Data = Risk
In the post-SOX compliance era, companies and government agencies risk financial liability and brand damage from privacy law violations and data breaches. Consumers, patients, scientists, soldiers, and students need and demand confidentiality. The data at risk includes:
Used alone or with other data to identify, contact, or locate someone. Examples include name, address, phone number, and national ID number. Government regulations like SSAE16 SOC2 and the GDPR, which took effect on 25 May 2018, require that all PII is protected.
In medical records, PHI identifies a health care recipient. US HIPAA regulations require that 18 "key" identifiers be effectively de-identified or anonymized.
These are identifying numbers used in credit card transactions. The Payment Card Industry Data Security Standard (PCI DSS) requires card issuers, merchants, and testers to encrypt, tokenize, and otherwise protect this information.
Information like codes and formulas that constitute trade or military secrets needs to be protected. You cannot afford to have this critical data lost in a data breach.
Both national data privacy laws and internal regulations mandate the protection of this data so it cannot be re-identified. Compliance is not only required ... it must also be verifiable in ways that prove that an attacker cannot unmask the data or re-identify an individual (unless reversal through decryption, for example, was intended).
What's Your Approach?
Are you using a home-grown solution, and is it robust and easy to maintain? Is your encryption solution protecting everything ham-handedly with a single point of failure? Or do you use a data masking tool that only covers one data source or offers too few functions?
Is data masking tightly integrated into your data management lifecycle and infrastructure? Can you mask data while manipulating or reporting on it, easily modify those jobs, risk-score, and log them to prove compliance?
The Solutions
Address these and related challenges with proven software like IRI FieldShield for static data masking, the IRI Chakra Max DB firewall for dynamic data masking, or the IRI Voracity total data management platform.[1]
All of IRI's "startpoint security" products include cost-effective PII discovery, classification, de-identification, and auditing. They leverage the same, free Eclipse GUI to connect and apply a wide array of targeted, field-level protection functions to a multiple data sources. Learn more about how you can do things like:
- Identify and classify sensitive data
- Encrypt with built-in, compliant (or your own) libraries
- De-identify or otherwise obfuscate via manipulation
- Pseudonymize, encode, hash, randomize, or tokenize
- Redact or remove fields or records based on conditions
Each IRI data masking solution also produces audit logs that you can secure and query to document and verify compliance with data privacy laws.
If you need safe test data, masking production data is one way to go. But in Voracity, you can also subset and mask database tables, or use its built-in IRI RowGen functions to generate safe, referentially correct test data for multiple targets from scratch!
Which Data Masking Tool Should I Use?
IRI Voracity | The one-stop big data discovery, integration, migration, governance and analytics platform that includes data classification, masking and testing along with multiple data-driven operations in and beyond Hadoop. GO
IRI FieldShield | Identify, classify, and mask PII across legacy files, relational and NoSQL databases, cloud apps, etc. with AES-256 FPE, hashing, redaction, pseudonymization, tokenization, etc. GO
IRI CellShield EE | Find, report on, mask, and audit PII in one or more Excel spreadsheets at once. GO
IRI DarkShield | Discover, deliver, and delete sensitive information in unstructured text files, PDFs, and more. GO
IRI Chakra Max | Highest performing DB firewall for DAM/DAP operations that includes policy-driven dynamic data masking for 20 enterprise RDBs. GO
IRI RowGen | Robust test data generation safely prototyping DB/ETL operations, faking PII, and stress-testing new applications. GOWhich Data Masking Function Should I Use?
Role Based Access Controls (RBAC)
Choose a masking function each field based on your our own business rules regarding: authorization (RBAC), security strength, reversibility, and appearance. See this advice.
Define static or dynamic data masking jobs and rules based on who can see which columns. Keep original data unchanged and preserve referential integrity.
Mask PII in files and reports, too. Set field or job level controls for different recipients.
Bottom Line
Data masking is the best way to comply with data privacy laws, nullify the effects of a data breach, and support the risk and controls framework of your enterprise.
Satisfy the PII identification, protection and verification requirements of information stewardship, regulatory compliance, and data loss prevention programs.
Perform data masking standalone, or directly within BI, DB, ETL and other operations (via IRI Voracity).
[1] Use IRI FieldShield as a standalone product, or within the IRI Voracity platform for data discovery, integration, migration, governance, and analytics. FieldShield data and job definitions also share the same metadata syntax and Eclipse GUI with other Voracity component products (IRI CoSort, IRI NextForm, and IRI RowGen) to further facilitate integration of data masking into the enterprise information management (EIM) lifecycle.