Dynamic Data Masking
Dynamic data masking (DDM), or data masking in transit, masks data only at the display level in applications connected to a database or file (where it remains unchanged). A DDM solution will prevent unauthorized users from seeing the original plaintext values in columns.
Compare this to real-time data masking which changes source data values in a single RDB via SQL trigger, or masks values moving from source to target when source values change. Dynamic data masking is also different from Static Data Masking (SDM) which protects data at rest -- either in sources typically used in high security production environments or in lower environments where data is anonymized for development, testing, or analytics.
The best data masking tools enable all three modes of operation, and provide multiple options to satisfy multiple use cases.
The IRI FieldShield data masking package for relational databases and flat files, the IRI DarkShield package for semi- and unstructured text files, PDF / MS documents, images and NoSQL -- or the IRI Voracity platform which includes them both plus many related features -- can provide you with dynamic data masking and protection functionally in multiple ways:
Method | Operation |
---|---|
API or Web Services Call |
|
Proxy-based, In-Flight |
Configure a proxy server and use the IRI 'JDBC SQL Trail' driver to intercept and mask DB application queries in transit for MS SQL Server, Oracle, PostgreSQL, or SAP HANA. This approach requires no change to any application code because it acts as a middleware itself. This method also provides protection through database log auditing. |
Custom I/O |
Flow your own data feeds and formats to / from FieldShield data masking scripts in memory using input or output procedures writen in C. You can specify your own access and authorization logic into the procedure while levearging all the other capabilitiers FieldShield offers, including data classification, discovery, multiple masking functions, re-ID risk scoring, quasi-identifying data aonymization, and audit reports. |
Message Queues |
Redirect, mask and virtualize/federate PII from pipes, URLs, and MQTT or Kafka topics; i.e., mask data for recpients in flight, as it streams in from a dynamic source. |
Whichever dynamic data masking tool or option you choose above, you can work with IRI Professional Services to obtain a customized implementation for your use case.
For more details, please submit an information request using the form below. See also: