Since there are a number of ways to implement Data Loss Prevention (DLP) within an enterprise, it is important to understand the value of different approaches. One approach to DLP is called “Redaction”, which involves blacking out the characters in a message or document, so that future consumers of the document can’t see sensitive portions of the document. The image below shows how a redacted message might look. Redaction has been mostly used in highly sensitive government or military environments for documents, but redaction can also be used in commercial organizations where the loss of sensitive information via email is a concern.
Clearly, in order to effectively redact content, some kind of rules must be applied to determine which portions should be blacked out. Once the sensitive portions have been identified, a number of different actions are usually taken to ensure that the sensitive information is not released. This article focuses on why redaction is an important option to have in an email system, and how it can be automated to help users protect sensitive information.
The Importance of Redaction
Redaction is an useful practice where maintaining the original document’s context and format are important to the business’s objectives. There are a number of benefits in using redaction over other approaches for filtering sensitive information within email messages:
1) Automated approaches to filtering sensitive messages can disrupt normal business flow when messages are rejected by a gateway and sent back to the user.
2) Redaction can save significant amounts of time for a sender who would otherwise have to manually revise content to downgrade its sensitivity;
3) In some enterprise environments, such as in regulated industries or in legal matters, redaction can preserve the context and format of original content for evidence purposes; and
4) In high-security environments, redaction can provide clarity for which portions of office communications have been explicitly included and excluded, within the context of a mission, which can aid in clarifying accountability and responsibility for actions.
Combining Redaction With Automated Content Validation
Providing Outlook users with redaction capability is a good start. For example, it can allow senders to quickly select areas of text that should not be included in messages they wish to forward. Otherwise, the sender would have to scan the original message, identify potentially sensitive content, paraphrase the original content to be less sensitive, or ask the original sender to re-send the message without the sensitive information. Of course, requiring users to manually scan every messages for sensitive content that might have to be redacted can become onerous. The result may be that they either redact too much content, or they don’t redact enough to be effective.
An alternative to manual redaction is to use automated content validation to trigger redaction. When sensitive content is identified by the system, users can be notified and asked to make a decision on whether or not to redact the content, or to take other actions. Redaction may not always be the appropriate action for a given situation.
Highlighting the automatically identified sensitive information, and then giving the sender a number of options makes the most sense. If the user is alerted by the content validation system, they will be forced to analyze the cause of the validation failure. At this point, they should be able to decide on how the message should be handled. They may decide to apply redaction, or they may need to consult with the original sender to clarify the appropriate action. This allows the user to work more efficiently, knowing that they will be given feedback on the content they are sending, and will have the opportunity to make simple revisions or take alternative actions, if warranted.
How TITUS Message Classification Enables Redaction
Redaction within the TITUS Message Classification system is integrated with the content validation function in a way that involves the user at the appropriate times. The figure below illustrates how a user is alerted when the message they are trying to send fails content validation. They then have the opportunity to easily apply redaction by clicking the Redact button. They may also be allowed to revise the content, if appropriate. This allows them to apply redaction on any content they recognize as being sensitive.
Once redaction is applied to the flagged content, the message will be revalidated to ensure that there it no longer contains any sensitive information.
Using redaction, in combination with content validation and user-driven security leverages the strengths of automated filtering and human discretion on security policies. As a result, email users can work more securely and efficiently.
Is your Microsoft Outlook environment a good candidate for email redaction? If you’re using redaction in an email system already, and have had any challenges with this approach, please provide a comment below to assist others who are considering this type of solution.
If you’d like more information on how the TITUS products can help implement redaction and content validation to improve DLP, please use the coordinates on our Contact Us page to let us know.