-
Type:
Epic
-
Status: To Do
-
Priority:
High
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Labels:None
-
Company:All Clients/Multiple Clients
-
Epic Name:Application level security
Application level security
Columns containing PII data in database are saved as plain text. Looking at options to encrypt this data and will share more details next week
DMS document template has permission settings to restrict view of sensitive data (SSN, DOB etc.). At the moment this has to be configured by the customer or CB implementation team. We can put in checks for some of the known attributes to prevent recruiters/admins from being able to see the data entered by candidates.
If the customer does capture any other PII data that we cannot be aware about, they need to take care of setting appropriate permissions. From DMS side, we can only encrypt the data.
- relates to
-
DMS-2350 MYSQL Table level encryption R&D
-
- Done
-
| Field | Original Value | New Value |
|---|---|---|
| Sprint | Dec 2020 Release - Sprint 1 [ 232 ] |
| Description |
Application level security
Columns containing PII data in database are saved as plain text. Looking at options to encrypt this data and will share more details next week DMS document template has permission settings to restrict view of sensitive data (SSN, DOB etc.). At the moment this has to be configured by the customer or CB implementation team. We can put in checks for some of the known attributes to prevent recruiters/admins from being able to see the data entered by candidates. If the customer does capture any other PII data that we cannot be aware about, they need to take care of setting appropriate permissions. From DMS side, we can only encrypt the data. |
Application level security
Columns containing PII data in database are saved as plain text. Looking at options to encrypt this data and will share more details next week DMS document template has permission settings to restrict view of sensitive data (SSN, DOB etc.). At the moment this has to be configured by the customer or CB implementation team. We can put in checks for some of the known attributes to prevent recruiters/admins from being able to see the data entered by candidates. If the customer does capture any other PII data that we cannot be aware about, they need to take care of setting appropriate permissions. From DMS side, we can only encrypt the data. Below are the efforts for column level encryption. As of now we can estimate it as 2 Sprint effort with 2 team members https://jira.workterra.net/browse/DMS-2349 Sr. No Tasks 1 Scope Identify: List of DMS Table with their Attributes 2 Modify Data Type Key Management: Master key management(Storing and passing down in queries) 3 Create new Table for storing Keys by Client 4 UDF 1: Client ID Return Key 5 UDF 2: Encrypt (Column Name will Encrypt) --- AES_ENCRYPT 6 UDF 3: Decrypt (Column Name will Encrypt) --- AES_DECRYPT 7 Identify Insert queries (Columns) 8 Modify for Encryption (Columns) 9 Identify Select queries (Columns) 10 Modify for Decryption (Columns) 11 Identify Update queries (Columns) 12 Modify for Encryption (Columns) 13 Migration of Existing Data 14 Performance test 15 Integration Testing & Regression of Existing API |
| Description |
Application level security
Columns containing PII data in database are saved as plain text. Looking at options to encrypt this data and will share more details next week DMS document template has permission settings to restrict view of sensitive data (SSN, DOB etc.). At the moment this has to be configured by the customer or CB implementation team. We can put in checks for some of the known attributes to prevent recruiters/admins from being able to see the data entered by candidates. If the customer does capture any other PII data that we cannot be aware about, they need to take care of setting appropriate permissions. From DMS side, we can only encrypt the data. Below are the efforts for column level encryption. As of now we can estimate it as 2 Sprint effort with 2 team members https://jira.workterra.net/browse/DMS-2349 Sr. No Tasks 1 Scope Identify: List of DMS Table with their Attributes 2 Modify Data Type Key Management: Master key management(Storing and passing down in queries) 3 Create new Table for storing Keys by Client 4 UDF 1: Client ID Return Key 5 UDF 2: Encrypt (Column Name will Encrypt) --- AES_ENCRYPT 6 UDF 3: Decrypt (Column Name will Encrypt) --- AES_DECRYPT 7 Identify Insert queries (Columns) 8 Modify for Encryption (Columns) 9 Identify Select queries (Columns) 10 Modify for Decryption (Columns) 11 Identify Update queries (Columns) 12 Modify for Encryption (Columns) 13 Migration of Existing Data 14 Performance test 15 Integration Testing & Regression of Existing API |
