According to GEODI can mask or anonimyze files or databases based on discovery results.
Masking means blacking out sensitive data. Anonimization means replacing a data with fake but real looking one. Both function allows ou to share a content with less concern. Masking completely hides a sensitive information and you can identify a document if it is masket or not. But anonimization creates a completelly real looking version of the content. Anonimizaytion is more suitable for testing or data science.
There are choices.
Persistent File Masking/Anonimizatşon: Selected files are masked/anonimized persistently. Keeping the original values is a choice. You may choose to replace all findings, PII or just financial values.
Dynamic Masking/Anonimization: Dynamic option allows you to set visibility of sensitive i,nformation by permissons. Same content (a PF, word , ..) looks different to different users based on permissions.
Database Masking/Anonimization: It is possible to mask/animiyze a database for software development teams. This capability should not be confused with products that perform dynamic database masking.
Masking Details
There are some masking rules. Each discovery result (an IBAN, name or any other) may be replaced with using any of the following rules.
...
Simple change with a char (like **)
...
Change a name or telno with [NAME] veya [TELNO]
...
First 2, last 4 char for IBAN or CreditCard like entities
discovery results, masking or anonymization can be applied to files and databases.
Masking refers to obscuring sensitive data in a content or replacing it with a fixed text. Anonymization, on the other hand, involves replacing a value with other values that appear to be real.
With masking, sensitive data is completely obscured, while anonymization breaks the link with real data but still maintains the appearance of real data. By anonymizing data containing sensitive information, you can easily share it with testing teams, data analysis teams, or researchers.
How the findings should be masked can be determined.
You can simply replace it with *.
You can replace a name or phone number with a distinct value such as [NAME] or [TELNO].
For identifiers like IBAN or credit card numbers, you can use the first 2 and last 4 characters.
For names, applying Module: GEODI Data Masking, such as capitalizing the first letter, is possible.
Content names (File names, e-mail subjects, ..) are not masked
Anonimization Details
Each finding is replaced with a real looking value. Currently the following entities are anonimiyzed
Name → Name
Money → Money
Disctionaries(Placename, part number or other) → random value from the same dictionary
Creditcard → Creditcard
IBAN → IBAN
Tel → Tel
e-Mail → e-Mail
Date → Date
Anonimizatşon has 2 mode. In the Default mode, same value takes the same value. That is a name (john smit), converted the same name in every place. In the other mode, conversion is always random, and you can not even see the same results in a single session.
To set the second mode set ANO.SameToSame:False
in the project generic seettings.
...
Info |
---|
Masking can be done in several ways.
|
Persistent File Masking
GEODI creates a copy of the content undergoing masking to perform the process. The operation functions in the "Mask and Download" manner.
Note |
---|
You can also perform this process in bulk using the "Batch Mask/Anonymize" action from the Actions menu. Actions create a script that should be executed by the system administrator. In case of individual files or a small number of files, you can generate modified copies of the files using the masking/anonymization process within the viewer. |
Info |
---|
|
Dynamic Masking
...
With dynamic masking, the discovery results of the discovery are visible in screens such as the viewer, words, network graph, summary, etc., in a masked form.
Masking in the viewer is applicable applies to the following types, regardless of their source, : whether they are embedded in a File Server, SharePoint, or a Database.
Office Files (Word, Excel, PowerPoint)
Open Office (ODT, ODS, ...)
PDF
TXT, XPS
On the last page of the project wizard, the "Dynamic Masking" box is selected, and settings are configured.
Once adjustments are made, files in the project are displayed to users in a masked format.
It operates with group-based authorization.
A masking metadata is defined for each group.
When group members open a file from the project, it is displayed in a masked form according to the defined masking metadata.
...
The "No Masking" setting displays the results without masking for the defined group.
Groups and members without authorization display all discovery results in a masked form.
In accordance with the "All" masking metadataAny group or user not matched with a profile is assumed to use the MaskALL profile.
When downloading files, it also downloads them in a masked form.
Database Masking
...
Database masking performs permanent masking on the given database. If you want the original data to remain intact, you can also work on a copy.
...
When you need to share your database with software or testing teams. Masking permanently removes sensitive data from your database for this use case.
When you share your database for data analysis, it permanently removes sensitive data, allowing you to safely share the database.
...
Permissions
The Masking authorization for masking is the same as the document download permissionauthorization. Those with download permission permissions can use maskingit.
Dynamic For dynamic masking allows authorization at the , authorization can be done based on user and discovery layer levels.
License
A MASKING license is required for masking.
The number of users using masking is equal to the number of GEODI users.
Masking is meaningful with Corporate Search.
It is recommended to have a Discovery license for masking. Otherwise, masking will be limited to information discovered within the scope of STD.
Batch Masking
To create a script for Bulk Masking, go to the Reports menu. For this script, specify the masking profile and the directory where result files will be located. The generated script can also be edited to modify the original files.
Profiles
Profiles determine which discovery results will be masked/anomiyzed. There are default profiles which you can customize.
You will need the profile ID values for batch operations like Bulk Masking. Below, you will find the default profiles:
...
ID: Finance01 -> [$.tr:Financial Data;en:Financial Data] → Identifiers labeled IsFinancial and IsMoney (IBAN, Credit Card Number (Visa, Mastercard, American, JCB...), Currencies)
...
ID: MoneyData01 -> [$.tr:Monetary Data;en:Monetary Data] → Identifiers labeled IsMoney (Euro(€), Dollar($), Turkish Lira(₺), Pound/GBP(£), ...)
...
ID: PersonalData_01 -> [$.tr:Personal Data Only;en:Personal Data Only] → Identifiers labeled PII (SSN, and identifiers for ID and Passport numbers of different countries)
Name
ID Number (Turkish: TCKN)
Tax ID (Turkish: VKN)
Email
Address Block Identifier
...
ID: All -> All
Used to mask all information recognized by the identifiers in your project.
...
and DISCOVERY license is required.