Integrated data classification infrastructure inside IRI Workbench unifies the definition, discovery, and masking of specific kinds, or classes, of data regardless of their location and formatting. The process of specifying masking jobs for DarkShield, FieldShield and CellShield Enterprise Edition in Workbench all begin with this process.
Some of the classes of sensitive data (PII, PHI, PI, CSI, etc.) which need to be found and masked might include:
- email, street and IP addresses
- credit card, ID, VIN, and account numbers
- home, office, or cell phone numbers
- first, middle and/or last names
- company names and/or locations
- birth, death, admit, discharge, or service dates
- medical conditions or treatments
The actual values for these data classes can be anywhere in the multiple file, document, image, and/or database (relational and NoSQL) source types -- throughout multiple local and cloud silos -- which DarkShield supports. Thus as you name and describe these data classes for centralized reference, you are also associating each class with one or more search methods and a masking rule (function) so they can be found anywhere and remediated consistently.
During data discovery (see next tab), DarkShield will search for every instance of your defined data class values to produce and log their location information ... which you can report on or leverage in simultaneous or subsequent data masking operations.
If you apply a deterministic masking function like (format-preserving) encryption or recoverable pseudonymization to your data class(es), the values in every source in which they are discovered will be masked the same way. For example, every instance of phone # 390-551-2389 would be encrypted to 108-462-3417 and every occurrence of John Smith will be pseudonymized to Harv Jones in every target, preserving data and referential integrity enterprise-wide.
Once you name and associate these data classes with search methods and masking functions (rules), you do not have to do so again. IRI ships DarkShield with several of these classes pre-defined for you (and provides default patterns and set file values to match against), but you can modify our, or add your own, data class definitions and search/mask associations.