Mask Sensitive Data on Prisma Cloud
Prisma Cloud Data Security can now mask how data is stored in snippets. A snippet is a piece of data that matches the Add a New Data Pattern in Prisma Cloud that you want to identify within your files. Snippet masking enables you to control how this sensitive data, such as credit card numbers or Social Security numbers, displays to administrators who can view the snippet within Prisma Cloud.
- Select
- Select your masking option.There are three types of masks that you can apply to your sensitive data. The default option isPartial Maskwhich displays only the last four characters in clear text such as XXXX-XXXX-XXXX-1234. If you do not want to cloak sensitive data then you can toggleDo not maskwhich displays your data in plain text such as 1234-1234-1234-1234. The last option isFull Maskwhich cloaks all the values of the sensitive data such as XXXX-XXXX-XXXX-XXXX. When a mask is applied, 200 bytes before and after the pattern match is displayed.
- View snippets on Prisma Cloud.Before you can view a masked snippet, you will need to enable data security, add an AWS account and enable data security, and use the data policies to scan.
- Select
- In theBUCKET NAMEcolumn, click the bucket that you want to analyze.
- In theOBJECT NAMEcolumn, click the object.
- View the masked snippet.TheSnippet Statuscolumn displays the current Data Inventory of the scan. In order to view your masked data theSnippets Statusmust show a hyperlink with the anchor text ofAvailable. Below is an example of the partial mask applied:
