• State Verified Answer
  • Replies 6 replies
  • Subscribers 10 subscribers
  • Views 7393 views
  • Users 0 members are here
Related Discussions
Home » Discussions » User Interface

Encrypted documents

Richard

We have a need for files that are uploaded by the user to be encrypted "at rest" to prevent system administrators from accessing those documents.  Does anyone have experience with this?   We are interested in any options, disk encryption, plugins, calls to command line tools.   In particular we're interested in a) how, and b) how were the keys stored.

Thanks

  Discussion posts and replies are publicly visible

  • +1
    A Score Level 1
    Hi Richard,

    I am afraid we cannot directly do this with in Appian document managment system and all the documents present in Appian will be browsed and viewed by system administrator.

    But there is work aorund you can think. Instead of Appian document system, we can store the encrypted document in database. There is an Appian plugin "Base64 Document Database Integration" (Smart services) available here - community.appian.com/.../base64-document-database-integration

    This particular plugin can encrypt the document into Base 64 and store the document in database. Also stored document can be retrieved when its needed and ofcourse this document cannot be viewed by system administrator directly instead he has to use only Appian process via this plugin to retrive the document into Appian.

    Hope this solution helps.

    Thanks - Naveen
  • +1
    Appian Employee
    Full disk encryption is a standard approach to ensuring that data is encrypted at rest. Encryption at that level will be transparent to most applications running on the system (including Appian), so any common encryption solution should work.

    (Though it's always a good idea to test whatever option you go with, keeping an eye on performance. You should also make sure that your backups will be encrypted to your satisfaction, but still able to be decrypted in the event that they need to be used.)
  • +1
    Certified Lead Developer
    Hi @Richard Nolan I agreed with and I wouldn't recommend you to neither use Bade64 conversion nor storing the documents into db.

    Reasons:
    1. When you convert a document into Base64, it's generated file size will be much bigger than its actual one. Also this entire conversion output will be stored in memory which causes lot of performance issues.

    2. When you are trying to store the document into db, then the conversion procedure takes huge amount of time, and being an end user I would like to receive the documents with no delay unless size is pretty huge, or it needs to get transferred through some third party systems j to Appian KC. Also when you store the documents into db, this increases the db volume and you may come across through lot many performance issue with respect to DB also while dumping this data from one environment to another will be a challenging one.
  • 0 in reply to aloks0189
    Hi Alok,

    We unfortunately have to use the base64 document to database function (for at least the next 1/2 year) for a variety of reasons. Thankfully these are small files and need to be archived rather than receive constant use.

    Thanks for your input, I've relayed all of the concerns mentioned to our project team, but they are adamant.
  • 0 in reply to Richard

    Hi Richard,

    Did you consider the approach of removing System Admins from the Designer role in Production to prevent them from accessing documents from the Design interface? By doing this, you may also have to setup a basic user with Designer access for Import of applications and Monitoring of process issues, if any. But, this approach would mean that System Admins wouldn't have access to Design interface, and hence wouldn't have access to documents. 

  • 0
    Appian Employee
     in reply to Eliot Gerson

    @Eliot - is your recommendation from 2017 above still the same?

© 2024 Appian. All rights reserved.