User:Mcramos/sandbox

TDPS - Trusted Data Protection Service

TDPS is a secure online service responsible for intermediating the data encryption and decryption actions of a database.

Acting as a data protection gateway, an TDPS service becomes the guardian of security keys for accessing a system's encrypted data.

Unlike solutions that use encryption but maintain the necessary encryption keys required to retrieve the data on the client application, an TDPS service ensures that all access to sensitive information can be monitored and that the access key is kept in an external, secure environment with levels of access unrelated to the development and maintenance teams.

An TDPS service, by definition, does not record data being encrypted and decrypted, guaranteeing data compartmentalization. For the purposes of monitoring by the system security team, TDPS monitors the volume of requests and generates usage change alerts so that security verification actions can be taken by the company.

In addition to the data encoding features, the TDPS service also helps in creating search indexes for use in auxiliary tables. These indexes make it possible for systems to search the database's encrypted data without loss of performance and functionality.

The use of an TDPS service becomes a fundamental strategy for system developers wishing to comply with GDPR (Europe), CCPA (California/USA),  LGPD (Brazil) and similar data protection laws in other countries/regions, as it guarantees a significant improvement in the level of data security, allows the establishment of verification policies and even quotas for the use of such functionalities.

When using an TDPS service, the CPO (Chief Privacy Officer) demonstrates a special concern in the security of its database, complying with the requirements of data protection laws in the scope of data storage and going further by storing the encryption key on an external server with advanced levels of security.

API
Communication with an TDPS server is done through the API provided by the service. Using this API, the development team should insert the necessary API calls for encoding / decoding sensitive data during data access and recording. It is desired that the service provider offers libraries in the most common programming languages ​​to facilitate and speed up the system adaptation process.

Data Search
One of the biggest challenges in using an encrypted database is to perform searches. Searching by name or range of values ​​becomes complicated and computationally costly. To assist database searches efficiently, the TDPS service can also offer resources in the generation of auxiliary keys for creating search index tables.

The generation of the index tables must be done keeping in mind that the indexed information (also in encrypted format) cannot be used to directly relate statistical samples to a base record.

In order to be able to search using value ranges, it is important that an TDPS can, when desired, create indexes using OPE (Order-preserving Encryption).

Performance
To ensure that the overall performance of the system does not change significantly, it is essential that the TDPS service offers a low latency response time. Likewise, it is desired that batch actions are possible to minimize latency in the data encoding and decoding process.

An TDPS service must guarantee an SLA (Service-level Agreement) that guarantees the maximum availability possible. It is recommended that the service has a large redundancy of servers, guaranteeing a minimum availability of 99.9%.

Encryption Keys
The encryption key for the base data must not be stored anywhere in the systems accessible online. The TDPS service should be the sole guardian of the data encryption key.

Naturally, those responsible for the system must keep a copy of the key in a location preferably physically disconnected from the network for any eventual extraordinary need to recover the original data.

Each TDPS service can use different encryption methods. It is important that the method used is public knowledge, such as AES256, and that the user system can recover its data if it wishes to do so independently in extraordinary cases.