Adding data protection to a project can be a daunting task. An ocean of information goes to every level of depth, and it can be tough even to know where to start. While I’m not an expert on security or encryption, I can tell you some things to keep in mind as you start the journey of adding information security to your project.
Leverage existing packages and services.
One thing to remember with encryption and data security is that you want to leverage well-tested and existing tools wherever you can. A lot of math and expertise goes into encryption and key management. It is not something you want to re-invent for yourself, at least not if you’re just starting.
Decide what needs to be encrypted.
The first step is deciding what you are going to encrypt. The term “personally identifiable information” is the catchall for this type of data, but it can be tough to pin down exactly what that means. In my experience, it is best to err on the side of caution. The consequences for encrypting data that doesn’t need to be are low, and the repercussions of failing to encrypt something that should be can be dire.
The easiest way to protect someone’s data is to avoid storing it all together. Whenever possible, we should try to avoid holding onto any data we don’t need for operational purposes. However, there will almost always be some level of personal information that we will need to hold onto. When we do find ourselves in that situation, it’s important that we do our best to protect that data.
Use built-in database encryption.
Once we’ve decided what should be protected, we need to decide how to protect that data. As with most things, when it comes to security, there are different levels you can take things to.
When it comes to data, one of the lowest levels of security you can take is leveraging encryption at rest. Most database providers will have this option out of the box. This simply means that data is encrypted when it is in storage. This is becoming the standard and should be the go-to for any data you are storing. However, it is not enough when it comes to PII and sensitive personal data.
Encrypt data for each user in the system.
The next level up, and what I would recommend as a good place to start, is encrypting individual pieces of data for each user in your system. This means generating a unique encryption key for each user and using that key to encrypt all data relevant to them.
This approach not only secures someone’s data but makes it easy to forget someone’s personal data easily. This is an important utility of any project using personal data.
Be able to forget a user.
With a key tied directly to a user, you can drop the key and effectively “forget” all of the information associated with that user. Instead of having to track down each encrypted piece of data and delete it, you can delete the key and render it unreadable.
At the end of the day, we are making all this effort to ensure we’re being responsible with people’s data. This approach allows us to know that we are living up to our promise when we say we will forget someone’s info.
Encrypt each of the user keys with a project-level key.
The one downside of this approach is that you will need to store all of these user keys somewhere. The storage cost of a key is low, but it comes with a side effect. Those keys are going to be readable by anyone who has access to the database they are stored in.
If you want to ensure those keys aren’t accessed by too many people, you should add one additional layer of security: encrypting each of the user’s keys.
Use a service to manage that key.
The encryption of user-level keys will work a bit differently than the other data encrypted in the system. All of these keys will be encrypted using one main key for each database environment. Since this key will be used across multiple users, we’ll manage this one a bit more carefully using a key management system or KMS.
A KMS will provide a safe and secure way to generate, store, and use environment-level encryption keys without ever putting them in a place readable by human eyes. Most of these services will also provide functionality for versioning and rotating keys as well.
This is just the start. Hopefully, this was a helpful introduction to encryption and provides you with a jumping-off point. As I said earlier, I am not an expert and I encourage you to do your own research and take this even further now that you have your foot in the door.