Your organization manages personally identifiable information (PII). Your data governance efforts must prevent the kinds of data disasters posted at the Privacy Rights Clearinghouse. You must comply with industry and government data privacy rules.
Since you cannot eliminate PII, you have to discover it, protect it, and verify that you protected it. Then you have to continue monitoring and addressing data risks going forward.
At protection time, technology choices are difficult. Traditional encryption of entire databases, files, disks, or devices is inefficient (especially in volume), restricts access to non-sensitive data, and is subject to complete exposure from a single password breach. Many data masking methods are insecure, complex, expensive, or render the protected data unusable for testing.
Moreover, with current methods you may not get:
- support for finding, extracting, classifying, or applying rules to data that meets PII criteria
- an audit trail detailing how you managed risk -- forcing a costly validation exercise
- a separation of encryption and key management (should either be compromised)
- the ability to simultaneously apply multiple protections to multiple data sources
- the ability to combine data protection with other data processing operations
Solutions that provide encryption at the file, database field, and application level provide the highest level of security while allowing authorized individuals ready access to the information. Decentralized encryption and decryption provide higher performance and require less network bandwidth, increase availability by eliminating points of failure, and ensure superior protection by moving data around more frequently but securely.
- Gary Palgon, Enterprise Systems Journal
- discover and classify PII into stored libraries for applying enterprise-wide masking rules
- use the data masking (replace, encrypt, pseudonymize, hash, etc.) function each field requires
- maintain data realism with format-preserving encryption, pseudonymization, referential integrity, etc.
- save time, money, and inconvenience by not protecting non-sensitive data
- strengthen security by applying different functions to different data sources and elements
- improve efficiency by combining data protection with data transformation and reporting
- verify compliance with full, query-ready XML audit logs of the protection jobs
- send compliant data to applications, reports, databases, the cloud, and BI tools
- implement data loss prevention (DLP) programs properly, and without undue complexity
IRI CellShield software does the same for PII in Excel spreadsheets.
IRI ChakraMax software provides for dynamic data masking in conjuction with role-based database activity monitoring and database audit and protection (DAM/DAP) operations.
Listen to The Data Warehouse Institute (TDWI) interview with IRI VP David Friedland.
Understand how IRI's foundational CoSort software provides field-level security during data integration.