What aspect is the most important to look for when evaluating Data Masking solutions?

I am an Informatica Data Masking specialist. Informatica delivers an end-to-end best breed solutions for the complete modern data integration. Informatica is the leader in 5 magic quadrants for over 10 years now.

I recommend you have a look at Test Data Management Informatica that integrates with PowerCenter, PowerExchange®, and Informatica applications to manage nonproduction data in an organization.

With TDM, an organization can create a smaller copy of the production data and mask the sensitive data. An organization can discover the sensitive columns in the test data, and ensure that the sensitive columns are masked in the test data. An organization can also create test data that does not contain sensitive data from the production database. They can create a test data warehouse to store test data in a central location and edit or reset the data when required.

We also offer Dynamic Data Masking that de-identifies data and controls unauthorized access to production environments, such as customer service, billing, order management, and customer engagement. Dynamic Data Masking masks or blocks sensitive information to users based on their role, location, and privileges, can alert on unauthorized access attempts and provides logs for compliance and audit.

Note that Gartner has no magic quadrant for data security, but I found this website that compares data masking tools: www.softwaretestinghelp.com

Hi, is it purely Data Masking you are looking for? I could offer you a solution that I am fairly comfortable with. The product not only does data masking but can also carry out FPE (Format Preserving Encryption) on a field level. Further to this, if you are looking for some masking Credit cards for example, I could even set up a policy to show the first 6 and last 4 digits within the card number and mask the middle digits. 

Besides the above, the solution a I suggesting is a framework, not just a product, it also has almost 1500 out of the box integrations.

If your problem is data discovery, i can further assist you by reducing the amount of replicated data across your environment

I'm the head of product at Satori and what I'd suggest to look at is simplicity and maintainability so you don't have to introduce complex controls into your data stores and create multiple copies of the data for access control purposes. 

You might want to checkout our universal approach to data masking, where all you have to configure is (1) the type of data to mask (2) what is the masking function and (3) in which cases a masked version of the data should be delivered to the data consumer (i.e. by role). Here's a short and simple demo video showing how to configure masking for email addresses under 60 seconds without changing anything in the data source: link

1) What aspect is the most important to look for when evaluating Data Masking solutions?

One of the most important points about choosing a masking solution was the marking algorithm designed to be consistent. Currently, excellent solutions on the market have excellent algorithms consistent between systems and time periods, but the question of compatibility (database, operating system, low or high platform, etc.) with the environment continues.

This is very important, as it is necessary to evaluate the possibility of changing versions of a certain database, including migrating to another database manufacturer or expanding the databases with other manufacturers. The question of compatibility is important.

So, in addition to this compatibility, it is necessary to evaluate the minimum requirements (hardware and software) required by the manufacturer of a given solution. Generally, there are the minimum and recommended requirements. It is always valid to follow the recommendations, not just the minimum requirements.

2) Where can I find a report comparing DB security tools?

It is difficult to find a report comparing these tools. Generally, when we need a solution, we check the placement of the best solutions in the Gartner Magic Quadrant. After choosing the 03 (three) best positioned, we do the Proof of Concept (POC) with the Test Book. This helps significantly in decision making by managers. Some databases already have native functionality for data masking, as is the case with SQL Server 2016 or higher.

Now, between a native and an external solution, an external one is generally recommended because it consumes less processing resources in the databases, for example. In an external solution, agents installed in the databases are used to perform the data masking, as is the case with IBM Security Guardium.

Examples: Azure SQL Database, SQL Server 2016 or higher, IBM Infosphere Optim, IBM Security Guardium.

Here are questions to guide your search. The ecosystem is quite fragmented and reviews of different solutions are difficult to come by.  

Data discovery, masking, and associated capabilities can be purchased on a per-server basis for SQL Server and Oracle for $5K/year per server or range up to $100-200K/year for an "enterprise solution." 

The first question is to scope your needs. Do you need static data masking only, and for what data stores (structured plus unstructured)? You will want to scan and discover the columns involving sensitive data, which is the data discovery and typically built into a good masking solution (I would steer clear of a solution where the two are separate products).  

If your need is for Oracle and SQL Server, the affordable quality options abound. 

If you have a diverse set of relational and non-relational data, then the solutions narrow and become much more expensive. 

Other aspects include support for deterministic (consistent) masking of databases. "Mary Smith" can be masked the same across SQL Server databases, or even across other database platforms. 

Reports or audit logs on data masks applied can also be important. 

Ease of use, and associated ability to distribute the application of enterprise security policies (masking rules) is also an important consideration.