Quantum Logic Corporation Hidden Data Removal

Metadata Removal - Purging Your Documents of A Hidden Threat

When you talk about information security, most people think in terms of antivirus software, firewalls or password protection.  Few are familiar with the phrase "metadata" or the associated, hidden risks that occur every day such as unintentional public exposure of private information.  Metadata is a tremendous threat to information security that is growing rapidly, in most part due to a lack of understanding.  There are, however, steps that can be taken to guard against the unintended uses of metadata in your organization and to remove this hidden threat.

The Problem

Metadata is generated by almost all Microsoft Office documents. It is the hidden (or not so hidden) text including employee names, comments, types and IDs of computers, deleted text, previous document versions, etc. found in Microsoft Word, PowerPoint and Excel documents.   When these documents are created, edited or saved, metadata is automatically added.  While this happens most often in Word documents using the "track changes" feature, it also occurs with other Microsoft Office products, including PowerPoint and Excel.  Email (specifically Outlook) is a major contributor to the metadata problem also.  All of these products compromise your supposedly confidential comments and make them available for the general public to see.

The Risks

When engaged properly, metadata is useful.  It was initially designed to save time and create a smoother workflow.  However, it has the potential to create problems in the wrong hands.  Different types of information can be unwittingly disclosed, including the following:

  • Names of those who have reviewed or contributed to a document. In one instance, it was discovered that a government official allowed an industry leader to review proposed regulations before they were made public.
  • Comments made by those who have reviewed or contributed to a document.  Accepted or rejected changes (in the "track changes" feature) may still be included with documents even though they appear to be invisible, giving outsiders access to information not intended for their eyes.
  • Types of computers and IDs of those computers can be revealed, opening doors to hackers and others.
  • Deleted text not intended for anyone to see. Policy changes, legal information or other sensitive information could be viewed by anyone, creating embarrassing situations.
  • Previous versions of documents and their properties (especially those used for templates) can wreak havoc if disclosed to the general public.
  • And other risks that can make public other information only intended for internal viewing.

Where are the risks?  Throughout the features of Microsoft Word, Excel and PowerPoint documents, among other places.  They can also be compounded by emailing these documents via Microsoft Outlook.

Software Features That Create Metadata

  • Document Properties
  • Document Reviewers
  • Custom Properties
  • Hidden Text
  • Comments
  • Track Changes and Document Revisions
  • Previous Versions
  • Hidden Slides
  • Hyperlinks
  • Document Statistics & File Dates
  • Headers and Footers
  • Footnotes
  • White Text
  • Small Text
  • Macros
  • Routing Slips
  • Fast Saves

The Solutions

What is the solution for the metadata threat?  Create a custom-designed process using specifically selected technology to ensure appropriate information security at the messaging and document levels.

Simply stated, you'll need a complete system that integrates seamlessly with MS Office suite and works with little effort on the user's part to protect documents during the creation, editing and sharing phases.  This may include secure email, automated extraction of metadata from documents and the implementation of other appropriate security controls throughout all departments.  The solution takes specific, automated processes to ensure your organization doesn't fall victim to embarrassing discoveries and/or legal action.

Customized Information Risk Management Solutions

There is no one-size-fits-all solution at Quantum Logic.  We focus on using the tools and knowledge at our disposal to develop customized information risk management solutions that address and solve the specific metadata challenges and threats of your organization.

As partners with Workshare and Esquire Innovations, we have the most innovative technology at our disposal. This allows us to fit your business with powerful products that integrate flawlessly with Microsoft Office and major document management systems, and then customize those products with options designed to meet your specific concerns.

Workshare

If your work environment consists of many people reviewing and editing the same documents, Workshare can provide both document security and document integrity. Workshare ensures protection against the accidental divulgence of sensitive information (that may be contained in previous drafts of documents) that should be kept confidential. Only final versions of documents leave the building.

Esquire Innovations

Esquire truly does offer innovations in safe document creation, tracking and comparison, organization and security. Through simple, but powerful, and easy-to-use programs, Esquire delivers efficiency and peace of mind throughout every phase of document development and transmittal.

During his run for US Senate, Minnesota candidate, Mike Ciresi was baffled by a number of anonymous email messages with Microsoft Word documents attached that questioned his ethics. After several months, a Ciresi aid uncovered hidden text in the attached Microsoft Word files that linked the emails to members of Ciresi's campaign opponent.
In June 2003, the "Dodgy Dossier" incident broke in the United Kingdom surrounded by much debate and controversy. Metadata was used to trace the authorship of a British security document justifying the war in Iraq to somewhere outside of Great Britain. Much of the work had been plagiarized from various unaccredited sources, most notably from a postgraduate thesis published on the Internet. Metadata showed that editing had been done to the weapons dossier by the British Government to make the case of Saddam's ability to produce weapons of mass destruction.
Microsoft Certified Partner