/
Masking

Masking

Masking means hiding sensitive data so it cannot be seen or used.
The original value is typically replaced with symbols or fixed text.

  • Example:
    John Smith → ******
    1234 5678 9012 3456 → **** **** **** 3456

👉 The data is not readable anymore.
👉 If you want data to remain readable but hide the real information, use anonymization, which replaces original values with realistic but unrelated ones.

Before You Start Explore the Overview.png

 

36a809c9-2f39-472c-93bf-155ddb01f6ac.png

How findings should be masked can be configured.

  • You can replace content with *.

  • You can replace names or phone numbers with distinct values such as [NAME] or [TELNO].

  • You can partially mask identifiers like IBAN or credit card numbers by keeping the first two and last four characters.

  • Formatting options, such as capitalizing the first letter, are also supported.

Note: Content names (file names, email subjects, etc.) are not masked.

 

Masking can be done in several ways.

  1. Permanent File Masking: In file-based data, discovery layers identified as permanent or copy can be altered. Rules can be defined separately for personal data, financial data, or all data. A copy document can be created where all identified words with identifiers or dictionaries are hidden. Different masking options may exist for the legal and purchasing departments of the same document.

  2. Dynamic Masking: Discovery layers selected with selected groups/users change dynamically. So, while one user sees the same document in its entirety, another may view it with hidden financial areas or personal data.

  3. Database Masking: It creates a masked or anonymized copy of a given database as the source. It is possible to mask a database for software development teams.

 

Persistent File Masking

GEODI creates a copy of the content undergoing masking to perform the process. The operation functions in the "Mask and Download" manner.

You can also perform this process in bulk using workflows and mask action. Please refer to Automation&Workflow pages.

  • Masking operates in the following formats:

    • Word (*.doc, *.docx, *.rtf)

    • Excel (*.xlsm, *.csv, *.xlsx, *.xls)

    • PDF (*.pdf)

    • Powerpoint (*.ppt, *.pptx, *.ppsx)

    • LibreOffice (*.odp, *.odt, *.ods)

  • Access is available for viewers of supported formats for the masking process under the button.

  • By creating as many definitions (masking metadata) as needed, you can mask all discovered data or a selected subset.

    • The following definitions are provided by default. The method specified on this page can be used to make changes and additions.

    • For example, with masking, a name like "Hasan Hüseyin" can be masked as "[NAME]" or "****". Different masking formats can be defined based on different identifiers using definitions. This means that names, IBANs, and currency expressions can all be masked differently.

Dynamic Masking

  • With dynamic masking, the discovery results are masked and visible on screens such as the viewer, words, network graph, summary, etc.

  • Masking in the viewer applies to the following types, regardless of their source: whether they are embedded in a File Server, SharePoint, or Database.

    • Office Files (Word, Excel, PowerPoint)

    • Open Office (ODT, ODS, ...)

    • PDF

    • TXT, XPS

  • The "Dynamic Masking" box is selected on the project wizard's last page, and settings are configured.

  • Once adjustments are made, files in the project are displayed to users in a masked format.

    • It operates with group-based authorization.

    • A masking metadata is defined for each group.

    • When group members open a file from the project, it is displayed in a masked form according to the defined masking metadata.

  • The "No Masking" setting displays the results without masking for the defined group.

  • Any group or user not matched with a profile is assumed to use the MaskALL profile.

  • When downloading files, it also downloads them in a masked form.

Database Masking

Database masking performs permanent masking on the given database. You can also work on a copy if you want the original data to remain intact.

Database masking provides several use cases:

  1. When you need to share your database with software or testing teams, masking permanently removes sensitive data from your database for this use case.

  2. When you share your database for data analysis, sensitive data is permanently removed, allowing you to share the database safely.

 

You can also perform this process in bulk using workflows and mask action. Please refer to Automation&Workflow pages.

Permissions

Masking authorization is the same as document download authorization. Those with download permissions can use it.

For dynamic masking, authorization can be done based on the user/group or discovery results.

 

FAQ

  1. Masking may behave differently in the following situations:

    1. Discovery results from multiple columns are not masked.

    2. Masking is not applied in Excel or database records if the cell/column type is numeric. Values such as IBAN or credit card numbers in such columns are detected but not masked.

    3. If the cell/column type is a date in Excel or a database, date values are detected but not masked.

    4. Float and double field types cannot be masked; they can only be anonymized if the column names are defined in the source.

  2. Some file types (.mobi, .xps) cannot be permanently masked, but dynamic masking is possible.

A MASKING and DISCOVERY license is required.

  1. Emails are not masked on the viewer, but their attachments are masked according to the defined rules.

  2. Some files (.mobi, .xps) can not be permanently masked, but dynamic masking is possible.

  3. Database (DB) contents appear masked in the DLV interface, but they are shown unmasked in the viewer.

 

Quick Knowledge Check

Masking hides sensitive data by replacing it with symbols or fixed text, making it unreadable and unusable.

Anonymization is used when data should remain readable but not real; it replaces values with realistic but unrelated ones, unlike masking which fully hides data.

Using symbols (****), placeholders like [NAME] or [TELNO], or partial masking such as showing the first 2 and last 4 digits.

It masks data based on user or group permissions, showing different views of the same data to different users.

It creates a masked copy of a database to safely share data with development, testing, or analytics teams.

File names and email subjects are not masked; numeric or date fields may not be masked depending on their type.