Versions Compared

Version Old Version 1 New Version Current
Changes made by

serdar ak

serdar ak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Based on GEODI can mask or anonimyze files or databases based on discovery resultsdiscovery results, files, and databases can be Masked or Anonymized.

Masking means blacking out obscuring sensitive data . Anonimization within a content or replacing it with a fixed alternative text. On the other hand, anonymization means replacing a value with another value that appears to be real.

Sensitive data with fake but real looking one. Both function allows ou to share a content with less concern. Masking completely hides a sensitive information and you can identify a document if it is masket or not. But anonimization creates a completelly real looking version of the content. Anonimizaytion is more suitable for testing or data science.

There are choices.

  1. Persistent File Masking/Anonimizatşon: Selected files are masked/anonimized persistently. Keeping the original values is a choice. You may choose to replace all findings, PII or just financial values.

  2. Dynamic Masking/Anonimization: Dynamic option allows you to set visibility of sensitive i,nformation by permissons. Same content (a PF, word , ..) looks different to different users based on permissions.

  3. Database Masking/Anonimization: It is possible to mask/animiyze a database for software development teams. This capability should not be confused with products that perform dynamic database masking.

Masking Details

There are some masking rules. Each discovery result (an IBAN, name or any other) may be replaced with using any of the following rules.

  1. Simple change with a char (like **)

  2. Change a name or telno with [NAME] veya [TELNO]

  3. First 2, last 4 char for IBAN or CreditCard like entities

  4. Content names (File names, e-mail subjects, ..) are not masked

Anonimization Details

Each finding is replaced with a real looking value. Currently the following entities are anonimiyzedis completely removed with masking. Anonymization breaks the link with the real data but keeps the data looking real. By anonymizing your sensitive information or databases, you can easily share them with test teams, data analysis teams, or researchers.

In Anonymization, each value is replaced with a compatible alternative. For example, a name is replaced with another name, a phone number with another phone number, and so on. The ready-to-use values are listed below.

  • Name → Name

  • Money → Money

  • DisctionariesDictionaries(Placename, part number or other) → random value from the same dictionary

  • Creditcard → Creditcard

  • IBAN → IBAN

  • Tel → Tel

  • e-Mail → e-Mail

  • Date → Date

Anonimizatşon Anonimization has 2 mode. In the Default mode, the same value takes the same value. That is a A name (john smitJohn Smit) , is converted to the same name in every placeeverywhere. In the other mode, conversion is always random, and you can not even see the same results in a single session.

To set the second mode set Set ANO.SameToSame:False in the project generic seettings.

...

settings for the second mode.

Info

Profiles

Profiles define which findings are to be anonymized. You may anonymize all PII or Financial data. The functions ask you to choose from existing profiles.

Info

Anonymization in content can be applied in several ways:

  1. Persistent File Anonymization: The identified discovery layers are modified permanently or as a copy in file-based data. An anonymous copy of the original file is created, or the original file is altered.

  2. Dynamic Anonymization: The selected discovery layers change dynamically for selected groups/users. For Example, one user can see the complete document, while another user sees it with hidden monetary fields or personal data.

  3. Database anonymization creates a masked or anonymized copy of a given database. This allows software development teams to work with a masked version of the database.

Persistent File Anonimization

GEODI creates a copy of the content undergoing masking to perform the process. The operation functions in the "Mask and Download" manner.

Note

You can also perform this operation in bulk using the “Batch Mask/Anonymize” action from the Actions menu. This action creates a script that the system administrator should execute. If there are only a few files or individual files, you can use the masking/ anonymization feature within the viewer to produce modified copies of the files.

Info

  • Masking operates in the following formats:

    • Word (*.doc, *.docx, *.rtf)

    • Excel (*.xlsm, *.csv, *.xlsx, *.xls)

    • PDF (*.pdf)

    • Powerpoint (*.ppt, *.pptx, *.ppsx)

    • LibreOffice (*.odp, *.odt, *.ods)

  • In the viewers of supported formats for the masking process, access is available Download as masked tools is under the (info) button in the viewers.

  • You can Masking profiles allow you to create templates to mask all discovered data or a selected subset by creating as many definitions (Masking Metadata) as needed.

    By default, the following definitions are provided. Changes and additions can be made using the method specified on this page

    or just PII.

    • For example, with masking, a name like "Hasan Hüseyin" can be masked as "[NAME]" or "****". Different masking formats can be defined based on different identifiers using definitions. This means that names, IBANs, and currency expressions can all be masked differently.

Dynamic

...

Anonymization

  • With dynamic masking, the discovery results of the discovery are masked and visible in on screens such as the viewer, words, network graph, summary, etc., in a masked form.

  • Masking in the viewer is applicable applies to the following types, regardless of their source, whether they are embedded in a File Server, SharePoint, or a Database.

    • Office Files (Word, Excel, PowerPoint)

    • Open Office (ODT, ODS, ...)

    • PDF

    • TXT, XPS

  • On the last page of the project wizard, the The "Dynamic Masking" box is selected on the project wizard's last page, and settings are configured.

  • Once adjustments are made, files in the project are displayed to users in a masked format.

    • It operates with group-based authorization.

    • A masking metadata is defined for each group.

    • When group members open a file from the project, it is displayed in a masked form according to the defined masking metadata.

...

  • The "No Masking" setting displays the results without masking for the defined group.

  • Groups and members without authorization display all discovery results in a masked form.

    In accordance with the "All" masking metadata

    Any group or user not matched with a profile is assumed to use the MaskALL profile.

  • When downloading files, it also downloads them in a masked form.

Database

...

Anonymization

Database masking performs permanent masking on the given database. If You can also work on a copy if you want the original data to remain intact, you can also work on a copy.

Database masking provides several use cases:

  1. When you need to share your database with software or testing teams. Masking , masking permanently removes sensitive data from your database for this use case.

  2. When you share your database for data analysis, it permanently removes sensitive data is permanently removed, allowing you to safely share the database safely.

...

Permissions

The authorization for masking is the same as the document download permission. Those with download permission can use masking.

Dynamic masking allows authorization at the user and discovery layer levels.

License

A MASKING mask and DISCOVERY license is required for maskinganonymization.

The number of users using masking is equal to the number of GEODI users.

Masking is meaningful with Corporate Search.

It is recommended to have a Discovery license for masking. Otherwise, masking will be limited to information discovered within the scope of STD.

Batch Masking

To create a script for Bulk Masking, go to the Reports menu. For this script, specify the masking profile and the directory where result files will be located. The generated script can also be edited to modify the original files.

Profiles

Profiles determine which discovery results will be masked/anomiyzed. There are default profiles which you can customize.

You will need the profile ID values for batch operations like Bulk Masking. Below, you will find the default profiles:

...

ID: Finance01 -> [$.tr:Financial Data;en:Financial Data] → Identifiers labeled IsFinancial and IsMoney (IBAN, Credit Card Number (Visa, Mastercard, American, JCB...), Currencies)

...

ID: MoneyData01 -> [$.tr:Monetary Data;en:Monetary Data] → Identifiers labeled IsMoney (Euro(€), Dollar($), Turkish Lira(₺), Pound/GBP(£), ...)

...

ID: PersonalData_01 -> [$.tr:Personal Data Only;en:Personal Data Only] → Identifiers labeled PII (SSN, and identifiers for ID and Passport numbers of different countries)

  1. Name

  2. ID Number (Turkish: TCKN)

  3. Tax ID (Turkish: VKN)

  4. Email

  5. Address Block Identifier

...

ID: All -> All

  1. Used to mask all information recognized by the identifiers in your project.

...

.