Data = Risk
In the post-SOX compliance era, companies and government agencies risk financial liability and damage to their reputations for privacy law violations and data breaches. Consumers, patients, scientists, soldiers, and students expect and need confidentiality. The data putting everyone at risk includes:
- Personally identifiable information (PII) used alone or with other data to identify, contact, or locate someone; e.g. name, address, phone number, or national ID number.
- Protected health information (PHI) in medical records that identifies a health care recipient. US HIPAA regulations require 18 specific identifiers to be effectively de-identified or anonymized.
- Primary account number (PAN)'s in credit card transactions. Payment card industry data security standard (PCI DSS) require card issuers, merchants, and testers to encrypt, tokenize, and so on.
- Other sensitive information, like codes or formulas, that constitute military or trade secrets.
Both national data privacy laws and internal regulations mandate the protection of this data. Compliance is not only required ... it must also be verifiable.
What's Your Approach?
Are you using a home-grown solution, and is it robust and easy to maintain? Is your encryption solution protecting everything ham-handedly with a single point of failure? Or do you use a data masking tool that only covers one data source or has too few functions?
Is data masking tightly integrated into your data management lifecycle and infrastructure? Can you readily modify the jobs, and log them to prove compliance?
IRI FieldShield software protects sensitive data and facilitates privacy law compliance with the broadest array of static data masking (SDM) or dynamic data masking (DDM) functions available for databases and files. If you have PII in Excel spreadsheets, see the companion product, IRI CellShield.
FieldShield uses a familiar GUI, built on Eclipse™, and a simple cross-platform 4GL, to help you:
- Encrypt with our compliant (or your own) libraries
- De-identify via masking characters or obfuscating manipulations
- Pseudonymize, encode, hash, randomize, tokenize
- Filter or redact fields or records based on conditions
FieldShield is also part of IRI's larger data management and protection technology stack. It shares the same metadata and Eclipse GUI with tools like IRI CoSort and IRI NextForm so that you can seamlessly fold data masking into your enterprise information management (EIM) lifecycle.
FieldShield produces XML audit logs you can secure and query to document and verify your protections.
FieldShield can also mask data subsets for testing. However, consider IRI RowGen for generating safe, referentially correct test data from scratch instead, especially if you cannot access production data or need better data.
Protect personal privacy during big data integration, transformation, migration, replication, federation, reporting, and provisioning for BI and analytics.
Use FieldShield -- and optional professional services from IRI or the experts you choose -- to comply with data privacy laws. Secure sensitive data inside and outside the firewall, in reports, and in the cloud.
Role Based Access Controls (RBAC)
Choose the protection function you need for each field. Follow your own business rules regarding: authorization (RBAC), security strength, reversibility, and target field appearance.
Protect similar columns (and preserve referential integrity) across multiple tables with functions you specify or import from a rules library.
Target existing or new tables, files, applications, and even customized reports. Set controls at the field and job level for multiple recipients of the data. This way, even one target can reveal different data to different people.
Data masking is the best way to comply with data privacy laws, nullify the effects of a data breach, and support the risk and controls framework of your enterprise. IRI FieldShield quickly satisfies the protection and verification requirements of your information stewardship, regulatory compliance, and data loss prevention programs, and runs seamlessly with many other data management activities.