Home » Solutions » Data Masking » Dynamic Data Masking

Quick Links

Overview Auditing DPDPA CCPA DLP FERPA GDPR HIPAA PCI DSS DMaaS Static Dynamic Real-Time Test Data/TDM

Dynamic Data Masking

Dynamic data masking (DDM), or data masking in transit, masks data only at the display level in applications connected to a database or file (where it remains unchanged). A DDM solution will prevent unauthorized users from seeing the original plaintext values in columns.

Compare this to real-time data masking which changes source data values in a single RDB via SQL trigger, or masks values moving from source to target when source values change. Dynamic data masking is also different from Static Data Masking (SDM) which protects data at rest -- either in sources typically used in high security production environments or in lower environments where data is anonymized for development, testing, or analytics.

The best data masking tools enable all three modes of operation, and provide multiple options to satisfy multiple use cases.

The IRI FieldShield data masking package for relational databases and flat files, the IRI DarkShield package for semi- and unstructured text files, PDF / MS documents, images and NoSQL -- or the IRI Voracity platform which includes them both plus many related features -- can provide you with dynamic data masking and protection functionally in multiple ways:

Method	Operation
API or Web Services Call	Embed IRI FieldShield functions via .NET or Java SDK library calls from applications to encrypt, decrypt, hash or redact. Or make a call to aDarkShield text, file, RDB or NoSQL DB RPC API from your application (in Python, PowerShell, Java, etc.) for RESTful search and mask services.
Proxy-based, In-Flight	In 2025, IRI will launch new middleware exploiting RI DarkShield APIs to analyze logged-in users to relational and NoSQL database and mask classes of sensitive data based on RBAC settings.
Custom I/O	Flow your own data feeds and formats to / from FieldShield static data masking jobs in memory using input or output procedures writen in C. Your procedure would address the RBAC logic, and allow you to leverage the FieldShield data classification, discovery, masking , re-ID risk scoring, quasi-identifer anonymization, and audit reporting capabilities.
Message Queues	Redirect, mask and virtualize/federate PII from pipes, URLs, and MQTT or Kafka topics; i.e., mask data for recpients in flight, as it streams in from a dynamic source.

Whichever dynamic data masking tool or option you choose above, you can work with IRI Professional Services to obtain a customized implementation for your use case.

For more details, please submit an information request using the form below. See also:

Solutions > Data Masking > Static Data Masking (SDM)

Blog > Data Protection > FieldShield SDK

Blog > Data Protection > Dynamic Data Masking in DB Applications

Share this page

Request More Information

Live Chat

* indicates a required field.
IRI does NOT share your information.

Dynamic Data Masking (DDM)

Protecting DB and File PII In-Flight

Quick Links

Request More Information

Solutions

Products

Customers

Services

Company

Support

News

Partners

Dynamic Data Masking (DDM)

Protecting DB and File PII In-Flight

Quick Links

Request More Information

Follow us on

Get the IRI Newsletter