Industry coalitions are developing regulations to govern information sharing and to protect sensitive business data and the privacy of individuals. In many cases, these regulations make it impossible to outsource business operations, unless the companies have effective technologies to protect sensitive information. This paper addresses scenarios in which data servers and applications are owned and maintained on the premises of a company, and the service providers remotely access the data and the applications. We present a unique solution called Masking Gateway for Enterprises (MAGEN) that masks sensitive information appearing on application displays, without any interference with the applications that generate those screens. The major novelty lies in the utilization of optical character recognition (OCR) for analyzing and understanding application screens. Together with a comprehensive rule language, this approach makes it possible to characterize fields containing sensitive information and mask them according to predefined rules. The rule language is very flexible, abstract, and intuitive and is designed to cope with a vast set of policies and security needs. We describe the major challenges in implementing MAGEN and the results of experimenting with it in situations that occur in actual business settings. We outline techniques that optimize the OCR process to minimize latency and ensure robust operation.