Based on GEODI discovery results, files and databases can be Masked or Anonymized.

Masking means obscuring sensitive data within a content or replacing it with a fixed alternative text. Anonymization, on the other hand, means replacing a value with another value that appears to be real.

With Masking, sensitive data is completely removed. Anonymization breaks the link with the real data but keeps the data looking real. You can easily share your sensitive information or databases with test teams, data analysis teams, or researchers by anonymizing them.

In Anonymization, each value is replaced with a compatible alternative. A name is replaced with another name, a phone number with another phone number, and so on. The ready-to-use values are listed below.

Name → Name
Money → Money
Dictionaries(Placename, part number or other) → random value from the same dictionary
Creditcard → Creditcard
IBAN → IBAN
Tel → Tel
e-Mail → e-Mail
Date → Date

Anonimization has 2 mode. In the Default mode, the same value takes the same value. That is, a name (John Smit) is converted to the same name everywhere. In the other mode, conversion is always random, and you can not even see the same results in a single session.

Set ANO.SameToSame:False in the project generic settings for the second mode.

Profiles

Profiles defines which findings are to be anonimyzed. Ypu may anonimyze all, or PII or Financial data. The functions ask you to choose from existing profiles.

Anonymization in content can be applied in several ways:

Persistent File Anonymization: In file-based data, the identified discovery layers are modified either permanently or as a copy. An anonymous copy of the original file as created, or the original file is altered.
Dynamic Anonymization: The selected discovery layers dynamically change for selected groups/users. For Example, one user can see the complete document, while another user sees it with hidden monetary fields or personal data.
Databases Anonymization: Creates a masked or anonymized copy of a given database. This allows software development teams to work with a masked version of database.

Persistent File Anonimization

GEODI creates a copy of the content undergoing masking to perform the process. The operation functions in the "Mask and Download" manner.

You can also perform this operation in bulk using the “Batch Mask/Anonymize” action from the Actions menu. This action creates a script that should be executed by the system administrator. If there are only a few files or individual files, you can use the masking/ anonymization feature within the viewer to produce modified copies of the files. time.

Masking operates in the following formats:
- Word (*.doc, *.docx, *.rtf)
- Excel (*.xlsm, *.csv, *.xlsx, *.xls)
- PDF (*.pdf)
- Powerpoint (*.ppt, *.pptx, *.ppsx)
- LibreOffice (*.odp, *.odt, *.ods)
In the viewers of supported formats for the masking process, access is available under the button.
You can mask all discovered data or a selected subset by creating as many definitions (Masking Metadata) as needed.
- By default, the following definitions are provided. Changes and additions can be made using the method specified on this page.
- For example, with masking, a name like "Hasan Hüseyin" can be masked as "[NAME]" or "****". Different masking formats can be defined based on different identifiers using definitions. This means that names, IBANs, and currency expressions can all be masked differently.

Dynamic Anonymization

With dynamic masking, the results of the discovery are visible in screens such as the viewer, words, network graph, summary, etc., in a masked form.
Masking in the viewer is applicable to the following types, regardless of their source, whether they are embedded in a File Server, SharePoint, or a Database.
- Office Files (Word, Excel, PowerPoint)
- Open Office (ODT, ODS, ...)
- PDF
- TXT, XPS
On the last page of the project wizard, the "Dynamic Masking" box is selected, and settings are configured.
Once adjustments are made, files in the project are displayed to users in a masked format.
- It operates with group-based authorization.
- A masking metadata is defined for each group.
- When group members open a file from the project, it is displayed in a masked form according to the defined masking metadata.

geodi-en > Anonymization > image-20231205-060914.png

The "No Masking" setting displays the results without masking for the defined group.
Any group or user not matched with a profile is assumed to use the MaskALL profile.
When downloading files, it also downloads them in a masked form.

Database Anonymization

Database masking performs permanent masking on the given database. If you want the original data to remain intact, you can also work on a copy.

Database masking provides several use cases:

When you need to share your database with software or testing teams. Masking permanently removes sensitive data from your database for this use case.
When you share your database for data analysis, it permanently removes sensitive data, allowing you to safely share the database.

Permissions

The authorization for masking is the same as the document download permission. Those with download permission can use masking.

Dynamic masking allows authorization at the user and discovery layer levels.

License

A MASKING and DISCIVERY license is required for anonymization.

The number of users is equal to the number of GEODI users.