance and is used for the purposes of providing 'Forgotten Password' account recovery and critical system notifications. DataMasque will not have access to this information.
-
Password for the admin user.
-
Hostnames or IP addresses to access the DataMasque instance.
-
The SMTP settings specific to your organisation.
-
The instance ID of your EC2 instance.
- You will be re-directed to the DataMasque login screen. Please proceed to login with the admin password you have just configured.
Note:
- This DataMasque AWS Marketplace software product allows you to mask data up to the total of 3TB in unique source databases.
- When you use our software we may receive and store usage data and information relating to the performance and use of the Software. We will not disclose any system information which identifies the user or the user environment to third parties.
- To upgrade your DataMasque version, contact the DataMasque team via https://datamasque.com/contact/?source=support_ticket or support@datamasque.com to request your access to the DataMasque Customer Portal and download the new DataMasque software version.
Support
Vendor support
DataMasque provides full product and installation support within 72 hours of making an enquiry. Contact the support team at support@datamasque.com for any enquiries you may have.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.