IRI FieldShield is a robust, start-point data protection and privacy law compliance utility that searches for and shields personally identifiable information (PII) in multiple database tables and file formats. FieldShield is also a deterministic, content-aware data loss prevention tool because it lets you apply the protections you need to only those columns that need protecting.
See IRI CellShield if you have PII stored in Excel spreadsheets.
According to Gartner's data masking analysts, only about half of enterprises with sensitive data at rest know where it is. Included cross-platform DB and file profiling tools in FieldShield find, classify, and diagram PII based on pattern and fuzzy search matches.
FieldShield users can apply the same or different functions to any number of columns, in any number of sources, simultaneously. FieldShield delivers data-centric protection in 12 different functional categories:
- multiple, NSA Suite B and FIPS-compliant encryption (and decryption) algorithms, including format-preserving encryption
- SHA-1 and SHA-2 hashing
- ASCII de-ID
- binary encoding
- canned and custom data masking
- reversible and non-reversible pseudonymization
- custom expression (cross-calculation) logic
- filtering or redaction
- data type and file-format conversion
- byte shifting and sub-string functions
- tokenization (for PCI)
The shield you choose for each field depends on your need for security, reversibility, appearance, and speed. In addition to the built-in functions, you can also write and call your own field functions at runtime.
Whether built-in or custom, you can apply protections conditionally to specific rows or columns, and across tables using protection rules that you can select/define, store, and re-use.
Field-level protections are safer because even if there is a breach based on an access to a given column decryption key, the other columns may still have their own protection applied. Contrast that to a single password opening access to everything in the database, table, file, or volume.
FieldShield also uses state-of-the-art encryption algorithms that are very difficult to crack.You can strengthen encryption with random tokenization, hashing, and secure, changing encryption keys. FieldShield's data obfuscation techniques can also forever (irreversibly) redact original values. A non-reversible method like data masking or filtering removes any computational basis for deriving the original value
Field-level protection is inherently efficient; i.e., you apply protections surgically to selected rows and columns rather than in bulk. Where the data are large, FieldShield uses the advanced data movement algorithms and resource exploitation techniques for which its parent IRI CoSort (big data transformation and reporting) product is famous.
You can also combine FieldShield with IRI FACT (Fast Extract) to unload very large database (VLDB) tables into flat files for faster protection operations. If you use the parent CoSort SortCL program, you can run the same protections during data transformation, cleansing, mapping, and pre-load sorting jobs that feed BI and DB targets.
FieldShield's static data masking jobs are defined in simple, self-documenting 4GL job scripts that developers can use and share (securely, even in the cloud) which clearly identify source field layouts and target field protections and formats. These scripts are portable and available to both developers and end-users who need to protect or reveal protected data. Language learning however, is not required.
In the free IRI Workbench GUI, built on Eclipse™, FieldShield users have graphical access to:
- automated source data discovery and metadata definition
- single- and multi-source protection job creation wizards
- master data definition and protection
- cross-table semantic (pattern matching) protection rule application
- project management (teaming) and version control
- encryption key management
- XML job audit logs for verifying privacy law compliance
FieldShield can also be used for dynamic data masking. Real-time security is possible through SQL SELECT and UPDATE logic, or via FieldShield routines called into your application. Contact IRI for FieldShield's .NET or Java software development kit (SDK) if you need in-situ encryption, etc.
FieldShield’s Eclipse GUI and self-documenting 4GL metadata and job syntax are easy to learn, use, and run -- alone or combination. The IRI Workbench GUI is a free option that supports, and seamlessly interacts with, FieldShield job design and management.
While database column encryption is usually functionally limited, platform-specific, and cumbersome to implement, FieldShield's new job creation wizards hold your hand through the definition of source metadata, and the choice and application of field-specific protections for every target. Database connectivity and browsing, data profiling and metadata definition, and local and remote execution, are all simplified in the GUI.
Job modification is especially easy in FieldShield because its simple text scripts are easy to access and edit anywhere. You can run FieldShield jobs from the GUI, on the command line, in batch, or from within your applications.
FieldShield users enjoy immediate metadata links, job scripting compatibility, and graphical integration with data transformation (integration and staging), test data generation, reporting, and advanced BI functionality in the IRI Workbench. With or without the GUI, upgrading to the IRI CoSort (SortCL) program) allows you to combine field-level protections in the same job script and I/O pass with all of these data management activities.
FieldShield and other IRI tools' data definition file (.ddf) metadata is also supported by AnalytixDS Mapping Manager and the Meta Integration Model Bridge (MIMB). These tools convert metadata already defined in third-party BI, CRM, DB, ETL, and data modeling tools into FieldShield DDF ... making it easier for you to protect data in your current environment.