Why FieldShield Is Better


Next Steps
FieldShield Overview Features Technical Details GUI Platforms & Pricing Why It's Better Resources

Why is IRI FieldShield the best choice for protecting personally identifiable information (PII), privacy law compliance, and content-aware data loss prevention? Click through these nine reasons for the detail, and peruse the other pages in this section to learn more.



Only FieldShield includes multiple data source profiling tools to help you discover and classify PII in flat files, databases, and dark data repositories.

Only FieldShield protects sensitive data, both at rest or in transit, in 13 different ways to meet every business rule and data-centric condition. You can mask multiple database and file sources separately or in combination (e.g., ETL environments).

Protection jobs can run through an executable or SDK (.NET and Java), via free Eclipse™ GUI, the command line, batch scripts, DB applications, SQL procedures, or any program making a system or API call.


FieldShield's need-based, field-level protections happen faster than full database or device-centric encryption, especially in real-time. They also consume less CPU and I/O. They can even run on a conditional basis, tied to new or specific rows, ranges of values, or discrete values.

FieldShield uses the big data movement engines of IRI CoSort, FieldShield's parent product. So if performance in volume is a concern, FieldShield is the only choice.


FieldShield allows you to specify data protections on a conditional basis using either SQL SELECT syntax or /INCLUDE-OMIT logic in your jobs, so that you can target protection function based on a pattern, value, or range in a specific column or string.

Choose a protection for each field from any of the 13 functional categories, or your saved rules, based on your business rules. Consider a health insurance claim table with 19 columns, 3 of which have PHI: pseudonymize the name, mask the SSN, encrypt the medical billing code, and leave the remaining data alone.

FieldShield masking functionality also seamlessly extends into various test data scenarios in IRI Workbench, including the application of masking functions in the database subsetting wizard, ETL operations, direct population of referentially correct tables in lower non-production environments, or the virtualization of test data for immediate DevOps needs.


Most encryption solutions have one method or key, and cover an entire data source or device. If compromised, everything is exposed. With FieldShield, other fields are still protected even if one is breached. Multiple encryption functions and keys for different fields and different recipients also help.

Several non-reversible data masking and obfuscation functions, as well as simple field removal, also enhance security.

FieldShield jobs, data definitions, audit files, and related assets can be secured through a free, distributed metadata management hub

Security of the masked data is also enhanced through FieldShield's included risk measurement capabilities. Research and marketing data sets with masked identifiers can still have quasi-identifiers unmasked. FieldShield score re-identification risk and further generalize the data to preserve its utility while reducing the ability of attackers to expose individuals in the data set.


FieldShield can produce a single secured output for multiple recipients, with selective authorization to reveal the plaintext controlled by managed en(de)-cryption keys. This reduces protection time, storage, and the complexity (synchronization problem) of managing disparate versions of the output.

FieldShield can also produce multiple outputs for distributed anonymization scenarios. Either way, however, by specifying all the protections in one FieldShield program, there is only one job to create, manage, and audit.

You can easily apply a common protection rule to multiple tables at once (without Java), and re-use that rule in other data protection, etc. jobs. This GUI-supported feature saves design time, automates rule application, and preserves referential integrity.

Compliance team members can unify and control their data and FieldShield metadata assets in the cloud with a free metadata management hub (e.g., EGit).


FieldShield uses self-documenting 4GL scripts to define the layouts and protections of table columns and file fields. And with the IRI Workbench GUI, built on Eclipse™, even the simple syntax need not be learned or hand-coded. Scripts interact with the syntax-aware editor and graphical outline in Eclipse as well as parameter modification dialogs and transform mapping diagrams.

User-friendly data discovery and job definition wizards also help you design and build those scripts automatically. Data and job specs are easy to modify in the GUI or any text editor ... something else other data masking tools don't offer.


FieldShield runs on all Unix, Linux, and Windows platforms, and operates on all ODBC-connected database tables, and the sequential file formats common to most applications and mainframes, including files with header and footer records.

FieldShield also uses the same metadata and Eclipse GUI (IRI Workbench) as:

  • IRI DarkShield for finding and masking PII in unstructured files
  • IRI CellShield EE for finding and masking PII in Excel spreadsheets
  • IRI CoSort for data transformation and reporting
  • IRI RowGen for realistic test data generation
  • IRI NextForm for database, file, and data conversion
  • IRI FACT (Fast Extract) for unloading very large databases
  • IRI Voracity for total data management; i.e., discovery, integration, migration, governance, and analytics

Some of the same masking functions in FieldShield are also plug-compatible with IRI CellShield for masking PII in Excel spreadsheets and IRI DarkShield for unstructured files.

FieldShield data definition files work with all IRI products, and are compatible with Erwin (ex-AnalytiX DS) Mapping Manager and the Meta Integration Model Bridge (MIMB). Their .ddf support means you can quickly leverage the existing metadata in your ETL, BI, and modeling tools for FieldShield and other IRI software.


FieldShield creates data mapping diagrams and queryable XML job logs to verify the steps you took to comply with data privacy regulations. The logs contain the runtime and application environment that auditors need. The logs can be public or private (e.g., via free EGit asset security), and populate SIEM tools like Splunk through add ons like this.

FieldShield can also score the risk of re-identification based on the distinction and separation values it finds in your data's indirect, or quasi-identifiers, and produces graphs and reports to help you further generalize those values and comply with FERPA and HIPAA's Expert Determination Rule.


FieldShield as a standalone product is licensed for perpetual use in the low five figures, and is discounted in volume and distributed runtime integration scenarios. IRI is a stable, US-based company (since 1978) not weighed down by external shareholders or big marketing expenses.

Customers appreciate these savings, or the free use of FieldShield capabilities inside the larger Voracity data management platform.

Request More Information

Live Chat

* indicates a required field.
IRI does NOT share your information.