Difference between revisions of "Protecting Personal Information"

Revision as of 22:31, 22 May 2025

Full Title

How a large enterprise should structure itself to limit the risk of exposing User Private Information.

Context

US Federal Trade Commission Protecting Personal Information: A Guide for Business

Problems

• Whenever a secret is widely shared, it should be treated as public knowledge as every process that can access the secret needs to as secure as the information protected by the secret.
• Secrets should never be accessible by any process that is accessed by any untrusted process. For example a Web Site that is accessed by the public internet should never have access to secrets.
• Since Web Sites may access data that is protected with encryption by secret keys, the process that does the decryption should not be in the same process, or security domain, as the Web Site.

Solution

Board of Directors

^[1]

fubar

• One reasonably secure approach to the problem would be to have a user-defined encryption key (either static or derived from passphrase, initialization vector (iv), etc) which should be used by all servers on your farm. What needs to be done at application installation (on each server) define this key and store it in secure form, so that only a secure application can retrieve it.

than any web facing project with its own secure store and deployment process.

Server Farms

When it is not clear which platform (Windows or Unix in particular) will be processing data that needs access to user secrets, one solution would be a central server that can dole out secrets to process that have the privileges to request them. One very simple way to bring up such a service is to place the secrets in a private git repository that can only be accessed by process with the desired credentials.

References

1. ↑ Dominique Shelton Leipzig, Trust ISBN 9798887501734

Other Source Material

• Also see wiki page Shared Data Protection.