Real-Time Data Masking
Real-time data masking typically involves the automatic, incremental refresh and obfuscation of PII in database or file targets given new data, or changes to data in supported sources. It may also refer to the masking of data streaming from pipes, programs or message queues like Kafka and MQTT.
In the case of databases, the IRI Ripcurrent incremental data masking facility in IRI Voracity (which includes the IRI FieldShield and DarkShield data masking tools) can apply consistent (rule-based) static data masking functions to classified data when rows are inserted or updated in MS SQL, MySQL, Oracle or PostgreSQL source tables.
Ripcurrent provides incremental data masking in Oracle, but for Oracle, there is also a real-time trigger option for encrypting or decrypting data during queries. See this example of in-situ data masking for real-time data protection in Oracle databases.
In the case of data streaming through pipes, programs or message queues, both IRI FieldShield and IRI DarkShield can support the masking of payloads in various ways, including:
- standard input (stdin) file designations and /STREAM processing in FieldShield job scripts
- custom /INPROCEDURE code for FieldShield jop scritps (written in C)
- built-in MQTT support in FieldShield
- API calls in DarkShield for any of the above
In the case of structured (flat) file sources that have a similar real-time data protection requirement, you can set up a file watcher program through Powershell, for example, to trigger a FieldShield operation when there are new or modified files detected in the operating system.
It is also possible to define triggers through database procedures or external programs that can then activate IRI data masking functionality through FieldShield (structured) or DarkShield (semi-structured and unstructured) data masking operations.
Other real time data masking tools from IRI are the 1) standalone FieldShield database masking product, 2) CoSort data transformation utility and 3) IRI Voracity data management platform -- all of which use the same underlying data definition and manipulation program, called SortCL. SortCL scripts can specify static data masking functions to run on particular columns or rows based on changes to the data values (like timestamps) in source tables or files. See this example.
In any of these scenarios, you can work with IRI Professional Services to build an incremental data masking solution custom-fit for your use case(s).
Provide real-time privacy protection through incremental data masking! To learn how to use one or more of these real-time data-centric security tools in your environment, please request information using the form below. See also:
