I'm a Maker of a Tonkean module that requires having sensitive data such as SSN be part of the input source and is utilized all throughout. This leaves me vulnerable as other users would be able to view data that they shouldn’t otherwise have access to. I'm looking for best practices on how I can securely utilize the sensitive information while not allowing business users to view the values. Thoughts?
What can I do to securely collect and utilize sensitive data in a module?
Hi Chris,
Great question and happy to see that you’re looking on ways to best use Tonkean securely.
As part of our offering, you can enable field encryption at the data source level. What this means is that the data that Tonkean collects at the input source gets encrypted immediately and the all other users will only be able to view the encrypted value. To set this up, you’ll want to go to your Custom Data Source > Edit > Security where you can either generate an encryption key or input a 32 character key yourself. You’ll then want to select the fields that you’d like to encrypt such as SSN as selected below.
Since you need to utilize the actual value when making a HTTP call externally, you’ll want to leverage a Tonkean custom formula to decrypt the hashed value wherever applicable like so:
Hope this helps!
Reply
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.