All posts
August 25, 20222 min read

BigQuery Data Masking with Just-In-Time Action Approval

BigQuery is a powerful tool for handling large-scale data analytics, but managing sensitive information securely is both complex and critical. One method gaining traction in data security is data masking, where sensitive data is transformed or obscured to keep it safe while maintaining its usability. By pairing it with a Just-In-Time (JIT) action approval workflow, organizations can manage data access more granularly and reduce security risks. This post demystifies how you can implement data ma

Free White Paper

Data Masking (Dynamic / In-Transit) + TOTP (Time-Based One-Time Password): The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Andrios Robert

BigQuery is a powerful tool for handling large-scale data analytics, but managing sensitive information securely is both complex and critical. One method gaining traction in data security is data masking, where sensitive data is transformed or obscured to keep it safe while maintaining its usability. By pairing it with a Just-In-Time (JIT) action approval workflow, organizations can manage data access more granularly and reduce security risks.

This post demystifies how you can implement data masking in BigQuery with JIT action approvals, balancing functionality with robust data security.

What is BigQuery Data Masking?

BigQuery data masking is a method to protect sensitive fields without losing their analytical utility. It works by replacing original data—like personally identifiable information (PII)—with obfuscated values. For instance, email addresses like user@example.com could appear as ****@example.com to unauthorized users, ensuring privacy while solving business problems.

In BigQuery, this is commonly achieved using conditional SQL expressions like CASE statements or pseudonymizing functions. However, the simplicity of masking requires control—ensuring only approved actions allow full data access. Without oversight, your masked data could inadvertently be exposed in raw form.

Why Combine JIT Approval With Data Masking?

Data masking reduces risk by protecting sensitive information, but it doesn't make access decisions. Unmasking raw data often requires manual processes, policies, or blanket permissions which can introduce inefficiencies—or worse, human error.

By integrating Just-In-Time action approval, every sensitive data unmasking request is subject to strict, real-time scrutiny. Here’s how it works in practice:

  • Minimized Exposure: Teams access raw data only when specific tasks require it.
  • Approval Workflow: Unmasking requests are checked against rules or escalated to reviewers for approval.
  • Auditability: Every access is logged, creating a record trail to monitor compliance.

In short, JIT action approval works as a safety net, ensuring sensitive data exposure only occurs under the right circumstances and for valid reasons.

Continue reading? Get the full guide.

Data Masking (Dynamic / In-Transit) + TOTP (Time-Based One-Time Password): Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

How to Implement Data Masking with JIT Approval in BigQuery

To set up this workflow, you'll need a system to combine SQL-based data masking with external approval logic. Below is a high-level breakdown:

1. Use Conditional Data Masking in BigQuery

Mask sensitive columns using SQL expressions like CASE or SAFE functions. For example:

SELECT 
 CASE 
 WHEN has_access('user_id') THEN user_email 
 ELSE '****@*****.com' 
 END AS masked_email 
FROM your_table;

In this scenario, the has_access() custom function controls whether users can see real data or obfuscated information.

2. Establish a Policy Enforcement Layer

Couple your BigQuery data masking logic with a policy engine to control unmasking operations based on roles, conditions, or manual approvals.

3. Build a JIT Approval Workflow

Integrate an action approval system like Hoop.dev to manage unmasking requests in real time. For example:

  • When a user submits a query to access raw data, it triggers an action approval.
  • The workflow sends the request to an approver with details like purpose and urgency.
  • Once approved, the query executes and retrieves the unmasked values.

This step ensures human oversight while remaining agile.

4. Integrate Access Logs and Monitoring

Centralize log data to highlight patterns and detect anomalies. Keep track of who performed actions, when, and why. Tools like Cloud Logging or SIEM platforms can provide insights into your data masking + approval process.

Benefits of This Approach

  1. Granular Access Control: Users see relevant data without risking exposure to PII.
  2. Real-Time Security: JIT approval ensures real-time checks on sensitive requests.
  3. Compliance-Friendly: Logs and policies facilitate stronger adherence to GDPR, HIPAA, and other regulations.
  4. Seamless Scalability: Implementation can be adjusted as your BigQuery systems grow.

Simplify JIT Approval with Hoop.dev

Combining BigQuery’s data masking with JIT action approvals doesn’t have to be a complex undertaking. With Hoop.dev, you can implement a lightweight, real-time approval system in minutes—without slowing down workflows.

Ready to see how JIT action approvals can enhance your data security strategy? Explore how you can set it up effortlessly and test it live on Hoop.dev today!

Get started

See hoop.dev in action

One gateway for every database, container, and AI agent. Deploy in minutes.

Get a demoMore posts