Dynamic data desensitization and data encryption work together to enhance data security by addressing different stages of data handling.
Data Encryption protects data at rest or in transit by converting it into an unreadable format using algorithms and keys. For example, sensitive customer information stored in a database is encrypted, ensuring that even if the data is stolen, it cannot be accessed without the decryption key.
Dynamic Data Desensitization (or dynamic masking) protects data in use by masking or obfuscating sensitive information when it is accessed by unauthorized users or applications. For instance, when a customer service representative queries a database, only partial credit card numbers (e.g., "--****-1234") are displayed, while the full data remains hidden.
These two techniques complement each other:
In cloud environments, services like Tencent Cloud Data Security provide integrated solutions for both encryption and dynamic desensitization. For example, Tencent Cloud’s Key Management Service (KMS) manages encryption keys, while Data Masking features in databases like TencentDB ensure sensitive data is dynamically protected during queries.