Question

What can I do to securely collect and utilize sensitive data in a module?

  • 22 July 2020
  • 1 reply
  • 84 views

I'm a Maker of a Tonkean module that requires having sensitive data such as SSN be part of the input source and is utilized all throughout. This leaves me vulnerable as other users would be able to view data that they shouldn’t otherwise have access to. I'm looking for best practices on how I can securely utilize the sensitive information while not allowing business users to view the values. Thoughts?


1 reply

Hi Chris,

Great question and happy to see that you’re looking on ways to best use Tonkean securely.

As part of our offering, you can enable field encryption at the data source level. What this means is that the data that Tonkean collects at the input source gets encrypted immediately and the all other users will only be able to view the encrypted value. To set this up, you’ll want to go to your Custom Data Source > Edit > Security where you can either generate an encryption key or input a 32 character key yourself. You’ll then want to select the fields that you’d like to encrypt such as SSN as selected below.

The encryption of the sensitive data fields such as SSN in a Custom Data Source

 

Since you need to utilize the actual value when making a HTTP call externally, you’ll want to leverage a Tonkean custom formula to decrypt the hashed value wherever applicable like so:

Tonkean’s decryption of the SSN field in a formula

 

Hope this helps!

Reply