Versions Compared

Version Old Version 5 New Version 6
Changes made by

serdar ak

serdar ak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

GEODI can mask or anonimyze files or databases based on discovery results.

Masking means blacking out sensitive data in a content or replacing it with fixed text. The GEODI Masking tool creates a masked copy of your document. Masking accuracy is very high thanks to GEODI Discovery powered by Artificial Intelligence and Natural Language Processing.

The masking module provides several different masking capabilities.

...

File Masking: In file-based data, discovery layers identified as sensitive or designated as copies are masked. It is possible to define rules separately for personal data, financial data, or any other type of data. A duplicate document can be created where all discovered words, identifiers, or dictionary-based findings are concealed. Different masking options may result in variations of the same document shared with legal and procurement units.

...

Dynamic Masking: Selected discovery layers for specified groups/users are dynamically masked. This means that while one user sees the document in its entirety, another user may view it with financial areas or personal data concealed.

...

data. Anonimization means replacing a data with fake but real looking one. Both function allows ou to share a content with less concern. Masking completely hides a sensitive information and you can identify a document if it is masket or not. But anonimization creates a completelly real looking version of the content. Anonimizaytion is more suitable for testing or data science.

There are choices.

  1. Persistent File Masking/Anonimizatşon: Selected files are masked/anonimized persistently. Keeping the original values is a choice. You may choose to replace all findings, PII or just financial values.

  2. Dynamic Masking/Anonimization: Dynamic option allows you to set visibility of sensitive i,nformation by permissons. Same content (a PF, word , ..) looks different to different users based on permissions.

  3. Database Masking/Anonimization: It is possible to mask/animiyze a database for software development teams. This capability should not be confused with products that perform dynamic database masking.

Masking

...

Details

There are some masking rules. Each discovery result (an IBAN, name or any other) may be replaced with using any of the following rules.

  1. Simple change with a char (like **)

  2. Change a name or telno with [NAME] veya [TELNO]

  3. First 2, last 4 char for IBAN or CreditCard like entities

  4. Content names (File names, e-mail subjects, ..) are not masked

Anonimization Details

Each finding is replaced with a real looking value. Currently the following entities are anonimiyzed

  • Name → Name

  • Money → Money

  • Disctionaries(Placename, part number or other) → random value from the same dictionary

  • Creditcard → Creditcard

  • IBAN → IBAN

  • Tel → Tel

  • e-Mail → e-Mail

  • Date → Date

Anonimizatşon has 2 mode. In the Default mode, same value takes the same value. That is a name (john smit), converted the same name in every place. In the other mode, conversion is always random, and you can not even see the same results in a single session.

To set the second mode set ANO.SameToSame:False in the project generic seettings.

...

Persistent File Masking/Anonimization

GEODI creates a copy of the content undergoing masking to perform the process. The operation functions in the "Mask and Download" manner.

Info

  • Masking operates in the following formats:

    • Word (*.doc, *.docx, *.rtf)

    • Excel (*.xlsm, *.csv, *.xlsx, *.xls)

    • PDF (*.pdf)

    • Powerpoint (*.ppt, *.pptx, *.ppsx)

    • LibreOffice (*.odp, *.odt, *.ods)

  • In the viewers of supported formats for the masking process, access is available under the (info) button.

  • You can mask all discovered data or a selected subset by creating as many definitions (Masking Metadata) as needed.

    • By default, the following definitions are provided. Changes and additions can be made using the method specified on this page.

    • For example, with masking, a name like "Hasan Hüseyin" can be masked as "[NAME]" or "****". Different masking formats can be defined based on different identifiers using definitions. This means that names, IBANs, and currency expressions can all be masked differently.

Dynamic Masking/Anonimization

  • With dynamic masking, the results of the discovery are visible in screens such as the viewer, words, network graph, summary, etc., in a masked form.

  • Masking in the viewer is applicable to the following types, regardless of their source, whether they are embedded in a File Server, SharePoint, or a Database.

    • Office Files (Word, Excel, PowerPoint)

    • Open Office (ODT, ODS, ...)

    • PDF

    • TXT, XPS

  • On the last page of the project wizard, the "Dynamic Masking" box is selected, and settings are configured.

  • Once adjustments are made, files in the project are displayed to users in a masked format.

    • It operates with group-based authorization.

    • A masking metadata is defined for each group.

    • When group members open a file from the project, it is displayed in a masked form according to the defined masking metadata.

...

  • The "No Masking" setting displays the results without masking for the defined group.

  • Groups and members without authorization display all discovery results in a masked form.

    • In accordance with the "All" masking metadata.

  • When downloading files, it also downloads them in a masked form.

Database Masking/Anonimization

Database masking performs permanent masking on the given database. If you want the original data to remain intact, you can also work on a copy.

...

To create a script for Bulk Masking, go to the Reports menu. For this script, specify the masking profile and the directory where result files will be located. The generated script can also be edited to modify the original files.

...

Profiles

Masking profiles Profiles determine which discovery results will be masked and how they will be masked using the Masking Module. The Masking Module provides the following default profiles, /anomiyzed. There are default profiles which you can customize according to your needs.

You will need the profile ID values for batch operations like Bulk Masking. Below, you will find the default profiles:

  1. ID: Finance01 -> [$.tr:Financial Data;en:Financial Data] → Identifiers labeled IsFinancial and IsMoney (IBAN, Credit Card Number (Visa, Mastercard, American, JCB...), Currencies)

  2. ID: MoneyData01 -> [$.tr:Monetary Data;en:Monetary Data] → Identifiers labeled IsMoney (Euro(€), Dollar($), Turkish Lira(₺), Pound/GBP(£), ...)

  3. ID: PersonalData_01 -> [$.tr:Personal Data Only;en:Personal Data Only] → Identifiers labeled PII (SSN, and identifiers for ID and Passport numbers of different countries)

    1. Name

    2. ID Number (Turkish: TCKN)

    3. Tax ID (Turkish: VKN)

    4. Email

    5. Address Block Identifier

  4. ID: All -> All

    1. Used to mask all information recognized by the identifiers in your project.

  5. ID:Anonimiyze:* for the anonimization.