IRI, best known for their high-performance data processing CoSort product, has announced a stand-alone, flat-file, data-protection product, FieldShield, that offers highly granular encryption, data-masking and de-identification capabilities for large, structured flat files typical in data warehousing and mainframe environments. The multiple functions are designed allow organizations to meet security and compliance requirements processing large volumes of data without hampering business operations.
"This expands our reach outside the traditional world of data warehousing and legacy sort migration," said David Friedland, IRI VP of business development. "We're trying to go more to the business user, to data governance and data compliance--the whole CISO market." The security product capitalizes on IRI's ability to run intricate sorting and transformation operations on huge files--tens or even hundreds of gigabytes--at high speeds. Organizations can enforce policy controlling precisely what data within a file is encrypted, masked or de-identified based on how it is being used and the role of the user. This flexibility could promote better security practices without interfering with business operations.
"An organization might secure access to an entire flat file; that's easiest, but reduces what can be shared and how many people can access the information," said David Stodder, principal for Perceptive Information Strategies and research fellow at Ventana research. "This creates a lot of bureaucratic procedure that can slow people down and what happens is people try to get around it and you have no security at all." Companies are faced with a growing collection of compliance of federal, state and industry mandates that require protection of personally identifiable information (PII). In particular, encryption is either required or at least relieves organizations of the breach notification requirements typical of the 40-plus state laws and, now, patient health information under the HITECH Act.
Data-masking is used in business to render, say, a credit card number unreadable by hiding, say, all but the last four digits, while keeping the data format. Customers can recognize which card is being referenced, for example, without exposing the information to third parties. Masked data is also heavily used as an alternative to exposing real production data in application development. De-identification separates the sensitive information from PII. So, for example, medical information might be made available for research without violating patient privacy. IRI's Friedland believes that FieldShield will appeal in large part to financial services companies, health care providers and government agencies. Stodder believes that flat files have been a neglected security area and sees a wide potential market in addition to giant insurance, banking and retail--generally companies that have a lot of mainframe systems and data migration programs.
"Mid-sized organizations that have grown quickly and haven't implemented database systems for everything, so they have giant spreadsheets and other kinds of non-database files," he said. "Other interesting possibilities are companies that are building data systems for online commerce, that are heavily using XML and PHP files to build websites and social network systems. A lot of information is not being stored in databases but need security." FieldShield runs on Windows, Unix and Linux platforms and protects data in numerous flat file formats, including: MF ISAM and Vision index MF COBOL; fixed blocked; variable blocked; fixed length text; CSV, delimited; LDIF, XML, and CLF and ELF Web logs.