Static Data Masking (SDM)

Proven Protections for Data at Rest

Static Data Masking


Static data masking (SDM) is the primary method of protecting specific data elements at rest. These "elements" are typically database column or flat-file field values that are considered sensitive. These fields may contain personally identifiable information (PII), protected health information (PHI), primary account numbers (PAN), trade secrets, or other private values.

The "startpoint" data-centric security product IRI FieldShield -- or the IRI CoSort product and IRI Voracity platform that include the same capabilities -- provide more data discovery and SDM functions for more data sources than any other data masking tool. They now also include a state-of-the-art re-ID risk scoring wizard.

Available per-field/column functions include:

  • multiple, NSA Suite B and FIPS-compliant encryption (and decryption) algorithms, including format-preserving encryption
  • SHA-1 and SHA-2 hashing
  • ASCII de-ID (bit scrambling)
  • binary encoding
  • data blurring and generalization
  • randomization
  • redaction (string masking)
  • reversible and non-reversible pseudonymization
  • expression (calculation / shuffle) logic
  • conditional / partial filtering (omission)
  • custom value replacement
  • byte shifting and sub-string functions
  • tokenization (for PCI) You can also "roll your own" external data masking function. This allows you to call a custom field protection at runtime instead of a built-in function.

Whether built-in or custom, you can apply functions conditionally to specific rows or columns, and across tables through protection rules you can define, store, and re-use. It is also possible to apply these functions in a dynamic data masking (DDM) context.

Create, run, and manage your data masking jobs in a free state-of-the-art GUI, built on Eclipse.™ Or, use the same, simple, self-documenting 4GL metadata defining your data layouts and protections in a command line environment.

If you have sensitive data in Excel, check out
IRI CellShield.


  • Article: Which Data Masking Function Should I Use?

    Take a look at the powerful data masking functions you can use with IRI FieldShield or IRI Voracity. Give your data the best security possible.

    Read Now.

Did you know?

IRI FieldShield is a purpose-built data masking product spun off IRI CoSort, and is also part of the IRI Data Protector Suite and IRI Voracity total data management platform.

Voracity can perform FieldShield functions along with: data discovery, integration, migration, governance, and analytics. For example, you can encrypt and sort data for safe bulk loads into a database, or build a delta report or ETL job that de-identifies fields.