Static Data Masking
Static data masking (SDM) is the primary method of protecting specific data elements at rest. These "elements" are typically database column or flat-file field values that are considered sensitive. These fields may contain personally identifiable information (PII), protected health information (PHI), trade secrets, or other sensitive values.
The "startpoint" data-centric security product IRI FieldShield -- or the IRI CoSort product and IRI Voracity platform that include the same capabilities -- provide more data discovery and SDM functions for more data sources than any other data masking tool. Available per-field/column functions include:
- multiple, NSA Suite B and FIPS-compliant encryption (and decryption) algorithms, including format-preserving encryption
- SHA-1 and SHA-2 hashing
- ASCII de-ID
- binary encoding
- redaction (string masking)
- reversible and non-reversible pseudonymization
- expression (calculation / shuffle) logic
- conditional / partial filtering (omission)
- custom value replacement
- byte shifting and sub-string functions
- tokenization (for PCI)
You can also "roll your own" external data masking function. This allows you to call a custom field protection at runtime instead of a built-in function
Whether built-in or custom, you can apply functions conditionally to specific rows or columns, and across tables through protection rules you can define, store, and re-use. It is also possible to apply these functions in a dynamic data masking (DDM) context.
Create, run, and manage your data masking jobs in a free state-of-the-art GUI, built on Eclipse.™ Or, use the same, simple, self-documenting 4GL metadata defining your data layouts and protections in a command line environment.
If you have sensitive data in Excel, check out IRI CellShield.
Did you know?
IRI FieldShield is a purpose-built data masking product spun off IRI CoSort, and is also part of the IRI Data Protector Suite and IRI Voracity total data management platform.
Voracity can perform FieldShield functions along with: data discovery, integration, migration, governance, and analytics. For example, you can encrypt and sort data for safe bulk loads into a database, or build a delta report or ETL job that de-identifies fields.