Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
piidiscovery [2018_04_05 15:55] – [Configuration] steven | piidiscovery [2018_04_06 20:53] – steven | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | # PII Discovery | + | # PII Scanning and Detection |
(available in v1803) | (available in v1803) | ||
This page covers the identification and classification of PII (Personally Identifiable Information). | This page covers the identification and classification of PII (Personally Identifiable Information). | ||
- | The Enterprise File Fabric' | + | The Enterprise File Fabric' |
[[https:// | [[https:// | ||
Line 14: | Line 14: | ||
### Scanning | ### Scanning | ||
- | The PII Discovery | + | The PII Scanning and Detection |
{{ : | {{ : | ||
Line 20: | Line 20: | ||
### Tagging | ### Tagging | ||
- | Files in which personal information is found are classified as PII with the types of PII data that they contain: | + | Files in which personal information is found are classified as PII with the types of PII data that they contain. Users with appropriate permissions can see the PII that has been found in a document on the “info” tab for that document: |
{{ : | {{ : | ||
Line 32: | Line 32: | ||
{{ : | {{ : | ||
- | The file owner, the user who uploaded the file, receives an email and a message: | + | The file owner, |
{{ : | {{ : | ||
Line 44: | Line 44: | ||
{{ : | {{ : | ||
- | Look under the “info” tab for specific PII information a document contains: | ||
- | |||
- | {{ : | ||
- | }} | ||
## Workflow | ## Workflow | ||
### Uploading | ### Uploading | ||
- | When a file or object | + | When a file is uploaded, updated or synchronized the File Fabric recognizes it as containing new content; it is a candidate for being scanned |
To be scanned the file must be located on a storage provider that has content search enabled (this is set set when the provider is created). | To be scanned the file must be located on a storage provider that has content search enabled (this is set set when the provider is created). | ||
Line 72: | Line 68: | ||
### Tagging of PII Files | ### Tagging of PII Files | ||
- | When PII is detected in a file, a tag is added to the file indicating the type of PII that was detected. | + | When PII is detected in a file, a tag is added to the file indicating the type of PII that was detected. |
{{ : | {{ : | ||
- | |||
Line 81: | Line 76: | ||
Administrators and users with PII permission are notified when a file that matches the PII rules has been detected. | Administrators and users with PII permission are notified when a file that matches the PII rules has been detected. | ||
- | |||
Users with PII permission, including administrators, | Users with PII permission, including administrators, | ||
Line 88: | Line 82: | ||
{{ : | {{ : | ||
- | The file owner, the user who uploaded the file, receives both an email and a message. | + | The file owner (the user who uploaded the file), receives both an email and a message. |
{{ : | {{ : | ||
Line 129: | Line 123: | ||
### File Information | ### File Information | ||
- | Available to uIf a file contains PII, a “Show PII matches” button is displayed on the File Manager Info tab for the file. This is available to users with PII or administration permissions. | + | If a file contains PII, a “Show PII matches” button is displayed on the File Manager Info tab for the file. This is available to users with PII or administration permissions. |
{{ : | {{ : | ||
Line 159: | Line 153: | ||
* Add Storage Providers with Content Search | * Add Storage Providers with Content Search | ||
* Give Users PII Authorization | * Give Users PII Authorization | ||
- | | + | |
* Change the Name of the PII Classification (optional) | * Change the Name of the PII Classification (optional) | ||
### 1. Enabling the Content Search Engine | ### 1. Enabling the Content Search Engine | ||
- | Content search must be enabled for PII scanning and detection to work. The content search engine scans documents for PII as they are uploaded or synchronized. The search engine is available only with the appliance and must be explicitly enabled. | + | Content search must be enabled for PII scanning and detection to work. The content search engine scans documents for PII as they are uploaded or synchronized. The search engine is available only with the Enterprise File Fabric |
