Data Security / Encryption

Dear all,

Many of my customers (SugarCRM 7.x or 8.x Pro or Ent) ask us what is the best question to secure SugarCRM data.

Of course, we recommended the main "standards" security options (role/team for end user, VPN access, HTTPS, restricted access to database etc.).

But, the "new" question is more to also secure the database content itself ; is there any standard solution to easily encrypt the database content but let SugarCRM work without restriction.

We know that we could created "encrypted" field inside SugarCRM but the target is more a global database encryption.

It should be a weird question but I'm not a system security expert, so I am open to all your suggestions or experiments.

Kind regards,

Fred

Parents

0 Brian Jones over 2 years ago

I'm looking for "encryption at source" with respect to protecting PII from a cyber security insurance perspective. I completely agree with the recommendations already given regarding best practices, but I'm specifically being asked if my PII is encrypted at source by the insurance company.

Is TDE my best option? Does SugarCRM not directly support some way to do this by flagging specific fields that contain sensitive data that I'm not aware of?

Thanks in advance for any help on this.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Brian Jones over 2 years ago

I'm looking for "encryption at source" with respect to protecting PII from a cyber security insurance perspective. I completely agree with the recommendations already given regarding best practices, but I'm specifically being asked if my PII is encrypted at source by the insurance company.

Is TDE my best option? Does SugarCRM not directly support some way to do this by flagging specific fields that contain sensitive data that I'm not aware of?

Thanks in advance for any help on this.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Rafael Fernandes over 2 years ago in reply to Brian Jones

Hi Brian Jones,

Have you looked into our Data Privacy guide? We do provide some guidance on PII.

It's a very good starting point other than all the other, more technically advanced suggestion by the community.

Some more info about our security is here.

rafa

SugarCRM | Principal Developer Advocate
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Matt Marum over 2 years ago in reply to Brian Jones

Hi Brian.

I'd also point out that there is an "encrypt" field type that you can use to store data as encrypted text in the database. But, in general, there's lots of drawbacks to encrypting data at the field/column level. You can search for this data. You can't sort on this data. PII generally covers people's names, addresses, phone numbers... things you'll need to look the customer up. The usability is going to be bad.

https://support.sugarcrm.com/Documentation/Sugar_Versions/11.0/Ent/Administration_Guide/Developer_Tools/Studio/#Field_Types

That's why we typically go with encryption at rest / disk level encryption.

App Ecosystem @ SugarCRM
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Cancel