Dynamic Data Masking (DDM)


Next Steps
Overview Auditing CCPA DLP FERPA GDPR HIPAA PCI DSS DMaaS Static Dynamic Real-Time Test Data/TDM

Dynamic Data Masking

Dynamic data masking (DDM), or masking in transit, works in conjunction with applications in real time so that unauthorized users do not see plaintext columns or values, while the source data (usually in relational databases) remains unchanged. Compare this to persistent, or Static Data Masking (SDM) which protects data at rest in sources typically used for testing or analytics.

The IRI FieldShield data masking package for relational databases and flat files, the IRI DarkShield package for semi- and unstructured text files, PDF / MS documents, images and NoSQL -- or the IRI Voracity platform which includes them both plus many related features -- deliver DDM functionally in multiple ways:

Method Operation
Apply static field-level masking functions while mapping; e.g., in the same IRI Voracity ETL, migration, replication, cleansing, and/or reporting job, or incrementally in real-time when RDB source row data changes using IRI Ripcurrent.
SQL trigger
Encrypt, mask, etc. in-situ, in real-time, during inserts, updates, etc. to specified tables and columns using a stored procedure and an IRI library
API or Web Services Call
Embed IRI FieldShield functions via .NET or Java SDK library calls from applications to encrypt, decrypt, hash or redact. Or use the IRI DarkShield RPC API via web services / application calls written in Python, Java, etc. for RESTful search and mask operations.
Proxy-based, In-Flight
Configure proxy server and use the IRI 'JDBC SQL Trail' driver to intercept and mask DB application queries in transit for MS SQL Server, Oracle, PostgreSQL, or SAP HANA
Custom I/O
Flow your own data feeds and formats to / from FieldShield data masking scripts in memory
Stream Masking
Spark and Storm processing of dynamic input in Voracity Hadoop edition
Message Queues
Redirect, mask and virtualize/federate PII from pipes, URLs, and MQTT or Kafka topics

All IRI dynamic encryption and decryption functions, including format-preserving encryption, leverage the same routines used in FieldShield and DarkShield static data masking (SDM) jobs.

In all cases above, you can work with IRI Professional Services to obtain a customized implementation.

Share this page

Request More Information

Live Chat

* indicates a required field.
IRI does NOT share your information.