Thread Details
  • State Not Answered
  • +1 person also asked this people also asked this
  • Replies 13 replies
  • Subscribers 367 subscribers
  • Views 6748 views
  • Users 0 members are here
Forum Actions

Data Security / Encryption

Frédéric Rinaldi

Dear all,

Many of my customers (SugarCRM 7.x or 8.x Pro or Ent) ask us what is the best question to secure SugarCRM data.

Of course, we recommended the main "standards" security options (role/team for end user, VPN access, HTTPS, restricted access to database etc.).

But, the "new" question is more to also secure the database content itself ; is there any standard solution to easily encrypt the database content but let SugarCRM work without restriction.

We know that we could created "encrypted" field inside SugarCRM but the target is more a global database encryption.

It should be a weird question but I'm not a system security expert, so I am open to all your suggestions or experiments.

Kind regards,

Fred

  • 0 in reply to ted moriello

    Regarding ssh I would like to add:

    • disable password authentication, use public key authentication
    • don't use RSA/DSA keys, as far as I can see in my logfiles, atm brute force attack ssh bots only support connections with RSA/DSA keys
    • If you have to use passwords, then also use 2FA (libpam google authenticator)
  • 0 Sugar Employee Badge in reply to Brian Jones

    Hi Brian.

    I'd also point out that there is an "encrypt" field type that you can use to store data as encrypted text in the database. But, in general, there's lots of drawbacks to encrypting data at the field/column level. You can search for this data. You can't sort on this data. PII generally covers people's names, addresses, phone numbers... things you'll need to look the customer up. The usability is going to be bad.

    https://support.sugarcrm.com/Documentation/Sugar_Versions/11.0/Ent/Administration_Guide/Developer_Tools/Studio/#Field_Types

    That's why we typically go with encryption at rest / disk level encryption.

    App Ecosystem @ SugarCRM

  • 0 in reply to Matt Marum

    Thanks Matt, I agree with everything you said which is why I feel like I'm stuck. 

    I don't see a path forward for the an "On Prem" solution that contains PII that is "encrypted at source" without making the platform nearly un-usable for our staff. 

    For context, the requirement for "encrypting PII at source" is coming from our Cyber Insurance and I feel like there is real breakdown between the lawyers and a use-able solution. 

1 2