Data Masking and Auditing
Last updated
Last updated
Sensitive data needs to be stored and passed securely. One way to facilitate this is to tag sensitive data. Tagging and categorizing information as sensitive prevents it from being seen by developers with insufficient permissions, prevents it from being downloaded insecurely, and allows it to be tracked and audited according to the tag it has been assigned, of which there are three options:
PII
PCI
HIPAA
In this document, we'll walk through how tags are assigned – both to local data as well as data stored in AirData App Objects – and discuss how tagged data is made more secure.
📘 Enterprise Feature
Data tagging and masking requires an ENTERPRISE license. If you would like to enable this feature for your Airkit Organization, please contact your Airkit representative or contact support@airkit.com.
Data can be tagged as it is pulled into an application, either via a Web Control or an Integration.
Once a value has been tagged, any values derived from it will be assigned the same tag. For instance, if a variable called text_input
contains data tagged as PII, the value of a new variable generated by using text_input
in an Airscript expression will also be tagged as PII.
Web Controls that allow users to enter sensitive information, such as the Text Input Web Control, the Secure String Input Web Control, and the Phone Input Web Control, allow the potentially-sensitive information to be tagged as part of Data Binding. You can find the UI to do this in the Inspector, under Data Binding > Data Tag. For instance, the following example shows how a data tag can be assigned to the input collected by a Text Input Web Control that binds collected input to the variable text_input
:
The dropdown menu under Data Tag provides four options: "–", "PII", "PCI", and "HIPPA". Selecting "PII", "PCI", or "HIPPA" will tag the data as sensitive, while selecting "–" will not tag the data at all.
Tagging data pulled from external system must be configured as part of setting up the Integration in the Console. Inspecting or creating an account under Console > Integrations > Connect Accounts will allow you to associate a data tag with the account by selecting a tag from the dropdown menu in the Inspector, under Properties > Data Tag:
When a data tag is associated with an account in this way, any and all information pulled from this datasource at any point within a Journey will be assigned the selected tag.
Whenever any data tagged as PII, PCI, or HIPAA is created or read, an Audit Log Event is fired. Audit Logs sort sensitive data by tag and provide a clear record of the movement of sensitive data. This makes it clear:
when sensitive data flows into Airkit (such as through an Input Web Control or Integration)
when sensitive data flows out of Airkit (such as through an HTTP request)
Audit Logs are accessible via Snowflake.
📘 Enterprise Feature
Accessing Audit Logs requires Snowflake Secure Data Sharing, which requires an ENTERPRISE license. If you would like to enable this feature for your Airkit Organization, please contact your Airkit representative or contact support@airkit.com.
To confirm that data is being tagged correctly, Preview your application and check the Event Log Viewer whenever you are emulating the creation or passing of sensitive data. If the data is correctly tagged, you will see an Audit Log Event fire.
For instance, the following example shows a Text Input Web Control with input tagged PCI. Giving input to that Text Input Control fires the PCI Data Created Event:
To facilitate the process of testing, you can check the Obfuscate State box to the upper right of the State Viewer. This obscures data tagged as sensitive while examining the Entire state of the application:
Note that checking this box does not impact any live application behavior, and** if you download any state, sensitive data will be obfuscated**.
Once data has been tagged, any data derived from it will be assigned the same tag, and it is possible for tags to stack. If two values – one tagged HIPPA, one tagged PCI – are used to generate a third value, the value generated will be associated with both the HIPPA and PCI tags, and both the HIPPA Data Created and the PCI Data Created Events will run when it is generated.
The data stored in the properties of AirData App Objects can be tagged. This is done in AirData Builder, while Inspecting the relevant property. For instance, in the following example, data stored under the property ID
is tagged as PII, but a different tag can also be selected from the dropdown menu:
When an attribute is associated with a tag:
All data saved to that attribute is obscured from developers with insufficient permissions.
The tagged data will be obscured if and when the AirData table is exported.
🚧 Local Tags do not automatically apply to AirData
If a local value is tagged as sensitive, it and any data derived from it will be assigned the same tag – but this only applies locally. To maintain a tag while sending local data to AirData, the property that the local data is being saved as will also need to be tagged. The tag will not be maintained automatically when sending locally-tagged data to AirData.