As data from systems and apps proliferates at an unprecedented rate, enterprises are rapidly migrating to the cloud to leverage that data for analytics and machine learning programs. A recent cloud security study found that more than 20% of businesses now host the majority of their sensitive data in the cloud.
But while cloud technology offers greater agility, operational efficiency and scalability, it also introduces new security risks. The same study found that 40% of businesses reported a data breach in the last year; risks range from poor data visibility to lack of control over access to sensitive data.
In this environment, data teams will need to bring security best practices to the cloud — including the ability to limit the amount of sensitive data sent to a data warehouse, lake or lakehouse. With this in mind, we’re making column masking available across all Fivetran connectors, including SaaS applications, services, files, events and functions — in addition to the support we offer for database and database-like connectors.
How column masking works — and why it’s essential
Column masking makes sensitive column-level data inaccessible to users querying it in your destination. It does so in two ways:
- Column blocking: fully blocks a column from entering a destination
- Column hashing: anonymizes data before it enters a destination
Blocking ensures that no user is able to query sensitive data, but if your use case expands and you want to analyze the data, you can still hash the field across different data sources.
Data sources that often contain sensitive data, such as revenue, accounting or employee information, can be found across teams and systems, including:
- Finance + accounting: Xero, NetSuite, Anaplan, Coupa, Concur, Dynamics 365
- Human resources: Lever, Greenhouse
- Customer information (including apps that handle billing, support, ecommerce and marketing): Klaviyo, Mailchimp, Braintree, Shopify, Stripe, Zendesk
Ultimately, employing column masking for sensitive data from these kinds of sources can help meet data privacy compliance requirements such as GDPR, PCI and HIPAA, improve your security hygiene and ultimately protect your brand reputation.
“Masking the handful of PII containing columns means that we don't have to worry about warehouse side compliance now or in the future. It just helps our tiny data team continue to do more with less, which is what Fivetran has enabled since the beginning.”
-John Grubb, Director of Data & Analytics, Platform.sh
“[Fivetran] has allowed us to earn our customers’ trust so that we can connect to their downstream sources that contain both their and their end-users’ sensitive information, knowing that the information will never be visible within the warehouse.”
-Nick Scheifler, Head of Data & Analytics, SupportNinja
Getting started with column masking
You’ll need to create a connector to begin. From there, click into the connector, use the “Schema Tab” to browse fields associated with each object. You can block the entire field from being loaded into the warehouse by clicking the checkbox. If you hover over the column name, a dropdown menu will appear to hash column values.
If you currently have a Fivetran account, we’ll be gradually rolling out the feature, so you should expect to see this functionality in your account over the coming weeks. If you’d like to take advantage of this earlier, please reach out to us at email@example.com.
Download this white paper to learn more about Fivetran’s extensive security capabilities.