Your organization manages personally identifiable information (PII). Your data governance efforts must prevent the kinds of data disasters posted at the Privacy Rights Clearinghouse. You must comply with industry and government data privacy rules.
Since you cannot eliminate PII, you have to discover it, protect it, and verify that you protected it. Then you have to continue monitoring and addressing data risks going forward.
At protection time, technology choices are difficult. Traditional encryption of entire databases, files, disks, or devices is inefficient (especially in volume), restricts access to non-sensitive data, and is subject to complete exposure from a single password breach. Many data masking methods are insecure, complex, expensive, or render the protected data unusable for testing.
Moreover, with current methods you may not get:
- support for finding, extracting, classifying, or applying rules to data that meets PII criteria
- an audit trail detailing how you managed risk -- forcing a costly validation exercise
- a separation of encryption and key management (should either be compromised)
- the ability to simultaneously apply multiple protections to multiple data sources
- the ability to combine data protection with other data processing operations
Solutions that provide encryption at the file, database field, and application level provide the highest level of security while allowing authorized individuals ready access to the information. Decentralized encryption and decryption provide higher performance and require less network bandwidth, increase availability by eliminating points of failure, and ensure superior protection by moving data around more frequently but securely.
- Gary Palgon, Enterprise Systems Journal
IRI FieldShield software, as well as the SortCL program in the IRI CoSort package and IRI Voracity platform, support field-level data masking functions for data at rest in tables and files. They protect PII, and:
- find and classify PII so global masking rules can be applied
- use the data masking (replace, encrypt, pseudonymize, hash, etc.) function each field requires
- maintain data realism with format-preserving encryption, pseudonymization, referential integrity, etc.
- save time, money, and inconvenience by not masking non-sensitive data
- strengthen security by applying different functions to different data sources and elements
- improve efficiency by combining data protection with data transformation and reporting
- verify compliance with full, query-ready XML audit logs of the protection jobs
- send compliant data to applications, reports, databases, the cloud, and BI tools
- implement data loss prevention (DLP) programs properly, and without undue complexity
IRI Chakra Max software performs policy-driven dynamic data masking in the context of a role-based database activity monitoring and database audit and protection (DAM/DAP) platform; i.e., a database firewall (DBF).