From 8b729127ee36570d10ace0749d3175419f79edf6 Mon Sep 17 00:00:00 2001
From: Thanh Pham <zlatan.pham@gmail.com>
Date: Thu, 9 Jan 2025 16:45:44 +0700
Subject: [PATCH] add data masking to security use case

---
 Use Cases/database-hardening-for-trading-platform.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Use Cases/database-hardening-for-trading-platform.md b/Use Cases/database-hardening-for-trading-platform.md
index efb00c82..a58b8f05 100644
--- a/Use Cases/database-hardening-for-trading-platform.md	
+++ b/Use Cases/database-hardening-for-trading-platform.md	
@@ -80,6 +80,14 @@ Open access points created opportunities for unauthorized interactions with the
 
 Insufficient authentication measures left accounts vulnerable to compromise. Implementing MFA added an extra layer of security by requiring developers to verify their identities using multiple factors before accessing the database.
 
+### **Data masking**
+
+To further protect sensitive data, even when accessed by authorized personnel, we implemented data masking:
+
+- **Selective masking**: Sensitive data like client Personally Identifiable Information (PII) or financial details were masked or obfuscated.
+- **Granular control**: Masking rules were applied based on user roles and specific data fields.
+- **Dynamic masking**: Data was masked in real-time during queries, ensuring that sensitive information was never exposed in its raw form.
+
 ### **Database observability and audit logging**
 
 Lack of visibility into database interactions hindered accountability. To address this, we: