• State Not Answered
  • Replies 1 reply
  • Subscribers 5 subscribers
  • Views 2586 views
  • Users 0 members are here
Related Discussions
Home » Discussions » Integrations

Encryption/Decryption of Data when Appian is only one system in the mix

dylanf

Hello All,

We have a situation where our application architecture, at a high level is as follows:

  • Something (system or person) makes a call to an internal (proprietary) API.
  • The (internal) API takes the inputs, runs some stored procs (internal), writes some data to (internal) DB
  • The (internal) API then calls an Appian process model that's exposed as a web service to launch a process instance where data that was stored in step above is rendered in Appian interfaces.
  • Users then interact with those process instances launched above, and add and edit data via task forms and related actions.
  • Any data edited within Appian is then sent to the aforementioned internal API, which in turn persists the data to our (internal) DB.

So...

At a high level, we have Internal API, Internal DB and Appian. All writes to the internal DB are initiated by the internal API. Internal API can be called from Appian or elsewhere. Reads from the DB (in this context) happen from Appian.

That said, we have a request that for some of the processes, we have sensitive information that stakeholders only want designated people to be able to see, whether it be in Appian or elsewhere, so we were thinking encryption.

However, given that the writing and reading of data that support these process are a blend of both Appian and not Appian, wanted to see if anyone else had encountered a situation where a superset of users are using the same Appian application, but only allow privileged users to see this encrypted data within Appian. I have likely done a poor job explaining this, so please let me know if any additional clarity is needed to help answer this.

 

Thanks,

Dylan

  Discussion posts and replies are publicly visible

  • 0
    A Score Level 3
    Hi Dylan, we built an application for management of medical practices including sensitive medical data. For each patient we create a group and only people in this group have access to any sensitive data. By default this group has no members. To gain access there is a process which grants access for 24 hours and writes to an audit log. To separate sensitive data we implemented a hashed keying method so there is no direct shared key between the tables.

    So restricting access in Appian is pretty simple. The question is, do you really need to encrypt data on DB level?
© 2024 Appian. All rights reserved.
We want to hear from you! Submit a review on Gartner or G2.