IRI FieldShield is a robust, startpoint data security and privacy law compliance package that finds, classifies, and shields personally identifiable information (PII) in multiple database tables and file formats with one or more data masking functions. FieldShield is also a deterministic, content-aware data loss prevention tool because it lets you apply the specific protections you need to only those columns that need protecting, and scores the risk of re-identification from quasi-identifiers.
Click on the technical attributes of FieldShield below to learn more:
According to Gartner's data masking analysts, only about half of enterprises with sensitive data at rest know where it is. Included cross-platform DB and file profiling tools in FieldShield find, classify, and diagram PII based on pattern, value-lookup, and fuzzy search matches.
FieldShield users can apply the same or different functions to any number of columns, in any number of sources, simultaneously. FieldShield delivers data-centric protection in 12 different functional categories:
- multiple, NSA B and FIPS-compliant encryption (and decryption) algorithms, including format-perserving encryption
- SHA-1 and SHA-2 hashing
- ASCII de-ID (bit scrambling)
- binary encoding
- data blurring and generalization (anonymization)
- redaction (string masking)
- reversible and non-reversible pseudonymization
- expression (calculation / shuffle) logic
- conditional / partial filtering (omission)
- custom value replacement and type/format conversion
- byte shifting and sub-string functions
- tokenization (for PCI)
The shield you choose for each field depends on your need for security, reversibility, appearance, and speed. In addition to the built-in functions, you can also write and call your own field functions at runtime.
Whether built-in or custom, you can apply protections conditionally to specific rows or columns, across tables using protection rules that you can select/define, store, and re-use.
Precision & Security
Field-level protections are safer because even if there is a breach based on access to a given column decryption key, the other columns may still have their own protection applied. Contrast that to a single password opening access to everything in the database, table, file, or volume.
FieldShield also uses state-of-the-art encryption algorithms that are difficult to crack. You can strengthen encryption with random tokenization, hashing, and secure, changing encryption keys. FieldShield's data obfuscation techniques can also forever (irreversibly) redact original values. A non-reversible method like data masking or filtering removes any computational basis for deriving the original value.
Field-level protection is inherently efficient; i.e., you apply protections surgically to selected rows and columns rather than in bulk. Where the data are large, FieldShield uses the advanced data movement algorithms and resource exploitation techniques for which its parent IRI CoSort (big data transformation and reporting) product is famous.
You can also combine FieldShield with IRI FACT (Fast Extract) to unload very large database (VLDB) tables into flat files for faster protection operations. If you use the parent CoSort SortCL program, you can run the same protections during data transformation, cleansing, mapping, and pre-load sorting jobs that feed BI and DB targets.
FieldShield's static data masking jobs are defined in simple, self-documenting 4GL job scripts that developers can use and share (securely, even in the cloud) which clearly identify source field layouts and target field protections and formats. These scripts are portable and available to both developers and end-users who need to protect or reveal protected data. Language learning however, is not required.
In the free IRI Workbench GUI, built on Eclipse™, FieldShield users have graphical access to:
- automated source data discovery and metadata definition
- single- and multi-source protection job creation wizards
- re-ID risk scoring wizard for HIPAA Expert Determination
- master data definition and protection
- cross-table semantic (pattern matching) protection rule application
- project management (teaming) and version control
- encryption key management
- XML job audit logs for verifying privacy law compliance
FieldShield can also be used for dynamic data masking. Real time security is possible through SQL SELECT and UPDATE logic, or via FieldShield routines called into your application. Contact IRI for FieldShield's .NET or Java software development kit (SDK) if you need in-app encryption, etc.
Ease of Use
FieldShield's Eclipse GUI and self-documenting 4GL metadata and job syntax are easy to learn, use, and run -- alone or combination. The IRI Workbench GUI is a free option that supports, and seamlessly interacts with, FieldShield job design and management.
While database column encryption is usually functionally limited, platform-specific, and cumbersome to implement, FieldShield's new job creation wizards hold your hand through the definition of source metadata, and the choice and application of field-specific protections for every target. Database connectivity and browsing, data profiling and metadata definition, and local and remote execution, are all simplified in the GUI.
Job modification is especially easy in FieldShield because its simple text scripts are easy to access and edit anywhere. You can run FieldShield jobs from the GUI, on the command line, in batch, or from within your applications.
FieldShield's users enjoy immediate metadata links, job scripting compatibility, and graphical integration with the re-ID risk scoring, data transformation (integration and staging), test data generation, reporting, and advanced BI functionality in the IRI Workbench GUI for Voracity, IRI's total data management platform. Upgrading to Voracity and its default, FieldShield-compatible SortCL program allows you to add data masking to the same job script and I/O pass with multiple data manipulations.
FieldShield and other IRI tools' data definition file (.ddf) metadata is also supported by AnalytiX DS Mapping Manager and the Meta Integration Model Bridge (MIMB). These tools convert metadata already defined in third-party BI, CRM, DB, ETL, and data modeling tools into FieldShield DDF ... making it easier for you to protect data in your current environment.