According to GEODI discovery results, masking or anonymization can be applied to files and databases.

Masking refers to obscuring sensitive data in a content or replacing it with a fixed text. Anonymization, on the other hand, involves replacing a value with other values that appear to be real.

With masking, sensitive data is completely obscured, while anonymization breaks the link with real data but still maintains the appearance of real data. By anonymizing data containing sensitive information, you can easily share it with testing teams, data analysis teams, or researchers.

How the findings should be masked can be determined.

You can simply replace it with *.
You can replace a name or phone number with a distinct value such as [NAME] or [TELNO].
For identifiers like IBAN or credit card numbers, you can use the first 2 and last 4 characters.
For names, applying Module: GEODI Data Masking, such as capitalizing the first letter, is possible.

Content names (File names, e-mail subjects, ..) are not masked

Masking can be done in several ways.

Permanent File Masking: In file-based data, discovery layers identified as permanent or copy can be altered. It is possible to define rules separately for personal data, financial data, or all data. A copy document can be created where all identified words with identifiers or dictionaries are hidden. Different masking options may exist for the legal and purchasing departments of the same document.
Dynamic Masking: Discovery layers selected with selected groups/users change dynamically. So, while one user sees the same document in its entirety, another user may view it with financial areas or personal data hidden.
Database Masking: It creates a masked or anonymized copy of a given database as the source. It is possible to mask a database for software development teams

Persistent File Masking

GEODI creates a copy of the content undergoing masking to perform the process. The operation functions in the "Mask and Download" manner.

You can also perform this process in bulk using the "Batch Mask/Anonymize" action from the Actions menu. Actions create a script that should be executed by the system administrator. In case of individual files or a small number of files, you can generate modified copies of the files using the masking/anonymization process within the viewer.

Masking operates in the following formats:
- Word (*.doc, *.docx, *.rtf)
- Excel (*.xlsm, *.csv, *.xlsx, *.xls)
- PDF (*.pdf)
- Powerpoint (*.ppt, *.pptx, *.ppsx)
- LibreOffice (*.odp, *.odt, *.ods)
In the viewers of supported formats for the masking process, access is available under the button.
You can mask all discovered data or a selected subset by creating as many definitions (Masking Metadata) as needed.
- By default, the following definitions are provided. Changes and additions can be made using the method specified on this page.
- For example, with masking, a name like "Hasan Hüseyin" can be masked as "[NAME]" or "****". Different masking formats can be defined based on different identifiers using definitions. This means that names, IBANs, and currency expressions can all be masked differently.

Dynamic Masking

With dynamic masking, the discovery results are visible in screens such as the viewer, words, network graph, summary, etc., in a masked form.
Masking in the viewer applies to the following types, regardless of their source: whether they are embedded in a File Server, SharePoint, or Database.
- Office Files (Word, Excel, PowerPoint)
- Open Office (ODT, ODS, ...)
- PDF
- TXT, XPS
On the last page of the project wizard, the "Dynamic Masking" box is selected, and settings are configured.
Once adjustments are made, files in the project are displayed to users in a masked format.
- It operates with group-based authorization.
- A masking metadata is defined for each group.
- When group members open a file from the project, it is displayed in a masked form according to the defined masking metadata.

geodi-en > Masking > image-20231205-060914.png

The "No Masking" setting displays the results without masking for the defined group.
Any group or user not matched with a profile is assumed to use the MaskALL profile.
When downloading files, it also downloads them in a masked form.

Database Masking

Database masking performs permanent masking on the given database. If you want the original data to remain intact, you can also work on a copy.

Database masking provides several use cases:

When you need to share your database with software or testing teams. Masking permanently removes sensitive data from your database for this use case.
When you share your database for data analysis, it permanently removes sensitive data, allowing you to safely share the database.

Permissions

Masking authorization is the same as document download authorization. Those with download permissions can use it.

For dynamic masking, authorization can be done based on user and discovery layer.

License

A MASKING and DISCOVERY license is required.