Overview
In this other article I talked about encrypting attachments with "Column Level Encryption", but that article did not cover how to encrypt columns (fields). Although both elements share steps in common during their configuration, there are differences that should be explained.
Please, before continue reading this article, go to the previous one and read the following sections:
- Overview
- Configuring the basics
- Creating a Cryptographic module
- Configuring the Crypto Specifications
Once you have finished them, continue reading here. You can see how my Cryptographic Module looks:
Creating the Encrypted Field Configuration record
Let's configure now when the previously created module and key will be used. To do so, we need to go to "System Security > Field Encryption > Encrypted Field Configurations" and create a new record. In this example I have configured it setting the Type to "Column" and the Method to "Single Module" as we only want one single module to be able to write/read from this field. The module will be defined under the next section "Module Access Policies"
In this scenario, we have created a field called "Secret" on the "Incident" table that only "itil_admins" can read/write.
Module Access Policies
Finally, we need to define who will have access to encrypt and decrypt the selected column (field). Let's go to "Key Management > Module Access Policies > All" and create a new Module Access Policy as the one below:
In this example, I am selecting the Type "Role" and selecting the "itil_admin" role meaning users with this role will be able to encrypt and decrypt attachments using the Crypto Module selected above. It is important to highlight that "Result" must be set as "Track" to allow this operation. I am flagging the "Impersonation" checkbox so that admins could impersonate "itil_admin" users and see attachments, but if you want to avoid this, uncheck the "Impersonation" flag.
Showing the results
If we impersonate a user having "itil_admin" we will be able to see how this will look like. Bear in mind this is possible because in the previous step we checked the "Impersonation" checkbox. If you want to avoid this, simply uncheck it.
If the user has access to write/read from the field, they will see it and they will also see a "lock" icon next to it, letting them know the field is encrypted.
However, if we stop impersonating the user and keep being the "System Administrator" we will not be able to see the field.
As you can imagine, you could always protect sensitive information from your own administrators by using encryption. Only people with the "sn_kmf_admin" will be able to configure how the CLE works, therefore as long as you don't give them that role, you will be protected.
Please, share the post if you found it interesting and click on "Like".
2 Comments