Here is a link to instructions for configuring the content search engine: | Here is a link to instructions for configuring the content search engine: | ||
Line 170: | Line 164: | ||
### 2. Enabling PII Scanning and Detection in User Packages | ### 2. Enabling PII Scanning and Detection in User Packages | ||
- | PII scanning | + | PII Scanning |
* choosing “User Packages” from the hamburger menu; | * choosing “User Packages” from the hamburger menu; | ||
Line 182: | Line 176: | ||
### 3. Enable the Policy “PII Scanning & Detection” | ### 3. Enable the Policy “PII Scanning & Detection” | ||
- | An administrator can enable this features | + | An administrator can enable this feature |
{{ : | {{ : | ||
Line 192: | Line 186: | ||
{{ : | {{ : | ||
- | Files that existed before are indexes | + | Files that existed before |
Search cannot be enabled for an existing provider data source. To verify that content search is enabled for a provider, as an organizational administrator go to the Dashboard. Select the Setting gear icon to go to see the data source provider detail. The //Content index// for search setting must be set to //Yes//. | Search cannot be enabled for an existing provider data source. To verify that content search is enabled for a provider, as an organizational administrator go to the Dashboard. Select the Setting gear icon to go to see the data source provider detail. The //Content index// for search setting must be set to //Yes//. | ||
Line 214: | Line 208: | ||
Another way to give a user PII authorization is to assign the Admin role. Assigning the Admin role to a user gives several other administrative privileges and should not be done without a complete understanding of the implications. | Another way to give a user PII authorization is to assign the Admin role. Assigning the Admin role to a user gives several other administrative privileges and should not be done without a complete understanding of the implications. | ||
- | ### 6. Editing the PII Detection Rules | + | ### 6. Configuring |
- | A set of rules for detecting different kinds of PII is provided with the Enterprise File Fabric. These rules can be used as provided, or the administrator can remove or change | + | A set of rules for detecting different kinds of PII is provided with the Enterprise File Fabric. These rules can be used as provided, or the administrator can add, remove or change |
+ | The PII Detection Rules are defined in a JSON document that is accessible from the PII Scanning & Detection tab of the organization’s Policies page. Prior to editing the PII Detection Rules, make a safe copy of the JSON document by copying the contents to a text file. That way you can easily revert the changes if needed. | ||
- | PII detection rules are defined in a JSON document | + | The PII Detection Rules JSON document is an array of objects with each object describing one rule. A rule has the following properties: |
- | { | + | * **id** - A unique identifier. |
- | "id":" | + | * **title** - The name of the rule shown in the user interface |
- | " | + | |
- | "title":" | + | |
- | " | + | |
- | | + | |
- | " | + | |
- | " | + | |
- | } | + | |
- | ] | + | |
- | } | + | |
+ | The document is validated against a JSON schema on update. If there is an error the document will not be saved: | ||
- | This contents of this document must conform to a JSON schema | + | {{ : |
+ | |||
+ | The JSON schema can be downloaded from the same page: | ||
{{ : | {{ : | ||
- | Prior to editing the JSON document that contains the PII detection rules, make a safe copy of the current version by copying the contents to a text file. That way you can easily revert the changes if needed. | + | #### Rule Id |
- | The JSON document consists of an array of structures, each of which describes | + | To add a scanning |
- | Each rule contains a list of filters. | + | #### Rule Title |
- | The JSON schema describes two styles | + | The **title** will be the name of the data type in the “Contains PII” checklist on the File Manager’s search screen and in the PII list for a file in the File Manager’s Info panel. |
- | | + | {{ :piidiscovery:contain_pii.jpg? |
- | " | + | |
- | " | + | |
- | " | + | |
- | " | + | |
- | | + | |
- | " | + | |
- | " | + | |
- | | + | |
- | ] | + | |
- | | + | |
+ | #### Rule Tag | ||
