Field Encryption/Decryption

 

Next Steps
Overview Algorithms Format Preserving Encryption Hashing Key Management

Challenges


Encryption is one the best ways to protect personally identifiable information (PII) and other sensitive data. However, it can be untargeted, costly, and cumbersome to implement or modify. And beyond application, algorithm, and encryption-key-management decisions, there are considerations like authentication and tokenization, format preservation, and referential integrity.

Standalone, data-centric PII encryption solutions addressing multiple database table and flat file formats (.txt, .csv, .sam, .dat, .xml, ldif, etc.), as well as IoT  and other data streams, are few and far between. Most of the data masking solutions that can encrypt more than a single database are limited in source scope and functionality, or are very expensive otherwise.

Meanwhile, hardware-based encryption and appliances that protect entire networks, machines, databases, disks, or files are inefficient, and overkill. They restrict access to everything, while only sensitive fields need protecting. And if decryption occurs, everything is exposed at once.

Solutions


Software products in both the IRI Voracity platform and IRI Data Protector suite nullify the effect of data breaches by protecting PII at the field level across multiple data sources. IRI FieldShield and the SortCL program in Voracity or IRI CoSort all include 3DES, AES, FIPS-compliant OpenSSL, and GPG encryption/decryption libraries. IRI CellShield for Excel includes several compatible ones as well.

They also provide a broad range of other static data masking (SDM) and dynamic data masking (DDM) functions and methods -- and allow your own -- as part of an overall data loss prevention (DLP) strategy.

Consider these benefits:

Flexibility Efficiency Security
Encrypt only the sensitive data. Leave remaining fields in the table or file alone and otherwise ready for operations.
Field encryption's incremental computing overhead is nominal; no resources are wasted protecting non-sensitive data.
Field-encryption keys and libraries can comply with your role-based access controls framework.
Use IRI's built-in field protection functions along with your own, simultaneously. Customize the mix of data protections based on the data and your business rules.
Apply protections in the same job (and I/O pass) with both data transformation and reporting. This is more efficient, and protects PII in new data sources.
An XML audit trail verifies who protected the data, when, where, and how. Remember, you must be able to prove compliance.
Use the same metadata for IRI RowGen to generate test data if you cannot access the real DB/file source(s).
Profile, remediate, validate, and manage data and jobs together in the same product and Eclipse IDE (IRI Workbench).
Encrypted data are independent of hardware, DBs, and file formats. Fields are secure until decryption.


Learn more about IRI's uniquely powerful field encryption capabilities for data protection and privacy law compliance:

Request More Information

Live Chat

* indicates a required field.
IRI does NOT share your information.