ASG Perspectives

Blog > May 2019 > Are You Sanitizing Your Data?

Are You Sanitizing Your Data?

Current events in the U.S., such as the Starwood-Marriott and Facebook data security breaches, have made the terms “redaction” and “encryption” much more present in the public domain. The political and social notoriety associated with these efforts have highlighted the urgent need for redaction and encryption automation as necessary components of a modern content management and information governance strategy.

In years past, redaction and encryption were simpler, albeit far more laborious, error-prone processes involving the manual review of documents and the selective masking and scrambling of sensitive and confidential information. The widespread digitization of information—and increasing variety, velocity and volume of content being captured and stored—significantly changes what is needed for organizations to manage content at scale while protecting data privacy at the individual level. 

With regulations like Health Insurance Portability and Accountability Act (HIPAA), California Consumer Privacy Act (CCPA) and the Federal Privacy Act in the U.S., as well as the EU’s General Data Protection Regulation (GDPR), the need for electronic redaction and encryption automation is stronger than ever. The ability to automate content management and information governance policies to identify, redact and/or encrypt personally identifiable information (PII) en masse has become essential to comply with data privacy requirements.
Those requirements were the impetus for native data sanitization capabilities that are available with ASG’s Content Services (Mobius).

Automate Your Data Sanitization
Mobius Redaction allows organizations to automate the redaction process so that any predefined PII can be redacted or masked from unauthorized viewing. Business rules can automatically identify a range of information elements within content repositories that should be redacted. Redaction rules live within the Policy Editor and can be performed via a query that searches for PII within the stored content and then creates a new redaction rule that can be applied more broadly.

Mobius Redaction also includes a range of predefined information types that can be redacted “out of the box.” Effectively, these represent “all the usual suspects” of PII (name, address, social security number, tax ID, passport number, etc.) and are bundled with the offering. Beyond this compilation, organizations can extend redaction, via the Mobius administrative interface, to define industry-specific or company-specific information elements that need redacting, including full-text redaction of sensitive information within a deployment.

Mobius supports both full and partial redaction and data masking to accommodate customers’ business-specific requirements. For example, customer service representatives may need access to certain identifying information to validate they are speaking with the right person, but they may not be authorized to view the entire element given it is PII. With Mobius Redaction, they can view a subset of the data (e.g. the last four digits of a social security or credit card number) that is sufficient to verify the identity, while still securing the PII characteristics of the information. This case illustrates that businesses need redaction tools to protect privacy within the context of real-world business requirements. Similarly, Mobius allows configurations to support different permission levels, so certain classes of users get a redacted view, while others can see the PII-impacted information in full. Redaction—implemented the right way—is not an all-or-nothing proposition.

Why Mobius?

Mobius simplifies redaction deployments with a solution that is built 100 percent in-house and does not require third-party tools. ASG also offers deployment flexibility—where organizations can maintain privacy data in the same repository as the rest of their enterprise content or migrate just the privacy data to a separate and dedicated repository(s) per PII requirements. And, in keeping with ASG’s overall content management philosophy, Mobius Redaction can operate on content independent of where the record is stored, whether on-premises (mainframe and open systems), in the public or private cloud, or in a hybrid cloud environment.

Like Mobius Redaction, Mobius uses many layers to secure and encrypt data to ensure the integrity and privacy of sensitive information archived in the Mobius Repository. Mobius has a security database and policy engine that makes it easy to manage user authentication and access controls. Access permission policies are highly flexible and can be deployed by user, group, documents, document section and type of access (online viewing, printing or email). All end-user access to personal information is thoroughly tracked, logged and made available for audit purposes. All communications by end users and consumers via Web services are encrypted by Secure Shell (SSH) tunnel or Secure Sockets Layer (SSL). 

Mobius archives are encrypted using a feature to encode archives with custom encryption keys. Mobius administrators can create as many encryption keys as they want using the internal Key Encryption Key (KEK), but only one encryption key, the active encryption key, can be used to encrypt archives. Custom encryption keys are stored in a Mobius security database in an encoded form. Organizations are also able to leverage their preferred in-house encryption key solution with their Mobius deployment.

By using this multi-layer data security and encryption approach, the content and data archived in the Mobius Repository has never been breached. That is why Mobius is trusted by some of the largest institutions in the world including 7 out of 10 top banks in America.

To learn more about Mobius and its services, read the Mobius Overview datasheet. You can also explore the highlights and benefits of Mobius 9.1 in this 451 Research report.

Key Terms and Definitions
Data sanitization is the process of removing sensitive information from a document or message (sometimes encrypting it), so that the document may be distributed to a broader audience.
Data masking is the process of replacing authentic information with inauthentic information that has the same structure.
Data obfuscation is a data security technique that copies and scrambles sensitive data, often via encryption, as a means of concealment.
Data redaction is restricting the visibility of, blacking out or removing information that is personally identifiable, sensitive, confidential or classified.
Data encryption is the process of transforming information by using some algorithm (a cipher) to make it unreadable to anyone except those possessing a key.
Personally identifiable information (PII) is a legal term for any information that can potentially be tied back to a specific person. Common examples include your name, social insurance number, IP addresses, serial numbers, registration numbers, login IDs, membership identifiers, photographs, biometric records, telephone numbers, address and postal codes.

Blog post currently doesn't have any comments.