Which solution is better suited to data masking in relational databases?
Reliably protecting sensitive data in databases: Today, organisations store large volumes of personal and business-critical information in relational databases. Names, addresses, customer numbers, financial data and health information must not only be protected against unauthorised access, but must also comply with the requirements of data protection legislation such as the GDPR.
IRI offers two powerful solutions for masking sensitive data: IRI FieldShield and IRI DarkShield. Both products support the anonymisation and pseudonymisation of sensitive data, but take different approaches and are suited to different use cases.
In this article, we compare the two solutions and show when each technology is the better choice.
Common ground: data protection and compliance!
Both FieldShield and DarkShield have been developed to identify and protect sensitive data. Both solutions utilise the same data classes, masking functions and data protection methods within the IRI Workbench.
The supported methods include, amongst others:
This enables organisations to effectively implement data protection requirements under the GDPR, HIPAA, PCI DSS and other compliance guidelines.
Data masking for structured data: IRI FieldShield was developed specifically for structured data sources. The solution works particularly efficiently when the data fields to be protected are already known and clearly defined database structures are in place.
Typical use cases include:
A major advantage of FieldShield is its integration with IRI’s powerful SortCL engine. This allows data to be masked during extraction, transformation and processing without introducing additional processing steps.
Organisations already using IRI Voracity also benefit from the close integration with functions for data integration, data quality, test data generation and data migration.
When is FieldShield the right choice? FieldShield is particularly suitable when:
If sensitive data is not clearly structured: Whilst IRI FieldShield primarily accesses known data fields, IRI DarkShield takes a more comprehensive approach. The solution combines data discovery and data masking in a single process.
DarkShield can find sensitive information not only in database columns, but also within:
This makes DarkShield particularly well-suited to modern data landscapes, where sensitive information is often stored outside traditional table structures.
Typical examples include customer comments, support tickets or document archives within a database. Here, personal information can appear anywhere in the text and cannot be identified by column names alone.
Discovery and masking in a single step: The main difference between the two solutions lies in DarkShield’s integrated search function.
Whilst FieldShield requires you to specify which fields are to be protected, DarkShield scans the content itself for sensitive information. It uses data classes, regular expressions and search rules to automatically detect personal data.
The information found can then be protected directly using the same masking functions as those used in FieldShield. This approach significantly reduces manual effort and minimises the risk of overlooking hidden sensitive data.
If sensitive data can be clearly identified and is primarily stored in relational tables, FieldShield is usually the most efficient and cost-effective solution.
If, on the other hand, unknown sensitive information may be hidden in free-text fields, documents, or XML or JSON structures, DarkShield offers significant advantages. The integrated discovery function enables a more comprehensive analysis and better protection of complex data sets.
In many organisations, both solutions are even used in conjunction: FieldShield for structured data masking within established data processes, and DarkShield for searching for and securing hidden sensitive information in semi-structured and unstructured data.
Conclusion: FieldShield and DarkShield take different but complementary approaches to protecting sensitive data.
FieldShield stands out for its fast and precise masking of structured data in relational databases and ETL processes. DarkShield extends these capabilities with powerful search functions for semi-structured and unstructured content.
Organisations wishing to comprehensively meet their data protection and compliance requirements should therefore consider not only the nature of their data, but also the origin and structure of sensitive information. Choosing the right solution plays a crucial role in minimising data protection risks and efficiently implementing regulatory requirements.
Efficiency meets experience: For more than four decades, our software solutions have been supporting companies in data management and data protection – technologically leading, reliable in productive use and applicable across all industries.
In use since 1978: Numerous well-known companies, service providers, financial institutions and state and federal authorities are among our long-standing customers.
Maximum compatibility: Our software supports both classic mainframe platforms (Fujitsu BS2000/OSD, IBM z/OS, z/VSE, z/Linux) and modern open system environments such as Linux, UNIX derivatives and Windows.