You can edit almost every page by Creating an account and confirming your email.

Trusted Data Protection Service

From EverybodyWiki Bios & Wiki




TDPS is a secure online service responsible for intermediating the data encryption and decryption actions of a database.

Acting as a data protection gateway, a TDPS service becomes the guardian of security keys for accessing a system's encrypted data.

Unlike solutions that use encryption but maintain the necessary encryption keys required to retrieve the data on the client application, a TDPS service ensures that all access to sensitive information can be monitored and that the access key is kept in an external, secure environment with levels of access unrelated to the development and maintenance teams.

A TDPS service, by definition, does not record data being encrypted and decrypted, guaranteeing data compartmentalization. For the purposes of monitoring by the system security team, TDPS monitors the volume of requests and generates usage change alerts so that security verification actions can be taken by the company.

In addition to the data encoding features, the TDPS service also helps in creating search indexes for use in auxiliary tables. These indexes make it possible for systems to search the database's encrypted data without loss of performance and functionality.

The use of a TDPS service becomes a fundamental strategy for system developers wishing to comply with GDPR (Europe)[1], CCPA (California/USA)[2]LGPD (Brazil)[3] and similar data protection laws in other countries/regions, as it guarantees a significant improvement in the level of data security, allows the establishment of verification policies and even quotas for the use of such functionalities.

When using a TDPS service, the CPO (Chief Privacy Officer)[4] or DPO (Data Protection Officer) demonstrates a special concern in the security of its database, complying with the requirements of data protection laws in the scope of data storage and going further by storing the encryption key on an external server with advanced levels of security.

API

Communication with a TDPS server is done through the API provided by the service. Using this API, the development team should insert the necessary API calls for encoding / decoding sensitive data during data access and recording. It is desired that the service provider offers libraries in the most common programming languages to facilitate and speed up the system adaptation process.

Data Search

One of the biggest challenges in using an encrypted database is to perform searches. Searching by name or range of values becomes complicated and computationally costly. To assist database searches efficiently, the TDPS service can also offer resources in the generation of auxiliary keys for creating search index tables.

The generation of the index tables must be done keeping in mind that the indexed information (also in encrypted format) cannot be used to directly relate statistical samples to a base record.

In order to be able to search using value ranges, it is important that a TDPS can, when desired, create indexes using OPE (Order-preserving Encryption).

Data Leakage Prevention

To assist in the identification of data leakage events. The TDPS service must constantly monitor the incoming flow of requests made by each application.

Using statistical analysis and machine learning, the TDPS can identify suspicious deviations from the expected number of requests. Additionally, it is possible to establish limits that allow automatic service blocking when the flow exceeds a certain threshold outside the established standard.

The TDPS should also provide the DPO/CPO with tools for the visual analysis of the volume of requests over time.

Performance

To ensure that the overall performance of the system does not change significantly, it is essential that the TDPS service offers a low latency response time. Likewise, it is desired that batch actions are possible to minimize latency in the data encoding and decoding process.

A TDPS service must guarantee an SLA (Service-level Agreement) that guarantees the maximum availability possible. It is recommended that the service has a large redundancy of servers, guaranteeing a minimum availability of 99.9%.

Encryption Keys

The encryption key for the base data must not be stored anywhere in the systems accessible online. The TDPS service should be the sole guardian of the data encryption key.

Naturally, those responsible for the system must keep a copy of the key in a location preferably physically disconnected from the network for any eventual extraordinary need to recover the original data.

Each TDPS service can use different encryption methods. It is important that the method used is public knowledge, such as AES256, and that the user system can recover its data if it wishes to do so independently in extraordinary cases.

References

[5]

  1. "EUR-Lex - Official Journal of the European Union". eur-lex.europa.eu. Retrieved 2020-08-27.
  2. "Bill Text - AB-375 Privacy: personal information: businesses". leginfo.legislature.ca.gov. Retrieved 2020-08-27.
  3. "Lei Geral de Proteção de Dados Pessoais (LGPD) - LEI Nº 13.709". www.planalto.gov.br. Retrieved 2020-08-27. Unknown parameter |url-status= ignored (help)
  4. Opinion, The New York Times (2019-04-10). "Opinion | The New Terminology for Privacy". The New York Times. ISSN 0362-4331. Retrieved 2020-08-27.
  5. "TDPS - Uma Nova Abordagem Para Proteção de Dados Privados". pt.linkedin.com. Retrieved 2020-09-10.


This article "Trusted Data Protection Service" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Trusted Data Protection Service. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.