Adaptive Redaction
Adaptive Redaction is an alternate version of redaction whereby sensitive parts of a document are automatically removed based on policy. It is primarily used in next generation Data Loss Prevention (DLP) solutions.[1]
Content and context
The policy is a set of rules based on content and context.
Context can include:
- Who is sending (or uploading) the information.
- Who is receiving the information (including a website if uploading or downloading).
- The communication channel (e.g. email, web, copy to removable media).
The content can be 'visible' information, such as that you see on the screen. It can also be 'invisible' information such as that in document properties and revision history, and it can also be 'active' content which has been embedded in an electronic document, such as a macro.
Purpose
Adaptive Redaction is designed to alleviate "False Positive" events created with Data loss prevention software (DLP) security solutions.
False positives occur when a DLP policy triggers and prevents legitimate outgoing communication. In the majority of cases this is caused through oversight by the sender.
Examples
Sending unprotected credit card information outside an organisation breaches the Payment Card Industry Data Security Standard (PCI DSS regulations). Many organisations accept credit card information through email, however a reply to an email containing such information would send out the prohibited information. That would cause a breach of policy. Adaptive Redaction can be used to remove just the credit card number but allow the email to be sent.
'Invisible' information can be found in documents and has created embarrassment for several governments.[2][3]
References
- "VESTERGAARD FRANDSEN A/S v BESTNET EUROPE LTD". Reports of Patent, Design and Trade Mark Cases. 130 (11): 894–905. 2013-10-28. doi:10.1093/rpc/rct060. ISSN 0080-1364.
- "Federal police mistakenly publish metadata from criminal investigations". The Guardian. 2014-08-27. Archived from the original on 2023-06-04.
- How the Conservatives orchestrated the letter from business leaders - and got it wrong