Dynamic Data Masking is a new feature introduced in SQL 2016. This feature helps you to protect your sensitive data from unauthorized access. Microsoft has done a lots of stuff around security and Dynamic Data Masking is one of them.
Here is an easy example from Microsoft Documentation which explains this feature.
A service representative at a call center may identify callers by several digits of their social security number or credit card number, but those data items should not be fully exposed to the service representative. A masking rule can be defined that masks all but the last four digits of any social security number or credit card number in the result set of any query. As another example, an appropriate data mask can be defined to protect personally identifiable information (PII) data, so that a developer can query production environments for troubleshooting purposes without violating compliance regulations.
Below are the different masking rules which you can define on your columns
- Default -> Full masking according to the data type defined
- Email -> This is to mask the email address stored in your table
- Random -> Use on any numeric type to mask the original value with a random value within a specified range.
- Custom String -> If above listed rules doesn’t meet your needs, you can define your own masking function with custom string
