IRI CellShield® is an add-in for Microsoft Excel® that protects the sensitive information in one or more spreadsheets, allowing you to comply with data privacy laws and nullify data breaches. There are two editions of CellShield: CellShield Personal Edition (PE), and CellShield Enterprise Edition (EE).
CellShield version 2.0 introduces a myriad of new features, fixes, and improvements over the previous version, 1.7. This article is split into the new features/improvements for CellShield PE and EE. All new features included in PE are also included in EE. However, the new features in EE are not included in PE.
New in CellShield PE & EE
The full UTF-8 character set is now supported for all data protection functions, except format preserving encryption/decryption. However, the other encryption and decryption algorithms include UTF-8 support, as do pseudonymization, and string masking (redaction).
All menus in CellShield now support non-ASCII UTF-8 characters.
Encryption and Decryption of Formulas
Encryption and decryption of formulas is now possible from the encryption and decryption menus, available in both CellShield PE and EE.
A new Autoprotect menu has been added for simpler protection of Excel sheets. One file at a time can be selected in CellShield PE, or one or more Excel sheets, files, and directories (recursively or non-recursively) in CellShield EE. This feature dispenses with details like type of encryption, passphrase, or obfuscating characters to protect all data in the sheet using default encryption or redaction methods.
Alternatively, the pattern encrypt option will encrypt only the data in cells that match the selected patterns in the “list box”, a scrollable and selectable box containing the list of patterns located in the bottom left corner of the form. Patterns can be selected or deselected in bulk with the select/deselect all checkbox.
Pattern decrypt will be able to reverse all data encrypted by pattern encrypt into the original text. A custom pattern list can also be uploaded to use in pattern encrypt, and only selected patterns from the list box will be used when doing pattern encrypt.
Selected Range Optimizations
For menus that require data to be selected in the worksheet (including the Encrypt & Decrypt, Mask (Redact), and Pseudonymize & Restore menus), range optimizations have been made so that when selecting a whole column or worksheet, excess empty cells will be cut out.
New in CellShield EE Only
Previously, masking (remediation) actions were logged only to a column in the EIF1 worksheet. Now, error messages and their details, and audit logs from Bulk Remediation jobs, will be logged if auditing is confirmed when importing an EIF file.
A logging menu has been added with submenus: Logging settings and Export to log. The settings menu allows for a more interactive customization of log settings, which are saved in a file named appsettings.json. Alternatively, that JSON file can be edited directly in a text editor for even more customization than the logging settings menu provides.
The Email tab in the Logging Settings form allows you to configure sending logs to an email address.
The export to log menu allows for a selection of cells from within Excel to be logged, such as an audit report.
The Export to Log menu allows for a selected range to be logged with a selected logging level to all logging sources properly specified in the appsettings.json file.
Where Can Logs Be Sent?
Logs can be sent to any location in the file system, through email, to Datadog, or to Splunk. Specific parameters such as API key (for Datadog) must be specified in the appsettings.json file for the logging to work properly for each source.
This JSON file should be placed in the directory specified by the %CELLSHIELD_HOME% environment variable (by default C:\IRI\Cellshield).2
New Intracellular Protections and Features
Also new in CellShield EE is the ability in intracell searches to encrypt and pseudonymize data matching specified by patterns (and decrypt or restore them to the original values). Previously, only string masking (redaction) was supported with intra-cell searches.
Intracellular search allows for discovery and protection of sensitive data matching patterns be it “floating” or “non-floating” inside cells
New patterns can now be added to the default common patterns list. In the intracell search menu, click on the Modify Patterns button to access this menu. Specify the pattern name, a description of the pattern, and the pattern itself (a regular expression or word) to be searched.
The list of custom patterns is viewable in the bottom panel of the form after adding; these patterns can be removed as desired. The pattern is added to the list of patterns in the intracell search menu after clicking the Add Pattern to List button, and the Exit and Save button.
Graphed Results of Bulk Search and Masking Jobs
Helpful visualizations can now appear in Excel when running “bulk remediate” from the “Import EIF” menu. The new graphs provide visual insight into the data being protected and include: top sheet locations of sensitive data values by count, top data values protected by count, and top data matchers found by count.
The top sheet locations of sensitive data values, and the top data matchers found by count, are created automatically after the import of the EIF file is complete. This only happens if a ‘yes’ response is given to a prompt asking if graphs should be generated.
If requested, two graphs are generated immediately after importing an EIF file. These graphs show where and how the data was found.
The top data values protected by count graph generates after bulk remediations:
This graph is generated upon completion of bulk remediation jobs. It shows the most frequently protected values in green.
More Robust Bulk Remediations
Many multi-sheet masking jobs will see performance enhanced significantly. The opening and closing of workbooks has been optimized for use with large EIF files, so workbooks will open and close one at a time and never repeatedly open and close the same workbooks.
In addition, when running the ‘Bulk Remediate’ feature against an imported EIF file, CellShield EE displays a progress percentage and expected time of completion in the Excel status bar.
These bulk remediation updates, along with the range optimizations in both CellShield versions, lead to much smoother operations overall for multi-sheet, automatic protections (via the Import EIF File and Autoprotect forms), and single-sheet manual select-and-protect operations like Encrypt & Decrypt.
If you have any questions, or would like to try CellShield V2, please email firstname.lastname@example.org.
- The EIF sheet, or Excel Interchange File, is produced from data-class-based spreadsheet searches performed by the Dark Data Search/Masking Wizard. This wizard is launched from the IRI DarkShield menu in IRI Workbench, which installs separately. The EIF file, when open in Excel, reveals the results of specified search criteria in multiple sheets, and supports bulk remediation for applying consistent masking functions to every sheet.
- A default appsettings.json skeleton file is shipped with CellShield EE, and can also be regenerated at any time by pressing a button in the logging settings form called “Restore Default Log”.