Static Data Masking
Static data masking (SDM) is the primary method of protecting specific data elements at rest. These "elements" are typically database column or flat-file field values that are considered sensitive. These fields may contain personally identifiable information (PII), protected health information (PHI), or other sensitive, secret data.
The data-centric security product IRI FieldShield -- and its IRI CoSort product and IRI Voracity platform that include FieldShield capabilities -- deliver more data discovery and SDM functions for more data sources than any other data masking tool. Available per-field/column functions include:
- multiple, NSA Suite B and FIPS-compliant encryption (and decryption) algorithms, including format-preserving encryption
- SHA-1 and SHA-2 hashing
- ASCII de-ID
- binary encoding
- redaction (string masking)
- reversible and non-reversible pseudonymization
- custom expression (calculation / shuffle) logic
- conditional / partial filtering (omission)
- data type and file-format conversion
- byte shifting and sub-string functions
- tokenization (for PCI)
You can also "roll your own" external data masking function. This allows you to call a custom field protection at runtime instead of a built-in function
Whether built-in or custom, you can apply functions conditionally to specific rows or columns, and across tables through protection rules you can define, store, and re-use. It is also possible to apply these functions in a dynamic data masking (DDM) context.
Both FieldShield and Cosort use the same, simple, self-documenting and portable 4GL metadata to define the layouts and protection of the columns in your database tables and flat files. Job creation, execution, and metadata management for both products are also supported in the same free GUI, built on Eclipse™.
Did you know?
IRI FieldShield is a purpose-built data masking product spun off IRI CoSort, and part of both the IRI Data Protector Suite and IRI Voracity total data management platform.
Voracity can perform FieldShield functions along with: data discovery, integration, migration, governance, and analytics. Simultaneously encrypt and sort data for safe bulk loads into a database, or build a delta report or ETL job that de-identifies fields.