This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Enable Masking for Application Integration

Posted on 03-26-2024 12:00 PM
gsharan
Staff
Reply posted on --/--/---- --:-- AM

Application Integration generates log messages for each integration execution. These logs can contain information that is used to determine the status of each integration step, or to troubleshoot failed integrations, tasks, or events. These logs can also include sensitive or personally identifiable information (PII) that you don't want to be visible in the log output. 

Now with Application Integration, you can have controls to mask these sensitive data in the log output so that this information is not visible when you review the logs.

Benefits

Masking sensitive data in logs provides the following benefits:

  • Improve customer security and privacy
  • Comply with data privacy regulations
  • Enhanced Data Security and Confidentiality
  • Reduced Risk of Data Breaches and Data Loss

Mask sensitive data in logs

To mask sensitive data in logs, you must enable masking for all of the following resources:

Project Level Masking Control signifies the highest tier of the masking hierarchy, subsequently followed by Integration and Variable. Authorization for Project Masking is controlled via a Flag at the region level. To activate Project Level Masking, kindly enable masking for all regions associated with your projects. Subsequently, the enabling of the masking flag at both the Integration and Variable levels is performed. For the effective functioning of masking for the variable, the activation of all three resources associated with that variable is necessary.  Additionally,  if a project has multiple regions and you have enabled masking for only one region then end to end masking will work only for that region and all integrations built within that region. The example provided below will offer further clarification.

The availability of multiple masking hierarchies provides organizations with a high degree of flexibility in managing various use cases, including test versus production environment configurations. For instance, in a non-production environment, users can configure both integration and variable-level masking but disable them at the project + region level. This enables testing since the data involved is typically non-sensitive and the user can view them in the log output. Once testing is complete, users can migrate the integration to production and simply enable the masking flag at the project + region level. End-to-end masking will be functional since the Project takes the highest priority. This approach resolves the significant challenge of maintaining masking at the integration and variable level separately for the production environment. Similar flexibility is provided for integration Level masking where users can be selective to activate masking for which integration flows and disable for others in that project.

Limitation and Workaround:

Present solutions have a limitation when the desire is to mask only certain fields from a JSON variable. This level of granularity is not currently offered; however, we recognize the need for such fine-grained control among users.

So, the workaround:

  1. Mask the whole JSON variable
  2. Create a new variable for the fields which you don't want to mask specifically for logging and do a data mapping for this  new temporary variable.
  3. In Data Mapper Task - use the "REMOVE_PROPERTY" mapping function to remove the properties you want to mask from the input variable while mapping to the new temporary variable
  4. Now the logs will contain all of the fields except the removed properties in the temporary variable, effectively masking only the properties you want while logging the rest of the properties.

Use this temporary workaround till we are working to introduce such flexibility in our future release

The example provided below will offer further clarification.

For instance, think of your customer sales data as a whole stack of Data: It has different sections–contact information, order history, pricing agreements, Customer payments, etc. Masking lets you selectively cover up sensitive parts of the whole stack.

Using multiple controls by Application Masking feature you can protect your data log visibility:

  • Project via Region masking: Ability to Protect your sensitive information at Project level via region flag like if its Production customer Sales data then you want to secure it, so enable it  all Regions associate for that Project. 
  • Integration masking: Covers specific sections / Flow (like hiding Customer Payment details). For them, enable masking for Customer Payment integration flow and then subsequently enable the variable for which you want to enable masking
  • Variable masking: Covers specific Variables within an integration flow (like hiding/masking account numbers variable). This should be enabled for the integrations and Project + Region combination so that logs are masked for this variable in the  log output.

For complete protection, cover everything. Leaving any level unmasked creates a point of access for unauthorized eyes.

Sometimes you need to share selectively. You might have a marketing system that needs to see order history but shouldn't view pricing flow. You can disable masking for just that integration (Order History) while maintaining masking/security (Customer Payment) for the rest of your data by keeping the Masking flag enabled for Customer payment flow along with Variables within this integration flow for Customer payments.

Now, lets see how we can configure Variable Masking for Application Integration by picking a very simple use case of email trigger

Step 1 : Enable Masking for the Project via Region flag

On Left hand Navigation, Navigate to Region of your selected project on your Application Integration Page and select the region want to active the masking rule for and select on Edit region as shown below on 3 dots. 

gsharan_0-1711478690301.png

Enable toggle of Variable Masking  - “Enable Variable Masking in logs” to enable Variable masking at Region Level

gsharan_1-1711478690167.png

Step 2 : Enable Masking at the Integrations

Select the integrations for which you want to enable masking and go inside the integrations. Then select the settings button on top right corner of the screen as shown below

gsharan_2-1711478690154.png

Enable toggle of Variable Masking  - “Enable Variable Masking in logs” to enable Variable masking at Integration Level. Doing this will enable you to mask at the individual variable level.

gsharan_3-1711478690164.png

Step 3: Enable Masking at the Variable.

Edit the Variable which you want to mask by Clicking on 3 dots to the variables and click on View Details. Then select the checkbox to “Mask the variable in logs” as shown below. Then click on save button

gsharan_4-1711478690146.png

Step 4: Variable is masked at the Log Output: Once you run the execution, the output log for the selected variable is masked

gsharan_5-1711478690172.png

3 0 69
0 REPLIES 0
Top Solution Authors
View all