1 result found

1. Field Level Encryption Support for Aiven Products

   TL;DR;
   As Aiven Customer
   I want to be able to be able to encrypt any form of sensitive data (PII or PCI) so that I can manage sensitive data in a legally compliant and user-privacy respectful manner.

   Detailed description of the proposal:
   Hi Aiven!
   Hope all is well with you. I have a feature/service suggestion which I believe will make your existing product portfolio even stronger!

   It’s a thing I call “Aiven for Privacy FTW!” and it’s basically a standalone “field-level-encryption” service used for managing of PII and PCI fields/properties in the event payload in legally (eg. GDPR and/or CCPA) and secure manner (ie. sensitive data encrypted in transit and at rest).

   I made a following high-level architecture/component diagram with aim to visualize how would “Aiven for Privacy FTW!” fit together with your products and within client context. See attached.

   After drawing and discussing this internally, I realized that it would be even better if this is a stand-alone service that can be instantiated and run fully within the client context and manage sensitive fields/properties even before event enters Aiven managed services. This way, the sensitivity will be fully managed and stay within the client/producer control and will not pollute your services with sensitive data.

   Why should you consider this? I’d like to claim that you’re in unique position in the industry with a portfolio of solutions that can be connected fully end-to-end from event producer to consumer and with this type of functionality you’ll be able to provide a turn-key solution to all your clients.

   Nothing here is new, tbh. There is no novelty here and others are doing/offering something similar already, but no one is giving a full package solution with privacy compliance being made a first class citizen. You could.

   Example of others doing stuff in this area:
   - Snowflake allows their customers to use external tokenizers to unlock/show sensitive data based on the access privilege: https://docs.snowflake.com/en/user-guide/security-column-ext-token-intro
   - MongoDB is offering their clients ability to encrypt sensitive data on the client side using: https://www.mongodb.com/docs/manual/core/csfle/
   - Conduktor provides encryption all the way down to field/property level: https://www.conduktor.io/encryption/

   In all these cases (at least MongoDB and Snowflake), “Aiven for Privacy FTW!” if it becomes a thing could be used if done as a stand-alone service. So, it could strengthen your position further in the industry.

   I hope you will consider this and feel free to contact me either directly or through our Aiven KAM, Hanna Behr, if you want to talk more about this.

   Thanks,
   Srdjan B. (Eng. Director, Sinch SaaS App Platform)

   TL;DR;
   As Aiven Customer
   I want to be able to be able to encrypt any form of sensitive data (PII or PCI) so that I can manage sensitive data in a legally compliant and user-privacy respectful manner.

   Detailed description of the proposal:
   Hi Aiven!
   Hope all is well with you. I have a feature/service suggestion which I believe will make your existing product portfolio even stronger!

   It’s a thing I call “Aiven for Privacy FTW!” and it’s basically a standalone “field-level-encryption” service used for managing of PII and PCI fields/properties in the event payload in legally (eg. GDPR and/or CCPA)… more

   •  

   1 vote

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   1 comment  ·  Other  ·  Delete…  ·  Admin →
   How important is this to you?

   Nice to have You must login first! Should have You must login first! Must have You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close
   Shelved  ·  Jonah Kowall responded

   I will be closing this out, but the idea is valid. We are looking at building a proxy service for Kafka and this could be in part of the roadmap for that component as you have described. We suggest for those who want to use encryption on Kafka to do this on the producer and consumer sides as the data would be encrypted from end to end.