Application level security
Columns containing PII data in database are saved as plain text. Looking at options to encrypt this data and will share more details next week DMS document template has permission settings to restrict view of sensitive data (SSN, DOB etc.). At the moment this has to be configured by the customer or CB implementation team. We can put in checks for some of the known attributes to prevent recruiters/admins from being able to see the data entered by candidates. If the customer does capture any other PII data that we cannot be aware about, they need to take care of setting appropriate permissions. From DMS side, we can only encrypt the data. |
| Sprint | Dec 2020 Release - Sprint 1 [ 232 ] | Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2 [ 232, 233 ] |
| Sprint | Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2 [ 232, 233 ] | Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1 [ 232, 233, 258 ] |
| Sprint | Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1 [ 232, 233, 258 ] | Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2 [ 232, 233, 258, 259 ] |
Harshveer Singh (Inactive)
made changes -
| Epic Child | DMS-2365 [ 123296 ] |
Harshveer Singh (Inactive)
made changes -
| Epic Child | DMS-2366 [ 123297 ] |
Harshveer Singh (Inactive)
made changes -
| Epic Child | DMS-2367 [ 123298 ] |
Harshveer Singh (Inactive)
made changes -
| Epic Child | DMS-2368 [ 123302 ] |
Harshveer Singh (Inactive)
made changes -
| Epic Child | DMS-2369 [ 123303 ] |
Harshveer Singh (Inactive)
made changes -
| Epic Child | DMS-2370 [ 123304 ] |
Harshveer Singh (Inactive)
made changes -
| Epic Child | DMS-2371 [ 123306 ] |
Harshveer Singh (Inactive)
made changes -
| Epic Child | DMS-2372 [ 123307 ] |
Harshveer Singh (Inactive)
made changes -
| Epic Child | DMS-2373 [ 123308 ] |
Harshveer Singh (Inactive)
made changes -
| Epic Child | DMS-2374 [ 123309 ] |
Harshveer Singh (Inactive)
made changes -
| Epic Child | DMS-2375 [ 123310 ] |
| Sprint | Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2 [ 232, 233, 258, 259 ] | Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2, Feb 2021 Release - Sprint 1 [ 232, 233, 258, 259, 260 ] |
| Sprint | Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2, Feb 2021 Release - Sprint 1 [ 232, 233, 258, 259, 260 ] | Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2, Feb 2021 Release - Sprint 1, Feb 2021 Release - Sprint 2 [ 232, 233, 258, 259, 260, 261 ] |
| Sprint | Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2, Feb 2021 Release - Sprint 1, Feb 2021 Release - Sprint 2 [ 232, 233, 258, 259, 260, 261 ] | Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2, Feb 2021 Release - Sprint 1, Feb 2021 Release - Sprint 2, March 2021 Release - Sprint 1 [ 232, 233, 258, 259, 260, 261, 262 ] |
| Sprint | Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2, Feb 2021 Release - Sprint 1, Feb 2021 Release - Sprint 2, March 2021 Release - Sprint 1 [ 232, 233, 258, 259, 260, 261, 262 ] | Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2, Feb 2021 Release - Sprint 1, Feb 2021 Release - Sprint 2, March 2021 Release - Sprint 1, March 2021 Release - Sprint 2 [ 232, 233, 258, 259, 260, 261, 262, 263 ] |
| Sprint | Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2, Feb 2021 Release - Sprint 1, Feb 2021 Release - Sprint 2, March 2021 Release - Sprint 1, March 2021 Release - Sprint 2 [ 232, 233, 258, 259, 260, 261, 262, 263 ] | Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2, Feb 2021 Release - Sprint 1, Feb 2021 Release - Sprint 2, March 2021 Release - Sprint 1, March 2021 Release - Sprint 2, April 2021 Release - Sprint 1 [ 232, 233, 258, 259, 260, 261, 262, 263, 264 ] |
Harshveer Singh (Inactive)
made changes -
| Epic Child | DMS-2429 [ 127556 ] |
Harshveer Singh (Inactive)
made changes -
| Epic Child | DMS-2435 [ 127651 ] |
Harshveer Singh (Inactive)
made changes -
| Epic Child |
|
| Sprint | Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2, Feb 2021 Release - Sprint 1, Feb 2021 Release - Sprint 2, March 2021 Release - Sprint 1, March 2021 Release - Sprint 2, April 2021 Release - Sprint 1 [ 232, 233, 258, 259, 260, 261, 262, 263, 264 ] | Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2, Feb 2021 Release - Sprint 1, Feb 2021 Release - Sprint 2, March 2021 Release - Sprint 1, March 2021 Release - Sprint 2, April 2021 Release - Sprint 1, April 2021 Release - Sprint 2 [ 232, 233, 258, 259, 260, 261, 262, 263, 264, 265 ] |