Skip to main content

Data Masking in dab Nexus

This article explains how data is protected and encrypted within dab Nexus.

SAP (client-side)

To increase data protection during transfer between SAP and other components such as dab Nexus, you can enable SNC (Secure Network Connection). Note that you will need the 'Privacy Protection' level to enable data encryption.

SAP Connection in dab Nexus

When creating a SAP Connection in dab Nexus, you can configure the available Data Masking options for that connection. There are three options available to you:

  1. None - the SAP data is extracted without any masking being applied.
  2. Anonymise - the values will be replaced with a fixed placeholder, such as 'XXXXXXXXXX'.
  3. Pseudonymize - the values will be replaced with a consistent hash using a salt. To obtain the same pseudonymised values across different tasks, copy and save the salt.

The following data types will be anonymised or pseudonymised: Usernames or User IDs, first names and surnames, email addresses, personnel numbers, etc.

The data is first pseudonymised in-memory on the server once it has been extracted from the SAP system, and then written to the data sink.

SQL server (cient-side)

You can secure the connection between dab Nexus and your SQL server using TLS (Transport Layer Security). This involves setting up TLS on your SQL server and providing a valid SQL certificate.

Repositories

Repositories are either password-protected or stored on the server, and only the dab Nexus Service User is authorised to access them.

Connections (Microsoft Mirrored Database, Lakehouse, Snowflake, Azure Data Lake Storage)

All of these are protected by TLS (Transport Layer Security).

Parquet files (local)

The data in the local Parquet files is masked, but not encrypted.