A company is implementing a data loss prevention (DLP) strategy for cloud storage. They need to detect and mask credit card numbers in documents stored in a cloud storage bucket. The DLP service provides de-identification transforms including masking, tokenization, and pseudonymization. Which transform should the company use to irreversibly replace the credit card numbers with a placeholder while maintaining the original format for analytics?
Masking irreversibly obscures data while preserving format.
Why this answer
Masking replaces sensitive data with a masked version, such as showing only the last four digits, preserving format for analytics. Tokenization substitutes with a token that requires a mapping table. Pseudonymization replaces with a consistent pseudonym that can be reversed.
Bucketing groups values into ranges.