Dynamic Data Masking (DDM)

Protecting Database Columns at Risk in Real Time

Dynamic Data Masking


Dynamic data masking (DDM) usually works in conjunction with database applications in real time so that unauthorized users do not see actual column values.


Built-in, rule-based DDM in IRI Chakra Max (DB Firewall), or bespoke solutions in IRI FieldShield or IRI Voracity, can support your security objectives in several ways:




On-the-fly Redaction

Set user and query-based data masking rules for full or partial value obfuscation

ODBC Select / Update

Apply protections surgically to any given column value(s) in qualifying row(s)

DB Application(s) 

Use .NET or Java SDK library functions, or system-call job scripts on the fly

In-Situ Encryption, etc.

Call custom, DB-specific FieldShield routines from within SQL procedures*

Input/Output Routines

Drive real-time application data directly to / from FieldShield jobs in memory

Real-time Processing

Hadoop Spark and Storm processing of dynamic input streams in Voracity

On-the-fly, policy-based DDM is provided through 
Chakra Max which can redact values during queries ... only authorized users receive clear text from the (unchanged) table, while others see masked data. In addition to dynamic data masking, Chakra Max provides database activity monitoring (DAM) and database audit and protection (DAP) for 20 different vendor DBs. Use it to set and enforce access and SQL execution policies, while logging every event to secure, query-ready logs.


Depending on your data flow and system architecture, you can also choose the other methods, which leverage the same FieldShield routines available for static data masking (SDM).


*Work with IRI professional services to obtain a customized implementation.