Building extremely deep monitoring as a SaaS product has a drawback: we capture too much data for some customers’ compliance requirements. As a result, some companies have been unable to deploy us, or have had to redact data before sending it to our cloud platform. To address this, we built the Sensitive Data Vault, a highly secure, completely on-premises storage module for the most critically private data that must never leave the customer’s firewall.
What is it?
The VividCortex Sensitive Data Vault is a new component of the overall VividCortex solution that you deploy inside your firewall. It ensures that the data never leaves your servers and never enters the VividCortex cloud environment. It consists of:
- a Go service that the VividCortex collector agent communicates with
- a customer-maintained MySQL or PostgreSQL database that the Go application uses
Once installed, the application is entirely contained within your firewall. It has no communication with the open Internet: there’s no backdoor, it’s not accessible outside your firewall, and VividCortex employees have no access to it or the underlying database. You can install, configure, and harden the Vault and the systems that run it, to meet your own compliance requirements.
Why is it important?
Companies who previously couldn’t use VividCortex due to security and compliance requirements now have an on-premises option that may meet their needs. For example, industries that are highly regulated, such as medical and ecommerce, are now able to monitor sensitive databases with confidence that they have full control over their data.
- Sensitive data never leaves your firewall
- You can purge the data VividCortex collects—the “right to be forgotten”
- If you have stronger contractual and/or governmental compliance requirements for managing data—such as PCI, ePHI, PII, etc.—the Sensitive Data Vault lets you store the sensitive parts of these systems’ performance data in your compliant location
How does it work?
In a typical VividCortex installation, the agent sends sensitive data such as SQL text securely to the VividCortex cloud-based APIs where it is encrypted and stored. When later viewing the UI, that data is fetched from the APIs, decrypted, and displayed.
When using the Sensitive Data Vault, the agents instead send the data to the Vault, running within the local/internal network. The Sensitive Data Vault stores that information and returns a special nonreversible token, which the agent sends to the cloud instead. When later viewing the UI, the user’s web browser uses the token to retrieve the original form of the sensitive data from the Vault, and display it.
As always with VividCortex, the Sensitive Data Vault was built with security in mind. Access to the Vault can only occur within the same firewall, does not communicate any sensitive data to VividCortex’s public APIs, is encrypted with SSL, requires the user to be authenticated to the VividCortex service, and requires special user permissions within VividCortex.
What about GDPR compliance?
The General Data Protection Regulation is a new comprehensive data protection law in the EU that strengthens the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data. This law is an important step forward in streamlining data protection requirements across the EU. The Sensitive Data Vault may be an important part of a customer’s overall GDPR compliance controls, because it allows customers to:
- Manage their own data securely
- Keep sensitive data locally so it is not in scope for Sub-processors
- Delete data as needed to comply with GDPR
How do I get it?
For the vast majority of customers, our fully-managed cloud platform is the right solution, with security and controls that are well above what is needed. We would be glad to walk through the architecture and implementation in more detail to help you understand whether the Sensitive Data Vault is a solution for your needs. Contact a VividCortex representative to arrange that.
The Sensitive Data Vault is in early access, meaning that we consider it production-ready and secure, but we are offering it to selected customers who are willing to help us validate the solution and its value, as well as learning more about deployment scenarios, helping us develop comprehensive documentation, and understand the market needs better.