SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
International Women’s Day
392 opinions Read now

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Secure cloud database stack with automatic pii data masking
#
Data Protection
#
Application Security
#
Partner Programmes

Aerospike embeds default data masking in Database 8

Wed, 11th Feb 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

Aerospike has added native dynamic data masking to its database, pitching it as a way for organisations to protect personally identifiable information while keeping operational overhead low.

The capability is built directly into Aerospike Database and applies at the database layer rather than in the application stack. This reduces reliance on application code changes or third-party tokenisation services.

Compliance pressure

Data masking has become a more prominent requirement as regulators tighten expectations around how companies handle sensitive data. Aerospike cited PCI-DSS, the California Consumer Privacy Act, GDPR, and the Reserve Bank of India's Cybersecurity Framework as examples of mandates calling for stronger protection of personal data.

In many NoSQL systems, masking is an optional add-on and may be disabled by default. In those environments, security teams and developers typically implement masked views, aggregation pipelines, or custom application logic. Some organisations also deploy tokenisation services outside the database.

These approaches can increase administrative load and introduce configuration risk. They can also add latency if data must be transformed or routed through additional services. Aerospike is positioning database-layer masking as a way to reduce gaps that can lead to data leakage.

How it works

Aerospike's implementation is rule-based. Administrators can apply rules that mask data for users and machines by default, while only explicitly privileged identities can access unmasked data.

Aerospike said this makes masking enforceable without developer intervention and that it covers both human and machine identities. It also described the feature as integrated with auditing and compliance workflows, which can help organisations demonstrate access controls during internal reviews or external assessments.

Dynamic data masking is enabled by default, a notable design choice in a market where security controls often require explicit configuration before they take effect.

The feature arrives as companies build more real-time systems that move large volumes of data through operational pipelines. Data protection requirements can conflict with performance expectations in high-throughput environments, particularly when personal data sits alongside behavioural, transactional, or device-level signals.

In its announcement, Aerospike positioned the change as relevant to modern application development and AI workloads, where more internal services and automated agents may query production data. Masking at the database layer can reduce reliance on consistent implementation across teams and services.

"The complexity of legacy NoSQL DDM deployment needs to keep pace with the modern velocity of data-hungry AI and application development," said Srini Srinivasan, Founder and CTO, Aerospike. "The native dynamic data masking in the Aerospike Database provides the access needed for digital business with dramatically less effort, overhead, and compliance risks."

Database 8 updates

Native dynamic data masking is part of the Aerospike Database 8 product line. Aerospike linked the feature to broader updates in the major release and noted that Aerospike Database 8 has received industry recognition, citing SiliconANGLE's 2025 TechForward Award for Data Platform Tech in the Database Systems category.

Dynamic data masking typically sits alongside other controls in a data governance programme. Organisations may combine it with role-based access control, auditing, and encryption. Masking changes what a user or service sees even when it can reach a table or record, making it complementary to access management rather than a replacement for it.

In deployments, masking is often a negotiation between security teams, compliance owners, and product engineers. Security teams want broad enforcement, while engineers want predictable behaviour and low overhead. Aerospike's approach concentrates enforcement in the database, reducing a class of application-level misconfiguration and making security posture more consistent across services that read the same dataset.

Platformatory Founder Pavan Keshavamurthy said organisations still struggle when masking is treated as an external layer rather than a built-in mechanism.

"We see organizations struggle with data masking because it's bolted on, not built in," said Keshavamurthy. "Aerospike Database 8 flips that model by enforcing PII protection directly at the database layer, which dramatically reduces complexity for teams deploying real-time NoSQL systems."

Aerospike said the feature is available now as part of Aerospike Database 8, with administrators applying rules to define which identities can see unmasked fields.

Related stories
OpenLegacy unveils AWS hub for safer mainframe shift
Hitachi Vantara debuts AI-ready storage in Singapore
KnowBe4 debuts AI agent for tailored cyber training
Gallagher unveils AccessNow cloud at ISC West 2026
Conquer the KYB challenge: How smarter data quality fuels fintech integrators

Top stories

UiPath secures landmark AIUC-1 certification for AI agents
NAKIVO adds vSphere 9, Proxmox 9.1 in backup update
ActiveState names Abby Kearns as new chief executive
Malaysia chases AI hub status but workplace use lags
Fake Claude AI ads spread malware to target developers