Compliant Data Masking


Next Steps
Overview DLP GDPR HIPAA PCI DSS DMaaS SDM DDM De-Identification

Data = Risk

data masking facts and risks of not protecting data

In the post-SOX compliance era, companies and government agencies risk financial liability and damage to their reputations for privacy law violations and data breaches. Consumers, patients, scientists, soldiers, and students expect and need confidentiality. The data putting everyone at risk includes:

  • Personally identifiable information (PII) used alone or with other data to identify, contact, or locate someone; e.g. name, address, phone number, or national ID number. For example, SSAE16 SOC2 and the GDPR taking effect 25 May 2018, require that all PII is protected.
  • Protected health information (PHI) in medical records that identifies a health care recipient. US HIPAA regulations require that 18 "key" identifiers be effectively de-identified or anonymized.
  • Primary account number (PAN)'s in credit card transactions. Payment card industry data security standard (PCI DSS) require card issuers, merchants, and testers to encrypt, tokenize, and so on.
  • Other sensitive information, like codes or formulas, that constitute military or trade secrets.

Both national data privacy laws and internal regulations mandate the protection of this data. Compliance is not only required ... it must also be verifiable.

What's Your Approach?

Are you using a home-grown solution, and is it robust and easy to maintain? Is your encryption solution protecting everything ham-handedly with a single point of failure? Or do you use a data masking tool that only covers one data source or has too few functions?

Is data masking tightly integrated into your data management lifecycle and infrastructure? Can you readily modify the jobs, and log them to prove compliance?

The Solutions

IRI FieldShield software or IRI Data Masking as a Service (DMaas) can discover, classify, and protect sensitive data and facilitate privacy law compliance with the broadest array of static data masking (SDM) or dynamic data masking (DDM) functions available for databases and files. If you have PII in Excel spreadsheets, see our companion product, IRI CellShield. And, if you need robust firewall seucrity for your databases -- one that includes DDM along with low-impact, high-performance DAM/DAP capabilities in heavy SQL traffic enviornments -- check out IRI Chakra Max.

FieldShield is a standalone package, a constituent product of the IRI Data Protector Suite, and an included component of the IRI Voracity platform for data discovery, integration, migration, governance, and analytics. FieldShield also shares the same metadata and Eclipse GUI with Voracity, IRI CoSort, IRI NextForm, and IRI RowGen so you can seamlessly fold data masking into your enterprise information management (EIM) lifecycle.

FieldShield uses a familiar GUI, built on Eclipse™, and a simple cross-platform 4GL, to help you:

FieldShield produces XML audit logs you can secure and query to document and verify your protections and compliance with data privacy laws.

FieldShield can also mask data subsets for testing. However, consider IRI RowGen for generating safe, referentially correct test data from scratch instead, especially if you cannot access production data or need better data.

Protect personal privacy during big data integration, transformation, migration, replication, federation, reporting, and provisioning for BI and analytics.

Use FieldShield -- and/or data masking services from IRI -- to mask PII in comliance with data privacy laws. Secure data inside and outside the firewall, in reports, Hadoop, etc.

Role Based Access Controls (RBAC)

Choose the protection function you need for each field. Follow your own business rules regarding: authorization (RBAC), security strength, reversibility, and appearance.

Protect like columns (and preserve referential integrity) across tables with functions tied to data class or rule libraries.

Target existing or new tables, files, applications, and even custom reports. Set controls at the field and job level for multiple recipients (one target, differential access).

IRI solutions for data masking problems

Bottom Line

Data masking is the best way to comply with data privacy laws, nullify the effects of a data breach, and support the risk and controls framework of your enterprise.

IRI FieldShield quickly satisfies the data identification, protection and verification requirements of your information stewardship, regulatory compliance, and data loss prevention programs. You can run FieldShield functions standalone or embedded in ETL and (dynamic data masking) applications.

Request More Information

Live Chat

* indicates a required field.
IRI does NOT share your information.