Cookie consent

This site uses cookies that need consent. Learn more

Skip to content
Facit Data Systems

Cloud vs In-house document redaction; the pros and cons

People browsing in a clothes shop.
In 2019, Techrepublic reported that while the majority of businesses had moved critical applications to the Cloud, enterprise executives surveyed had concerns, such as: the moving of sensitive data (65%), security (59%), and compliance challenges (54%). Here we explore the pro’s and con’s of cloud vs In-house document redaction.

Facit’s recent experience in the data redaction arena is that enterprises are reversing their thinking about some aspects of Cloud migration. In the Healthcare sector Hospital Trusts insist that no data leaves hospital-controlled IT environments. In Retail, the best-practice approach of most Compliance Officers today is that data processing and privacy redaction should be handled entirely in-house.

Survey results of execs surveyed about cloud data, TechRepublic, 2019.

  • 59% concerned about data security

  • 54% concerned about data compliance

Company policy dictates data remains in-house

For organisations with strict in-house data processing policies, the notion of uploading data and documents to Cloud solutions in order to redact sensitive data is simply out of the question.

The challenge of selective data privacy

Reports of data leaks in the press highlight how difficult it is to identify and protect sensitive content. Data redaction is challenging because it is intended to protect documents by removing sensitive portions selectively, rather than by quarantining or encrypting the whole document.

Complexity of document and data formats

For companies that receive only a handful of simple data subject access requests (DSARs), Cloud redaction tools may present themselves as quick fixes. In reality, the data professional still has to do the redaction work themselves and Cloud redaction can be more time-consuming than legacy methods. While a few simple documents can be handled in the Cloud, the increasing complexity of document formats frequently makes it impossible for users to redact data quickly in the Cloud. Multiple emails, MS Office documents and spreadsheets, plus the growing amount of data associated with DSARs, add to the challenges associated with redaction.

Potential Cloud redaction degradation

GDPR requirements do not allow for skipped confidential text fields or reversible data. Cloud data redaction contains potential risks, such as:

  • Feature loss: Data search and remove functions degraded.

  • Bandwidth: Cloud data processing is slow.

  • Redaction assurance: Unable to redact all document types and metadata.

  • Scalability: Unable to handle DSARs containing 1000s of documents.

  • Security issues: Cloud-based systems are less secure than in-house systems

Leaked information: the ultimate data privacy worry!

It may seem simple enough to redact confidential information in a document during a DSAR or eDiscovery process. However, a black box drawn across sensitive text is not as reliable as it looks. In 2008, the US government proved quite capable of leaking its own secrets. Government workers preparing the release of a Transportation Security Administration manual that details airport screening procedures chose an unreliable redaction method for a .pdf file. As a result, the full text of a document considered “sensitive security information” was leaked inadvertently.

Native files, text files, linked data – “back door” risks

The eye can be deceived; that black box again! Even when a document has a redaction box ‘burnt in’ there are risks of data disclosure via text files extracted from the native file or generated via Optical Character Recognition (OCR), if they are not updated to remove the redacted text. In other words, if files associated with the redacted versions of documents are not updated confidential information can slip through the “back door”.

Using Facit technology

Facit Data Systems helps organisations worldwide to automate complex document data redaction in all document formats. Facit Data Redaction goes far beyond masking sensitive data with a black box: Facit completely removes private or problematic data in seconds so that there is 0% risk of a privacy breach.