Using PDF redaction tools with redacted document policies

Tags: Allow Fast Saves Microsoft Office PDF redaction

By Michael Cobb, Contributor | Jul 21, 2010

0 comments

Facebook

Digg

I used to receive lots of questions from readers concerned about security issues with the "Allow Fast Saves" option in various Microsoft Office products. The idea behind the "Fast Save" feature was to speed up the process of saving a document or presentation by saving only the changes that were made and appending them to the original document. This meant that the saved document could contain metadata, such as comments and deleted text. Anyone could use a text editor or Word's "Recover Text" function to view the text that had been "deleted." Also when these documents were converted to another file format, such as HTML, the "deleted" text would often be included in the new document.

This and Word's "Track Changes" functionality have created some embarrassing security breaches over the years, wherein sensitive and secret information has been unwittingly disclosed to people who either weren't intended to see it or not cleared to see it. Documents that were published using Word, for example, revealed UK government doubts over controversial plans to hold terror suspects while another revealed private annotations of a list of political donors.

Similar problems of inadequate redaction -- the editing and preparation of text for publication -- are now becoming commonplace with PDF documents. Late last year, HSBC Bank USA N.A. exposed details of electronically filed bankruptcy proceedings (.pdf) involving U.S. customers by failing to properly redact the documents they published online. Earlier in the year the transcript of the closed hearing on the Facebook/ConnectU settlement did have all references to the settlement's financial terms redacted, however, the redaction wasn't performed correctly, as the sensitive information was simply covered up with white boxes. A simple copy and paste revealed the founders of ConnectU received a $65 million settlement.

As you can see, releasing electronic documents without properly preparing them for publication can cause serious breaches in data security. It's an obvious yet common way for sensitive data to leak out of an enterprise network. Not only should enterprise information security processes include a redacted document policy, but staff members also need to know how to accomplish redaction correctly. Proper electronic redaction is the complete removal of content from an electronic document, making it irretrievable and unavailable for view, print, search or copy. Redaction requires the right tools and training so the redactions are permanent.

This article originally appeared on SearchSecurity

0 comments

Facebook

Digg

Similar

Add comment

Similar

knowledge_central_tab

Knowledge Central

Cisco: Network security landscape remains vulnerable

Cisco has announced the findings for the Cisco 2010 Midyear Security Report, which highlights the rise of Spam, the lax attitude towards enforcing rules on social media use, and the potential danger of popular 'virtual farms'.

Vulnerability exploits: A game of cat and mouse

When it comes to vulnerability exploits, it's a game of cat and mouse. The faster we are at closing the vulnerability holes, the better our chances of cutting off the 'life-blood' of hackers and other cyber-criminals.

Catching potential data breaches before they become one

When a major federal agency faced yet another cyber attack from outside the country, it looked to the security experts at Verizon to deploy a state-of-the-art, turn key Security Operations Center (SOC).

Lakshmi Vilas Bank steps up IT security

Southern Indian bank Lakshmi Vilas has embarked on an IT security infrastructure and data center upgrading project.

Using PDF redaction tools with redacted document policies