Dynamic Data Masking (DDM)
Protecting DB and File PII In-Flight
Dynamic Data Masking
Dynamic data masking (DDM) works in conjunction with applications in real time so that unauthorized users do not see plaintext columns or values, while the source data remains unchanged.
The IRI FieldShield data masking package for relational databases and flat files, the IRI DarkShield package for semi- and unstructured text files, PDF / MS documents, images and NoSQL -- or the IRI Voracity platform which includes them both plus many related features -- deliver DDM functionally in multiple ways:
Method |
Operation |
On-the-fly |
Apply field-level masking functions while mapping; i.e., in the same job script/s with IRI Voracity ETL, migration, replication, cleansing, reporting, etc. |
SQL trigger |
Encrypt, mask, etc. in-situ, in real-time, during inserts, update, etc. to specified tables and columns |
App calls |
Embed .NET or Java SDK library functions in applications to encrypt, decrypt, hash or redact |
Proxy-based |
Configure proxy server and special 'JDBC SQL Trail' driver to intercept and mask app queries in transit |
Custom I/O |
Flow your own data feeds and formats to / from FieldShield data masking scripts in memory |
Stream masking |
Spark and Storm processing of dynamic input in Voracity Hadoop edition |
Message queue |
Redirect, mask and virtualize/federate PII from pipes, URLs, and MQTT/Kafka topics |
Web service |
REST API call to a FieldShield or DarkShield agent to mask data in flight |
All IRI dynamic encryption and decryption functions, including format-preserving encryption, leverage the same routines used in FieldShield and DarkShield static data masking (SDM) jobs.
In all cases above, you can work with IRI Professional Services to obtain a customized implementation.
For more details, please submit an information request using the form below. See also: