Compliant Data Masking



Find and Protect PII Everywhere

Data = Risk


In the post-SOX compliance era, companies and government agencies risk financial liability and brand damage from privacy law violations and data breaches. Consumers, patients, scientists, soldiers, and students need and demand confidentiality. The data at risk includes:

  • Personally Identifiable Information (PII)

    Used alone or with other data to identify, contact, or locate someone. Examples include name, address, phone number, and national ID number. Government regulations like SSAE16 SOC2 and the GDPR, which takes effects 25 May 2018, require that all PII is protected.

  • Protected Health Information (PHI)

    In medical records, PHI identifies a health care recipient. US HIPAA regulations require that 18 "key" identifiers be effectively de-identified or anonymized.

  • Primary Account Numbers (PANs)

    These are identifying numbers used in credit card transactions. The Payment Card Industry Data Security Standard (PCI DSS) requires card issuers, merchants, and testers to encrypt, tokenize, and otherwise protect this information.

  • Other Sensitive Information

    Information like codes and formulas that constitute trade or military secrets needs to be protected. You cannot afford to have this critical data lost in a data breach.

What's Your Approach?

Are you using a home-grown solution, and is it robust and easy to maintain? Is your encryption solution protecting everything ham-handedly with a single point of failure? Or do you use a data masking tool that only covers one data source or offers too few functions?

Is data masking tightly integrated into your data management lifecycle and infrastructure? Can you mask data while manipulating or reporting on it, easily modify those jobs, risk-score, and log them to prove compliance?

The Solutions

Address these and related challenges with proven software like IRI FieldShield for static data masking, the IRI Chakra Max DB firewall for dynamic data masking, or the IRI Voracity total data management platform.[1]

All of IRI's "startpoint security" products include cost-effective PII discovery, classification, de-identification, and auditing. They leverage the same, free Eclipse GUI to connect and apply a wide array of targeted, field-level protection functions to a multiple data sources. Learn more about how you can do things like:

Each IRI data masking solution also produces audit logs that you can secure and query to document and verify compliance with data privacy laws.

If you need safe test data, masking production data is one way to go. But in Voracity, you can also subset and mask database tables, or use its built-in IRI RowGen functions to generate safe, referentially correct test data for multiple targets from scratch!

Read More in the Data Masking White Paper, here.

Which Data Maskin Tool Should I Use?

  • CellShield

    Find, report on, mask/encrypt/pseudonomize and audit PII, PHI in one or more Excel spreadsheets at once.

    Details here.

  • Voracity

    The one-stop big data discovery, integration, migration, governance and analytics platform that includes FieldShield and RowGen and incorporates data classification, masking and testing into multiple data-driven operations in or beyond Hadoop.

    Details here.

  • RowGen

    Robust test data generation safely prototyping DB/ETL operations, faking PII, and stress-testing new applications.

    Details here.

  • Chakra Max

    Highest performing DB firewall for DAM/DAP operations that includes policy-driven dynamic data masking for 20 enterprise RDBs.

    Details here.

  • Which Data Masking Function Should I Use?

    Take a look at the powerful data masking functions you can use with IRI FieldShield or IRI Voracity. Give your data the best security possible.

    Read here.

  • FieldShield

    Identify, classify, and mask PII across legacy files, relational and NoSQL databases, cloud apps, etc. with AES-256 FPE, hashing, redaction, pseudonymization, tokenization, etc.

    Details here.

Role Based Access Controls (RBAC)

Choose a masking function each field based on your our own business rules regarding: authorization (RBAC), security strength, reversibility, and appearance. See this advice.

Define static or dynamic data masking jobs and rules based on who can see which columns. Keep original data unchanged and preserve referential integrity.

Mask PII in files and reports, too. Set field or job level controls for different recipients.

Bottom Line

Data masking is the best way to comply with data privacy laws, nullify the effects of a data breach, and support the risk and controls framework of your enterprise.

Satisfy the PII identification, protection and verification requirements of information stewardship, regulatory compliance, and data loss prevention programs.

Perform data masking standalone, or directly within BI, DB, ETL and other operations (via IRI Voracity).

IRI Defines Startpoint Security | Outlook Series: Listen Now.

[1] Use IRI FieldShield as a standalone product, or within the IRI Voracity platform for data discovery, integration, migration, governance, and analytics. FieldShield data and job definitions also share the same metadata syntax and Eclipse GUI with other Voracity component products (IRI CoSort, IRI NextForm, and IRI RowGen) to further facilitate integration of data masking into the enterprise information management (EIM) lifecycle.