Dynamic Data Masking (DDM)


Next Steps

Dynamic Data Masking

Dynamic data masking (DDM) usually works in conjunction with database applications in real time so that unauthorized users do not see actual column values.

Built-in, rule-based DDM in IRI Chakra Max (DB Firewall), or bespoke solutions in IRI FieldShield or IRI Voracity, can support your security objectives in several ways:

Method Operation
On-the-fly Redaction
Set user and query-based data masking rules for full or partial value obfuscation
ODBC Select / Update
Apply protections surgically to any given column value(s) in qualifying row(s)
DB Application(s) 
Use .NET or Java SDK library functions, or system-call job scripts on the fly
In-Situ Encryption, etc.
Call custom, DB-specific FieldShield routines from within SQL procedures*
Input/Output Routines
Drive real-time application data directly to / from FieldShield jobs in memory
Real-time Processing
Hadoop Spark and Storm processing of dynamic input streams in Voracity

On-the-fly, policy-based DDM is provided through Chakra Max which can redact values during queries ... only authorized users receive clear text from the (unchanged) table, while others see masked data. In addition to dynamic data masking, Chakra Max provides database activity monitoring (DAM) and database audit and protection (DAP) for 20 different vendor DBs. Use it to set and enforce access and SQL execution policies, while logging every event to secure, query-ready logs.

Depending on your data flow and system architecture, you can also choose the other methods, which leverage the same FieldShield routines available for static data masking (SDM).

For more information, see:

* Work with IRI professional services to obtain a customized implementation.

Request More Information

Live Chat

* indicates a required field.
IRI does NOT share your information.