Setting Up Information Privacy Applies to Reflection Desktop, Reflection 2014, and Reflection 2011 This video shows how to configure Reflection Information Privacy to protect sensitive data. Audio Transcript: 0:05 - 0:05 70% of mission critical data is stored in legacy host applications. 0:09 - 0:11 Many users have access to a lot of sensitive data. 0:11 - 0:14 In this video, you'll see how Reflection can protect sensitive data on host screens without having to make modifications to your host applications. 0:21 - 0:24 Further, you can protect almost any type of host data and do it quickly, enabling you to cost effectively adhere to regulatory compliance requirements outlined in standards like PCI DSS, HIPAA Hi-Tech, Sarbanes Oxley and many more. 0:32 - 0:34 You can configure Reflection's Information Privacy feature to redact credit card numbers, log unredacted the views of credit card numbers displayed in the clear on host screens... 0:49 - 0:53 Redact Social Security numbers, phone numbers, and other types of sensitive data... 0:56 - 0:59 and require secure connections that use SSH or SSL/TLS encryption. 1:03 - 1:05 Let's take a look at how to redact credit card number numbers on host screens. 1:07 - 1:11 We'll go into the Reflection Information Privacy configuration utility to set up redaction. 1:13 - 1:15 On the information privacy dialogue, we select PAN Redaction Rules. PAN stands for primary account number. This is PCI DSS terminology for what most of us think of as credit card numbers. 1:26 - 1:31 You can select how many digits to leave unredacted (the last four is typical). 1:31 - 1:36 Because we are using an IBM session, we can redact credit card numbers on the screen and also redact data as it is typed into the host session. When we return to the screen with the credit card number on the host, we see that it's been redacted. 1:48 - 1:51 And credit card numbers are also redacted as we type them in. 1:51 - 1:55 One thing to note about the redaction - It's based on the Luhn algorithm used to validate credit card numbers. 1:58 - 2:01 So Reflection isn't just recognizing sequences of 16 digits. It's using this algorithm to validate the number. 2:05 - 2:08 Reflection redacts the number only if it is a valid credit card number. 2:09 --> 2:11 When we change the settings on the Information Privacy dialog, Reflection automatically saves the settings in a PCIDSS.settings file in the App Data folder. This is the file that you will deploy to end users. 2:22 - 2:26 You can deploy different settings files to deploy access by group. If you want some employees to be able to view credit cards and others not to, you just deploy a different file to them. 2:37 - 2:38 Now let's take a look at how you might log access for users who are allowed to view credit card data. 2:45 - 2:47 First, you'll need to enable API events in the Information Privacy dialog. This will enable events for both VBA (Visual Basic for Applications) and the .NET API. 2:51 - 2:53 Then you'll need to set up this event for your session. 2:53 - 2:54 We'll use VBA to set up the CreditCardRecognized event on the IBM terminal object. 3:04 - 3:08 This code, based on a sample in the VBA programming guide, logs information retrieved by the event to a log file in the My Documents folder. 3:15 - 3:18 Now when we view of the credit card data in the clear, Reflection is set up to log this event. 3:21 - 3:25 Click on the credit_card_view log file and here you can see when the credit card number has been accessed. 3:29 - 3:32 Now let's take a look at how you can set up filters for personal data, like US Social Security numbers. 3:34 - 3:37 In information privacy, we'll set up redaction similar to the way we did for credit card numbers. 3:39 - 3:43 Then we'll add a simple expression to represent the pattern of a Social Security number. Once we have this configured, Reflection will look for a match for this particular sequence of numbers on host screens. 3:51 - 3:55 Now when we navigate to a screen with a Social Security number, we see it's been redacted. 3:57 - 3:59 Any changes to privacy filters are saved in the privacy filters.xml file. 4:03 - 4:07 Now let's take a look at how to require secure connections. 4:07 - 4:10 At the bottom of the Setup Information Privacy window, select to require secure connections. 4:14 - 4:17 After we select Require secure host connections, we can't open the session we've been working with because it is not a secure connection but we can open a session that uses SSL. 4:28 - 4:31 We've covered what you can do with information privacy settings but we've used only the simple default methods. 4:34 - 4:37 Reflection provides other methods for recognizing credit card number data that you can customize to meet your requirements. For example, we used the default Simple PAN Detection when we set up credit card number redaction earlier. 4:46 - 4:49 This is a good solution when all the critical data in your host applications is displayed and entered in a contiguous fashion or you're only detecting credit card numbers for the prepackaged major credit card issuers. 5:00 - 5:03 But Reflection provides another advanced method for detecting credit card data on host screens called Reflection PAN detection. 5:06 - 5:10 You might use this method when: * credit card numbers appear in a noncontiguous format on the host screen * or were entered using nonstandard digit group separators * or you want protection to be especially aggressive so that any digit grouping on any screen should be considered for redaction. 5:22 - 5:25 When you select Reflection PAN detection, you can view the detection rules used to detect credit card numbers and exclusions that are provided to prevent false positives. You can modify or add custom credit card patterns that you want Reflection to recognize. 5:36 - 5:39 To avoid false positive redaction, you will also likely need to define additional exclusion patterns. For in-depth information and examples of using Reflection PAN detection and other Reflection information privacy features, see the Setting up Information Privacy document on the support website. More Reflection Videos