/
Anonymization

Anonymization

Owned by serdar ak
Last updated: Oct 14, 2024
4 min read

Based on GEODI discovery results, files, and databases can be Masked or Anonymized.

Masking means obscuring sensitive data within a content or replacing it with a fixed alternative text. On the other hand, anonymization means replacing a value with another value that appears to be real.

Sensitive data is completely removed with masking. Anonymization breaks the link with the real data but keeps the data looking real. By anonymizing your sensitive information or databases, you can easily share them with test teams, data analysis teams, or researchers.

In Anonymization, each value is replaced with a compatible alternative. For example, a name is replaced with another name, a phone number with another phone number, and so on. The ready-to-use values are listed below.

  • Name → Name

  • Money → Money

  • Dictionaries(Placename, part number or other) → random value from the same dictionary

  • Creditcard → Creditcard

  • IBAN → IBAN

  • Tel → Tel

  • e-Mail → e-Mail

  • Date → Date

Anonimization has 2 mode. In the Default mode, the same value takes the same value. A name (John Smit) is converted to the same name everywhere. In the other mode, conversion is always random, and you can not even see the same results in a single session.

Set ANO.SameToSame:False in the project generic settings for the second mode.

 

Profiles

Profiles define which findings are to be anonymized. You may anonymize all PII or Financial data. The functions ask you to choose from existing profiles.

 

Anonymization in content can be applied in several ways:

  1. Persistent File Anonymization: The identified discovery layers are modified permanently or as a copy in file-based data. An anonymous copy of the original file is created, or the original file is altered.

  2. Dynamic Anonymization: The selected discovery layers change dynamically for selected groups/users. For Example, one user can see the complete document, while another user sees it with hidden monetary fields or personal data.

  3. Database anonymization creates a masked or anonymized copy of a given database. This allows software development teams to work with a masked version of the database.

 

 

Persistent File Anonimization

GEODI creates a copy of the content undergoing masking to perform the process. The operation functions in the "Mask and Download" manner.

You can also perform this operation in bulk using the “Batch Mask/Anonymize” action from the Actions menu. This action creates a script that the system administrator should execute. If there are only a few files or individual files, you can use the masking/ anonymization feature within the viewer to produce modified copies of the files.

Dynamic Anonymization

  • With dynamic masking, the discovery results are masked and visible on screens such as the viewer, words, network graph, summary, etc.

  • Masking in the viewer applies to the following types, regardless of their source, whether embedded in a File Server, SharePoint, or a Database.

    • Office Files (Word, Excel, PowerPoint)

    • Open Office (ODT, ODS, ...)

    • PDF

    • TXT, XPS

  • The "Dynamic Masking" box is selected on the project wizard's last page, and settings are configured.

  • Once adjustments are made, files in the project are displayed to users in a masked format.

    • It operates with group-based authorization.

    • A masking metadata is defined for each group.

    • When group members open a file from the project, it is displayed in a masked form according to the defined masking metadata.

  • The "No Masking" setting displays the results without masking for the defined group.

  • Any group or user not matched with a profile is assumed to use the MaskALL profile.

  • When downloading files, it also downloads them in a masked form.

Database Anonymization

Database masking performs permanent masking on the given database. You can also work on a copy if you want the original data to remain intact.

Database masking provides several use cases:

  1. When you need to share your database with software or testing teams, masking permanently removes sensitive data from your database for this use case.

  2. When you share your database for data analysis, sensitive data is permanently removed, allowing you to share the database safely.

Permissions

The authorization for masking is the same as the document download permission. Those with download permission can use masking.

Dynamic masking allows authorization at the user and discovery layer levels.

License

A mask and DISCOVERY license is required for anonymization.

The number of users is equal to the number of GEODI users.