Targeted Encryption/Decryption

 

Next Steps
Home » Solutions » Data Masking » Static Data Masking » Encrypt » Overview

Quick Links

+
Overview Algorithms Format Preserving Encryption Hashing Key Management

Challenges


Encryption is one the best reversible ways to protect personally identifiable information (PII) and other sensitive data. However, most data encryption solutions are untargeted, costly, and/or cumbersome to implement or modify. And beyond application, algorithm, and encryption-key-management decisions, there are considerations like authentication and tokenization, format preservation, and referential integrity.

Standalone, data-centric PII encryption solutions addressing multiple database table and flat file formats (.txt, .csv, .sam, .dat, .xml, ldif, etc.), or  IoT and other data streams, are few and far between. Most of the data masking solutions that can encrypt more than a single database are limited in source scope and functionality, or are very expensive otherwise.

Meanwhile, hardware-based encryption and appliances that protect entire networks, machines, databases, disks, or files are inefficient, and overkill. They restrict access to everything, while only sensitive fields need protecting. And if decryption occurs, everything is exposed at once.

Solutions


IRI data masking (*shield product) software products in the IRI Voracity platform or IRI Data Protector suite nullify the effect of data breaches by protecting PII at the field level across multiple data sources. IRI FieldShield and the SortCL program in Voracity or IRI CoSort all include 3DES, AES, FIPS-compliant OpenSSL, and GPG encryption/decryption libraries.

Both IRI DarkShield for multiple unstructured and semi-structured data sources, IRI CellShield for Excel share the same encryption functions, data classes and UI for consistent function application and referential integrity as needed.

FieldShield also provides a broad range of other static data masking (SDM) and dynamic data masking (DDM) functions and methods -- and allow your own -- as part of an overall data loss prevention (DLP) strategy.

Consider these benefits of targeted data encryption:

Feature
Flexibility
Efficiency
Security
Granularity
Encrypt only the sensitive data. Leave remaining fields in the table or file alone and otherwise ready for operations.
Field encryption's incremental computing overhead is nominal; no resources are wasted protecting non-sensitive data.
Field-encryption keys and libraries can comply with your role-based access controls framework.
Choice
Use IRI's built-in field protection functions along with your own, simultaneously. Customize the mix of data protections based on your data and your business rules.
Apply protections in the same job (and I/O pass) with both data transformation and reporting. This is more efficient, and protects PII in new data sources.
An XML audit trail verifies who protected the data, when, where, and how. Remember, you must be able to prove compliance.
Interoperability
Use the same metadata for IRI RowGen to generate test data if you cannot access the real DB/file source(s).
Profile, remediate, validate, and manage data and jobs together in the same product and Eclipse IDE (IRI Workbench).
Encrypted data are independent of hardware, DBs, and file formats. Fields are secure until decryption.


Learn more about IRI's uniquely powerful field encryption capabilities for data protection and privacy law compliance:

 

Frequently Asked Questions (FAQs)

1. What is targeted encryption in data masking?
Targeted encryption refers to the selective encryption of only sensitive fields—such as PII—instead of encrypting entire databases, files, or systems. This approach enhances efficiency and maintains usability while still protecting confidential information.
2. How does field-level encryption help with data privacy compliance?
Field-level encryption allows organizations to protect sensitive information at the column or field level, satisfying legal requirements in regulations like HIPAA, PCI DSS, and GDPR without impacting entire data sets or workflows.
3. What encryption algorithms does IRI support?
IRI FieldShield, DarkShield, CellShield, and Voracity tools support 3DES, AES, FIPS-compliant OpenSSL, and GPG libraries. These libraries meet security and compliance standards and support both reversible (encryption) and irreversible (hashing) methods.
4. How is encryption in IRI tools different from hardware or full-disk encryption?
Unlike hardware-based or full-disk encryption, IRI software encrypts only the necessary fields. This targeted method reduces processing overhead, avoids unnecessary exposure, and ensures only relevant data is protected and accessible based on user roles.
5. Can I use IRI encryption across different data sources?
Yes, IRI encryption can be applied across flat files, relational databases, Excel sheets, unstructured documents, and IoT or streaming data. It supports multiple file formats including .txt, .csv, .xml, and more.
6. What is format-preserving encryption (FPE), and does IRI support it?
Format-preserving encryption keeps the original data format intact after encryption (e.g., preserving a 16-digit credit card format). IRI FieldShield supports FPE to maintain compatibility with existing systems while still protecting the data.
7. How do IRI tools maintain referential integrity after encryption?
IRI tools use consistent encryption functions and data classes to ensure that encrypted values remain linkable across tables and files when needed, maintaining the logical relationships between data sets.
8. Can I use custom encryption functions with IRI software?
Yes, IRI tools support user-defined functions alongside built-in libraries, allowing you to customize encryption methods to match internal policies or use cases.
9. How is encrypted data tracked for audit and compliance?
IRI solutions generate XML audit logs automatically. These logs show who performed the encryption, when, where, and how—supporting data governance and compliance reporting.
10. What other data protection features come with IRI FieldShield?
In addition to encryption, FieldShield supports other static and dynamic data masking functions like redaction, pseudonymization, tokenization, hashing, and more—all customizable and auditable within the same framework.
Share this page

Request More Information

Live Chat

* indicates a required field.
IRI does NOT share your information.

Follow us on

Solutions
Products
Customers
Services
Company
Support
News
Partners

Copyright © 2025 Innovative Routines International (IRI), Inc.

Live Chat More Info Newsletter
Live Demo Free Trial Get Quote

Get the IRI Newsletter

See Previous Newsletters