Does bonita have out of the box features for data confidentiality processes

I need to handle data that is restricted according to different actors.

Can I define in someway that data so it is handled differently whether is one actor or another.

And also how is data secured in terms of attackers trying to steal data with attacks like men in the middle or any other types of attacks.

Can data be encrypted in the database used by Bonita or when transmitted to an external database?

Thanks.

Hi,

Simple answer is no.

Data classification/categorization is a very specialized field of IT with a new C-Suite designation coming to the fore as we speak. The CDO (Chief Data Officer) who looks after “what data is” and “how it should be used” etc., including it’s exposure, public, confidential, secret, top-secret, eyes-only etc.

I started to answer this then scrubbed it, the questions asked are complex once you look at it.

Q(S) I need to handle data that is restricted according to different actors.

A Use different views to the database - one view for secure data one for open data. Don’t mix public and secure views when a process requires only public access. The easiest way to secure something is not to expose it when it’s not used. For example always do:

tableX has 10 fields;

select field1, field2, field3 from tableX where id=1; and not

select * from tableX where id=1; the other seven fields are returned but not used, potential for exposure…

Q Can I define in someway that data so it is handled differently whether is one actor or another.

A See my previous answer, but this is really a difficult answer to give as really what you are looking for is a Data Inventory (see for ideas: http://www.b-eye-network.com/view/1447). The data inventory is outside the scope of Bonita and is a business activity. To secure the base data (in the database itself), see below.

Q And also how is data secured in terms of attackers trying to steal data with attacks like men in the middle or any other types of attacks.

A Man in the middle is a network issue, I suggest you speak with them…you should use HTTPS web to ensure encrypted transmission of data.

Q Can data be encrypted in the database used by Bonita or when transmitted to an external database?

Yes, I use jasypt ( http://www.jasypt.org/). You just have to write your own connector.

Good luck and best regards
Seán