Innovate faster and cut risk with PHP experts from Zend Services.
See How Zend Helps Leading Hosting Providers Keep Their Managed Sites on Secure PHP
Learn PHP from PHP experts with free, on-demand, and instructor led courses.
Submit support requests and browse self-service resources.
What Is PII?PII is personally identifiable information (PII) that can be used to identify, contact, or locate a person. For example, PII includes phone numbers, home addresses, and email aliases as well as social security numbers, credit card numbers, and medical history. All global organizations have some requirements for protecting the PII of customers and staff. PII compliance regulations vary by industry and country. However, some of the most common data-protection regulations are HIPAA, PCI DSS, GDPR, and SOX.
What Is Data Masking?Data masking is a process used to protect PII or other types of sensitive information — such as passwords — from unauthorized access via obfuscation. An example of data masking is the representation of typed passwords with bullets (•) or asterisks (*) in an application form. You can also use data masking to prevent sensitive data — such as employee salaries or customers’ credit card numbers — from displaying in applications used by IT staff such as debuggers and monitoring tools.
To monitor and debug PHP applications, developers and administrators need to analyze the information in log files. That’s because they contain a detailed record of the data applications collect, share, and generate. For example, log files include metrics about application performance, memory usage, request status, and application error messages. And sometimes — even though it’s not a best practice — log files could contain PII information associated with logins, user profiles, and other sensitive data that people enter in forms.
Typically, developers and site administrators are not authorized to view the PII of your employees and customers. If you do not mask PII data in logs from displaying when developers work on your PHP applications, you risk:
With Zend Server, you can mask the PII in PHP log files from displaying when monitoring, analyzing, and debugging code using tools such as Z-Ray, Code Tracing, and URL Insights. As a result, developers can instantly access the information they need to tune and debug code, and you help ensure PII compliance.
To mask data that displays on Zend Server screens, you configure rules that restrict what information Zend Server collects from applications. For example, you can mask the PII information — such as emails, names, credit card information, and social security numbers entered by any user —that Zend Server collects when monitoring:
And you can mask PII information that could display in the Z-Ray debugger when analyzing:
Let’s walk through how you can mask a password from displaying when debugging a Drupal site using data masking in Zend Server. For the purposes of this example, let’s pretend that you are a Drupal administrator and you have not configured any data masking rules. When you log into Zend Server, you will see a window that looks something like this:
After you enter your name and password, you’ll be viewing your site from the Zend Server administrative console. The toolbar on the bottom of the screen are tabs that are running in the live Z-Ray debugger/profiler. When you click on the lower left button to see information about your site’s successful (200) requests, your Z-Ray display might look something like this:
You can see all the data collected from your login request, including your username and password. To hide that information, I’ll go to:
Let’s log in again and look at the same request:
Notice anything different? The password is now shown as “****”.
Let’s look at another example of protecting PII. This time, let’s pretend I am a developer who created a custom contact form that has a social security number (SSN) field. When I test the form using Zend Server, I will see a window that looks something like this:
After I submit the completed form, I use Z-Ray to look at the function calls, including insights about memory usage. I will see a window that looks something like this:
The value I entered for SSN is unmasked and clearly visible: 111-22-3456.
To hide the SSNs that people will be entering in my form, I can:
• Mask the field itself as I did in the first example. • Mask SSNs by using a regular expression match which we’ll do in this next example.
To demonstrate, let’s set a pattern to recognize and mask SSNs by matching expressions:
If I submit the request again, the value is now masked.
You can meet your PII compliance requirements and give developers and administrators the detailed insight they need to rapidly tune and debug applications by using data masking in Zend Server.
Try data masking in Zend Server yourself by taking advantage of the free 30-day trial.
START FREE TRIAL
Director of Product Management, Zend by Perforce