IRI Blog Articles

Diving Deeper into Data Management



FieldShield v3: More Data Masking Functions and Cross-Table Protection Rules

by Jason Koivu


The protection of sensitive information and data loss prevention (DLP) are critical elements of modern data governance. IRI’s FieldShield is a uniquely versatile tool for securing sensitive fields in database tables and flat files with a choice of protections that operate according to business rules to de-identify or remove individualizing characteristics, without cutting off access to the rest of the data or changing their basic appearance. XML audit logs for FieldShield jobs help verify compliance with data privacy laws.

The latest version of IRI’s FieldShield tool for start-point encryption is designed to enhance DLP and data governance efforts with additional data masking, encryption, and other functions. And those protection functions can be applied via rules to protect personally identifiable information (PII) and other sensitive data elements across multiple database tables at once, while also preserving referential integrity and data-application independence.


FieldShield v3 upgrades last year’s v2 release that brought field-level encryption, data masking, pseudonymization and other functions into the IRI Workbench GUI, built on Eclipse. The visual environment makes job design, sharing, and deployment easier. The latest version of FieldShield in the IRI Workbench allows DBAs to apply uniform protection rules to columns containing the same PII attribute across multiple tables in a database or schema.

FieldShield v3’s data protection rule engine and function library allow users to specify, save, and re-use a regular expression identifying the columns in selected tables to which the chosen security function will be applied. For example, the same format-preserving encryption can be applied to every social security number column in every table, even if the column names are slightly different.

A single job definition for encryption and decryption for the entire database saves job design time, and preserves referential integrity by keeping the inter-table data encrypted, and thus linked, in the same way. This profiling functionality will be extended to CoSort’s big data ETL users in the IRI Workbench wishing to apply common data transformation rules to many sources at once.

As with source and target data definitions, FieldShield protection rules are stored in a centralized library and available for use in the same or new protection projects. FieldShield users in the IRI Workbench access, modify, and deploy their metadata and their masking functions in new, ergonomic job wizards purpose-built for RDB column protection.

In addition to the rule library and protection job wizards, FieldShield v3 introduces new functions like:

  • FIPS-compliant OpenSSL and 3DES encryption
  • AES-128 (in addition to AES-256 with or without format preservation)
  • Random selection or data generation
  • 256-bit hashing and tokenization to supplement encryption (esp. for PCI)
  • Custom data masks
  • Field shifting and more string manipulations

Other features, including row- and column-level filters, reversible and non-reversible pseudonymization, and near-value lookup file logic, which further enhance FieldShield’s ability to protect PII in static and changing dimensions.

More information is available on FieldShield at or you can get more information on the 4GL GUI built on Eclipse at If you would like to try FieldShield, you can request a 30-day free trial from

Print Friendly

{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: