A couple weeks ago I had a small rant about the HSBC bankruptcy leak, where I found the bank’s reaction to the issue rather surprising. Then this morning as I go through my reading list (it’s Monday), this article from Network World shows that TSA fell into the same problem. However, this most recent article goes into the problem much deeper, especially on the second page of the article. The problem lies in developers, users, and security managers alike not knowing the process of document redaction, and what will and will not properly redact a document. Many people think that placing a black box over the text of an electronic document will have the same effect as black magic marker over printed text – NOT. When you place a black box over the text in an electronic document, while you may prevent the contents from being seen, you certainly do not prevent it from being indexed in search engines. Also, if another person wanted to know the content of the black box covering text, a simple copy-paste routine into another word processor many times reveals the underlying text.

To properly redact documents that will be publicly available, we can use Adobe’s Professional Edition for a lighter version of redaction if you are not too worried about the consequences. Or, you should use what HSBC should have for sensitive data that will probably lead to a law suit – Redact-IT, RapidRedact, or ID Shield. This is becoming a greater problem as more and more online forms of business are developed with scanned forms going straight into systems, then such repositories are indexed internally. Another vector that may not have been considered in depth relates to cloud computing and mail software-as-a-service (SaaS) offerings. What is the risk of corporate email that is already indexed, with a bunch of secret documents attachments, being accidentally released into the public internet? I would say much greater than nil to low… but the cloud computing consultants out there, from what I have seen, are not looking at the security aspects as much as we are.
Cheers and Happy Monday!