Dynamic Data Masking (DDM)

 

Next Steps
Overview Auditing CCPA DLP FERPA GDPR HIPAA PCI DSS DMaaS Static Dynamic

Dynamic Data Masking


Dynamic data masking (DDM) works in conjunction with applications in real time so that unauthorized users do not see plaintext columns or values, while the source data (usually in relational databases) remains unchanged. Compare this to persistent, or Static Data Masking (SDM) which protects data at rest in sources typically used for testing or analytics.

The IRI FieldShield data masking package for relational databases and flat files, the IRI DarkShield package for semi- and unstructured text files, PDF / MS documents, images and NoSQL -- or the IRI Voracity platform which includes them both plus many related features -- deliver DDM functionally in multiple ways:

Method Operation
On-the-fly
Apply static field-level masking functions while mapping; i.e., in the same IRI Voracity ETL, migration, replication, cleansing, and/or reporting jobs, for example.
SQL trigger
Encrypt, mask, etc. in-situ, in real-time, during inserts, update, etc. to specified tables and columns
App calls
Embed IRI FieldShield functions via .NET or Java SDK library calls from applications to encrypt, decrypt, hash or redact. Or use the IRI DarkShield RPC API from within application calls written in Python, Java, etc. for RESTful search and mask operations involving file sources (DBs pending).
Proxy-based
Configure proxy server and use the IRI 'JDBC SQL Trail' driver to intercept and mask DB application queries in transit. This system has been tested with MS SQL Server, Oracle, PostgreSQL, and SAP HANA.
Custom I/O
Flow your own data feeds and formats to / from FieldShield data masking scripts in memory
Stream masking
Spark and Storm processing of dynamic input in Voracity Hadoop edition
Message queue
Redirect, mask and virtualize/federate PII from pipes, URLs, and MQTT/Kafka topics
Web service
REST or RPC API call to a FieldShield or DarkShield agent to mask data in flight

All IRI dynamic encryption and decryption functions, including format-preserving encryption, leverage the same routines used in FieldShield and DarkShield static data masking (SDM) jobs.

In all cases above, you can work with IRI Professional Services to obtain a customized implementation.

Request More Information

Live Chat

* indicates a required field.
IRI does NOT share your information.