HIPAA, GDPR, CCPA and other emerging data privacy regulations are encouraging customers to review how they handle and protect their customers data. Enterprises are often choosing to mask, remove or encrypt sensitive data in the ETL (Extract, Transform and Load) step to minimize the significant (board level) risk of this sensitive PII & PHI data becoming stored, logged, accessable or worse still, breached in their data lake or data warehouse.
The best solution is to remove, hash, or anonymize sensitive data but that’s not always a suitable business solution. PII and PHI data is needed for business applications but must be strongly protected in transport or in the customer’s application.
Xplenty is partnering with Amazon's Key Management Service (KMS) to enable customers to encrypt and decrypt fields using their own encryption key. Amazon's KMS enables Xplenty to give the customer full control of the encryption keys, their rotation and their logging whilst maintaining very high, proven security. Customers can create a new KMS Customer Managed Key, and give Xplenty secure access to this key’s ARN for all their encryption and decryption on Xplenty without having to exchange secrets.
Inside Xplenty’s ETL package customers can encrypt data by passing the string to the Encrypt function with their AWS Key ARN. This returns the encrypted message (containing the ciphertext and the encrypted data key).
Encrypt(‘my string’, ‘keyARN’)
Inside Xplenty’s ETL package customers can decrypt data by passing the encrypted message to the Decrypt function with their AWS Key ARN. This returns the decrypted message.
Decrypt(‘my encrypted message’, ‘keyARN’)
Xplenty’s platform helps data scientists, data engineers, and business users quickly create their data pipelines with zero coding. AWS KMS helps Xplenty’s customers further secure their ETL data processing without giving up any security control. To learn more about Xplenty's encryption feature, please contact your Account Manager or email firstname.lastname@example.org.