Targeted Encryption/Decryption


Next Steps
Overview Algorithms Format Preserving Encryption Hashing Key Management


Encryption is one the best reversible ways to protect personally identifiable information (PII) and other sensitive data. However, most data encryption solutions are untargeted, costly, and/or cumbersome to implement or modify. And beyond application, algorithm, and encryption-key-management decisions, there are considerations like authentication and tokenization, format preservation, and referential integrity.

Standalone, data-centric PII encryption solutions addressing multiple database table and flat file formats (.txt, .csv, .sam, .dat, .xml, ldif, etc.), or  IoT and other data streams, are few and far between. Most of the data masking solutions that can encrypt more than a single database are limited in source scope and functionality, or are very expensive otherwise.

Meanwhile, hardware-based encryption and appliances that protect entire networks, machines, databases, disks, or files are inefficient, and overkill. They restrict access to everything, while only sensitive fields need protecting. And if decryption occurs, everything is exposed at once.


IRI data masking (*shield product) software products in the IRI Voracity platform or IRI Data Protector suite nullify the effect of data breaches by protecting PII at the field level across multiple data sources. IRI FieldShield and the SortCL program in Voracity or IRI CoSort all include 3DES, AES, FIPS-compliant OpenSSL, and GPG encryption/decryption libraries.

Both IRI DarkShield for multiple unstructured and semi-structured data sources, IRI CellShield for Excel share the same encryption functions, data classes and UI for consistent function application and referential integrity as needed.

FieldShield also provides a broad range of other static data masking (SDM) and dynamic data masking (DDM) functions and methods -- and allow your own -- as part of an overall data loss prevention (DLP) strategy.

Consider these benefits of targeted data encryption:

Encrypt only the sensitive data. Leave remaining fields in the table or file alone and otherwise ready for operations.
Field encryption's incremental computing overhead is nominal; no resources are wasted protecting non-sensitive data.
Field-encryption keys and libraries can comply with your role-based access controls framework.
Use IRI's built-in field protection functions along with your own, simultaneously. Customize the mix of data protections based on your data and your business rules.
Apply protections in the same job (and I/O pass) with both data transformation and reporting. This is more efficient, and protects PII in new data sources.
An XML audit trail verifies who protected the data, when, where, and how. Remember, you must be able to prove compliance.
Use the same metadata for IRI RowGen to generate test data if you cannot access the real DB/file source(s).
Profile, remediate, validate, and manage data and jobs together in the same product and Eclipse IDE (IRI Workbench).
Encrypted data are independent of hardware, DBs, and file formats. Fields are secure until decryption.

Learn more about IRI's uniquely powerful field encryption capabilities for data protection and privacy law compliance:

Share this page

Request More Information

Live Chat

* indicates a required field.
IRI does NOT share your information.