FieldShield v3 is uniquely powerful data loss prevention (DLP) software for personally identifying information (PII) and other sensitive data in database columns and flat-file fields. FieldShield masks data with multiple encryption and de-identification functions that you choose according to your business rules. If you need fast, targeted, and auditable data security for your relational databases, or files in text, CSV, LDIF, XML, COBOL or other sequential formats, consider a FieldShield solution.
|
Summary
FieldShield shields sensitive fields in database tables and flat files with a choice of protections. Encrypt, mask, hash, change, pseudonymize, and filter data according to business rules to de-identify or remove individualizing characteristics without cutting off access to the rest of the data or changing its basic appearance. FieldShield's optional audit trail verifies compliance with data privacy laws, and its Eclipse-based GUI make job design, sharing and deployment easier. |
|
Selected Features
• AES-128 & format-preserving AES-256 encryption
• 3DES, FIPS-compliant OpenSSL & GPG/PGP encryption
• Data masking and obfuscation functions
• Built-in de-identification, hashing and randomization
• Lookup table pseudonymizations
• Cross-table protection rule application and storage
• XML audit (compliance) log
• Open, interoperable metadata and GUI, built on Eclipse
• Compatible test data creation |
Introduction
Does your company process or maintain database tables or flat files with PII , and are you responsible for processing or protecting that data? If so, you know that data = risk, and the physical and logical security measures that are in play already. So consider these questions next:
- Would the data still be safe from misuse if it, or its decryption key, were stolen?
- Does your department comply with data privacy regulations? Can you prove it?
- Do you protect only the data at risk, so you can see and use non-sensitive data?
- Can you protect different data elements with different protection methods?
- Does the protected data look real enough to present, outsource, or test against? Is it referentially correct?
- Are your metadata or processing tools integrated with your protection methods?
- How much money and time is wasted encrypting safe data or just one database?
Transaction data containing personally-identifying information (PII) are commonly stored in databases, Excel, and in flat-file formats like CSV, text, index and record sequential, variable block, LDIF, and XML. Flat files also feed databases and spreadsheets, are attached to emails, travel on laptops, are posted to the internet, and copied onto CDs, thumb drives, etc. These fundamental sources of business information, whether at rest or in motion, can put your organization at risk.
IRI's flagship CoSort technology has a 35-year track record of granular data manipulation for large, and disparate data sources. Now you can leverage that expertise for shielding the sensitive fields in your tables and files with auditable, role-based access controls.
|
|
Description
FieldShield is a "start-point data protection" tool because it shields enterprise data within tables or files at rest or in production. There are several uniquely beneficial aspects to the tool:
Versatility. FieldShield protects sensitive data in a wide variety of database platforms and flat-file formats - either separately or in combination (e.g. ETL environments). And, FieldShield can secure each element individually, by applying a different protection to each column or field simultaneously. Based on the business rules for protecting each field, you can choose from:
• Encryption & Decryption
• De & Re-Identification
• Masking via Anonymization
• Masking via Pseudonymization
• Masking via Custom Functions
• Filtering & Redaction
Consider for example an insurance claim file with 12 PHI fields, three of which are sensitive. FieldShield's choice of protections would allow you to comply with HIPAA by encrypting the SSN column, de-identifying a diagnosis field, and using another obfuscating mask on a zip code. FieldShield also encrypts and masks Unicode data and multi-byte Chinese, Japanese, and Korean character sets.
Efficiency. With FieldShield, non-sensitive data in other columns or fields remain untouched, and available for use (along with anything else that need no protection). This need-based approach is more efficient than full database or device-centric encryption which protects data and systems beyond actual need; and that takes more time and cuts off your ability to work with non-sensitive data.
Flexibility. FieldShield also allows you to specify data protections on a conditional basis, so you can target a particular protection function based on a pattern, value, or range in a specific column or substring. Beyond field-level security, you can also tell FieldShield to encrypt, mask, hash, randomize, de-identify or filter entire rows or records, or even one or more files at a time. Your business rules determine every place for, and type of, security among multiple tables and file formats.
Safety. By using different security functions or encryption keys, even if one column were to be compromised, the others are not, and the remaining data remains anonymous. This is more secure than full source encryption and other single-method protection methods. You can also use multiple encryption functions or decryption keys for different fields and different recipients.
Simplicity. By applying role-base data protection, you need only produce a single version of the secured output for multiple recipients. For file receipients, needing only one target reduces protection time and the complexity (synchronization issues) of managing disparate versions of the output. Also, by specifying all the protections in one FieldShield program, there is only one job script to create, manage, and audit. For DBAs, a common protection rule can be defined, applied to multiple tables at once, and re-used in other applications - saving design time and preserving referential integrity.
Clarity. FieldShield uses a popular, self-documenting 4GL to define the layouts and protections (or recovery) of your table and file input and output fields.
FieldShield's open-text job scripts can be secured in your operating system as needed, and saved within XML audit logs for verifying the steps taken in compliance with data privacy regulations.
Interoperability. FieldShield runs on all Unix, Linux, and Windows platforms, and operates on all ODBC-connected database tables and, the sequential file formats common to most applications and mainframes, including files with header and footer records. And, FieldShield uses the same metadata as:
- CoSort for data transformation and reporting
- RowGen for realistic test data generation
- NextForm for file and data type conversion
- Fast Extract for unloading Oracle and DB2
FieldShield's data definition files are interchangeable among all IRI products, and compatible with the Meta Integration Model Bridge. MIMB's .ddf support means you can quickly convert file layouts in third-party ETL, BI, and modeling tools for use with FieldShield and other IRI software.
Platform and Data Availability
FieldShield functionality is currently available through command-line, batch, and GUI operations through the IRI Workbench, built-on Eclipse.
FieldShield job scripts created manually or with the GUI work identically across all Linux, Unix and Windows platforms. There are no restrictions on table or file sizes, or the number of columns or fields. Most FieldShield functions can be applied to more than 100 single- and multi-byte data types. Records must be in a common format in each file, and the current record length limit is 64Kb. Direct access to Excel and RDBMS tables requires ODBC.
Licensing and Support Information
FieldShield is now up to Version 3.1. Development and production (concealment) licenses are available for perpetual and leased usage on Windows, Linux, and Unix hardware. License fees are discounted in volume and use in decryption (revelation) only. The IRI Workbench GUI, which also front-ends CoSort, Fast Extract, RowGen, and bulk-load operations for VLDB reorg and data warehouse ETL, is free!
Please email fieldshield@iri.com or click on the free trial icon if you would like to evaluate this tool in confidence. |
|
Thank you for sending us a request for information. We will get back to you shortly.
|
Brochure 
