This article describes a dynamic data masking (DDM) method available to IRI FieldShield premium sites that uses a proxy-based system for intercepting application queries to JDBC-connected databases.
In the previous article, we discussed how IRI DarkShield finds sensitive information using Data Class Search Matchers and masks it consistently using Data Rules.
IRI DarkShield is a data masking tool for finding and de-identifying Personally Identifiable Information (PII) and other sensitive data in semi-structured and unstructured files and databases.
Elasticsearch is a Java-based search engine that has an HTTP interface and stores its data in schema-free JSON documents. Unfortunately, a spate of costly and painful breaches of Personally Identifiable Information (PII) continue to plague online Elasticsearch databases:
Were all the PII or other sensitive information in these DBs masked however, successful hacks and development copies may not be problematic.
Whether your SQL Server database is on-premise or in a cloud platform like Azure, its data is accessible for movement and manipulation in IRI Workbench-supported products like CoSort, FieldShield, DarkShield, NextForm and RowGen, or the IRI Voracity platform which includes them all.
Previous articles in the IRI blog detailed the static data masking of new database data using /INCLUDE logic or /QUERY syntax in scheduled IRI FieldShield job scripts that required changes in column values to detect updates.
Once they have made their database connections, IRI FieldShield and IRI DarkShield users both have a wide range of options for classifying, finding, and de-identifying sensitive data across one or more schemas.
Personally Identifiable Information (PII) like names, Social Security numbers, home addresses, etc. are stored in multiple sources and silos, including semi-structured files in JSON and XML format.
Just as IRI FieldShield product users can reach and mask personally identifiable information (PII) — and IRI Voracity platform users can integrate and govern structured files — in Amazon Simple Storage Service (Amazon S3) buckets, IRI DarkShield users can now find and mask PII in unstructured files stored in S3.
This is the second of a two-part blog series detailing data class validation in IRI Workbench. The first article, here, provided an overview of the validation scripts and how to use them in a data discovery or classification job.
In a previous article, we detailed a method for securing the encryption keys (passphrases) used in IRI FieldShield data masking jobs through the Azure Key Vault.
