Best Practice for handling sensitive data

Document created by rich_patterson Employee on Jul 15, 2014
Version 1Show Document
  • View in full screen mode
Data may come into your process secured via SSL or otherwise.

You may choose to have your clients send data encrypted, in which case you would decrypt it using a Data Process shape.  In this situation, the data will be stored on your atom in the format in which it was received.  Therefore, it would reside on your local drives encrypted.

Either way, you should consider the physical and security of your atom servers and their drives.  Also take note, that data may only be available for a period of time ( typically 30 days ), so you may consider archiving it to a separate location, isolated from your atom processing.

A recommended best practice, to compartmentalize sensitive data, is to create a separate environment, and a separate atom, dedicated to handling this sensitive data.  Note: Additional licenses may be necessary

You may then use Environment Roles (, to manage who has access to the data on that new environment.

You should build production values into your connector components, because in that case, a developer who has access to the build tab, could then execute your process in test mode, and gather production data.  Instead, you could build test connector information here, and extend those values.  You could then use Environment Extensions to define the production connections.