- | The “tag” value will be the name of the tag in the File Fabric’s tagging system. Tag values | + | The **tag** value is the name of one tag. It does not have to be predefined. Tag values |
{{ : | {{ : | ||
- | The “title” will be the name of the data type in the “Contains PII” tick list on the File Manager’s search screen and in the PII list for a file in the File Manager’s Info panel. | + | #### Rule Filters |
- | {{ :piidiscovery:contain_pii.jpg? | + | Two types of matching filters are supported. Regular expression filters support the detection of PII content through search patterns. Code filters are predefined filters in the product that match common types of PII. |
+ | |||
+ | ##### Regular Expression Filters | ||
+ | |||
+ | Rules created by users (admins) can each contain one user-supplied regular expression filter. | ||
+ | |||
+ | The regex property is the regular expression that will be used to detect data of the type described by the rule when a file is scanned. The regular expression must be delimited by slashes (‘/’). For more information on syntax see [[http:// | ||
+ | |||
+ | This is an example of a rule using a regular expression filter: | ||
+ | |||
+ | { | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | { | ||
+ | " | ||
+ | " | ||
+ | } | ||
+ | ] | ||
+ | } | ||
+ | |||
+ | ##### Code Filters | ||
+ | |||
+ | This is an example of a rule using a code filter: | ||
+ | |||
+ | | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | | ||
+ | " | ||
+ | " | ||
+ | } | ||
+ | ] | ||
+ | } | ||
+ | |||
+ | Adding new code filters to this version of the File Fabric requires paid professional services support from Storage Made Easy. Users wishing to add their own code filters should contact their SME sales representatives. | ||
+ | |||
+ | The following predefined code filters are included with the File Fabric: | ||
- | When you try to save your changes to the JSON document on the “PII Detection & Scanning” tab of the “Policies” page, the edited JSON is validated. | + | * General |
+ | * bankIban - Bank account numbers (IBAN) | ||
+ | * bankSwift - SWIFT | ||
+ | * creditcard - Credit cards | ||
+ | * email - Email | ||
+ | * Icd10cm - ICD 10-CM Code rule | ||
+ | * Icd9cm - ICD 9-CM Code rule | ||
+ | * Ip - IPv4 and IPv6 addresses | ||
+ | * Australia | ||
+ | * auMedicare - Australian Medicare account number | ||
+ | * auTaxFileNumber - Australian Tax File number | ||
+ | * Brazil | ||
+ | * brCpfNumber - Brazilian CPF Number rule | ||
+ | * Canada | ||
+ | * caBritishColumbiaInsuranceNumber - British Columbian Personal Health Number (PHN) | ||
+ | * caOntarioInsuranceNumber - Ontario Health Insurance Plan number | ||
+ | * caPassport - Canadaian Passport | ||
+ | * caQuebecInsuranceNumber - Quebec Health Insurance Number | ||
+ | * caSin - Canadaian Social Insurance Number (SIN) | ||
+ | * China | ||
+ | * cnPassport - Chinese passport | ||
+ | * Germany | ||
+ | * dePassport - German passport | ||
+ | * Spain | ||
+ | * esNie - Spanish NIE Number rule | ||
+ | * esNif - Spanish NIF Number rule | ||
+ | * esPassport - Spanish passport | ||
+ | * French | ||
+ | * frIDCard - French National ID Card | ||
+ | * frPassport - French passport | ||
+ | * frSsn - French social security number (NIR) | ||
+ | * India | ||
+ | * inPersonalNumber - Indian Personal Permanent Account Number | ||
+ | * Japan | ||
+ | * jpPassport - Japanese passport | ||
+ | * South Korea | ||
+ | * krPassport - South Korean passport | ||
+ | * Mexico | ||
+ | * mxNationalNumber - Mexican National Identification Number | ||
+ | * mxPassport- Mexican passport | ||
+ | * Netherlands | ||
+ | * nlIdNumber - Dutch national identification number (BSN) | ||
+ | * United Kingdom | ||
+ | * ukDrivingLicense - UK Driving License rule | ||
+ | * ukNationalInsuranceNumber - UK National Insurance Number rule | ||
+ | * ukNhsNumber - UK NHS Number rule | ||
+ | * ukNumberPlate - UK Number Plate | ||
+ | * ukPassport - UK passport | ||
+ | * ukTaxpayerNumber -UK Taxpayer Identification Number | ||
+ | * ukTelephone - UK telephone number | ||
+ | * United States | ||
- | {{ : | + | #### Removing Rules |
You may also want to remove from the JSON document rules that scan for data items that are not of interest to your organization. | You may also want to remove from the JSON document rules that scan for data items that are not of interest to your organization. |