IRI CellShield™ Enterprise Edition now offers an Intra-Cell Search feature that finds and protects sensitive data in unstructured cell contents with masking, encryption, or pseudonymization. Just as with full-cell values, you can now identify and mask the ‘floating’ sensitive data in Microsoft Excel® spreadsheets with only a few mouse clicks. To learn more about CellShield, watch this video:
For the purposes of this article, we will start with an open Excel document containing sensitive “dummy” data. Note that you can also use the Intra-Cell search feature in the Bulk Remediate option of the EE version.
Start by clicking on the Intra-Cell Search icon in the CellShield ribbon (toolbar):
This brings up the Intra-Cell Search screen, where you can select your options and proceed.
The ‘Name of Pattern’ feature is a drop-down list of common data pattern names that corresponds to matching regular expressions.
Regular expression gurus can also specify their own pattern. In CellShield version 2.0, the ability to customize the list to add or subtract patterns has been added. The menu to modify the patterns list is accessible from the Intra-Cell Search menu by clicking the “modify patterns” button.
Users specify the pattern name, pattern description, and the actual pattern to use for finding matches in this menu. Custom patterns are viewable in the third list box in the form, labeled “Custom Patterns”, after being added with the “Add Pattern to List” button. Custom patterns can also be removed by selecting the custom pattern in the list box, and pressing the “Remove Custom Pattern” button.
To save any changes, make sure to press the Exit and Save button. Otherwise, the form can be safely closed out with no changes made to the patterns. Custom patterns are added in addition to the common patterns included with CellShield, and newly-added patterns will be visible at the bottom of the patterns list in the Intra-Cell Search menu.
There are four tabs in Intra-Cell Search for protecting data. In the masking tab, you decide which character to use for masking and whether to mask the whole string or a portion of the string.
If you do not choose a Masking Character, or attempt to use an invalid masking character, the program will alert you to correct this. Note that the dollar sign (“$”) is an invalid masking character and the tool will not allow its use.
If choosing the Partial String, replace the example given with your own start position and number of characters to mask. The start position is from the start of the string pattern found, not the start position in the cell. The default setting, which you can replace, starts at position 1 and masks the first 3 characters in the string.
Selecting the “Find String” button will search the open file, highlight all the matches found with a font-color change, and display the count of the found matches. Note that highlighting in Bulk Remediate is inactivated since that aspect of CellShield is a background process.
Changing the font color may or may not be an option you want; however, there are limited Excel options available for highlighting within the cell. Excel wants to “work” on the cell structure, not the data. CellShield found the string pattern in the comment column as well as in the CCNumber column.
A typical masking for a credit card number could be the first 4 digits, so we’re replacing the “Example 1,3” with “1,4” as our Partial String to mask. Note that partial string functionality is also available with encryption, decryption, pseudonymization and restoration.
In our example, choosing the “Mask” button will now redact the first four characters of each string that matches a credit card pattern. Choosing the Mask option also gives a pop-up warning requesting an affirmative answer prior to starting the remediation.
Choosing “Yes” starts the masking, showing its progression, and allowing you to cancel if you choose. You also have the option to close the file without saving, which is another safeguard for preserving your original data.
Check out this result:
Two things were accomplished at once, as I chose to find and mask both:
- the first four bytes of the credit card number masked with the “#” character. Note that the Intra-Cell Search tool found and masked both occurrences of the credit card number in the Comment column. Font color changes are removed in the Masking operation.
- National ID numbers with the Whole String option and a different Masking Character. I did not have to restart CellShield to do this.
New in CellShield version 2.0 is intracellular encryption, decryption, pseudonymization, and restoration.
Here is a look at the encryption/decryption tab. To start off, select the appropriate check box depending on whether you are encrypting or decrypting. A passphrase text box will appear with the ability to enter a passphrase for encryption/decryption. Additionally, you will be able to select the type of encryption/decryption algorithm from the drop-down menu. Once finished, simply click the encrypt or decrypt button.
For pseudonymization, select the Pseudonymize checkbox. Additional forms will open to guide you through the pseudonymization process. These included determining if you want to do recoverable or non-recoverable pseudonymization, where the set file should be saved to if doing recoverable pseudonymization, etc. Once the properties of the pseudonymization have been set, click the red-highlighted execute pseudonymization button to execute the pseudonymization.
If doing a recoverable pseudonymization, an .icsrestore file will be created along with the recover set file. This is important, as it is used to keep track of the positions within the cell necessary to properly restore the values. The restore tab is used for restoring data after performing a recoverable pseudonymization. Make sure the .icsrestore file remains in the same directory as the restore set file, and click the set up restore checkbox. Once restoration settings have been setup, actual restoration is executed by clicking the “restore” button.
As you can see, the CellShield EE Intra-Cell Search feature provides an easy way to find and protect sensitive data within your Excel document, regardless of whether the sensitive data is in the entire cell or merely a portion of the cell.