2

A potential contract requires the following sensitive information to be persisted in a postgres database:

Bank Account type (Uk/Int)
Bank Account Number
Bank Sort Code

Passport Number
Passport Issuing Country

Driving License Number
Driving License Issuing Country
Persisting this data terrifies me.

This information is required to be accessed by the firm's staff via an admin dashboard in a web browser.

Would a Rails app, configured to use https, running on Digital Ocean where sensitive columns are encrypted with pg_crypto be sufficient? Are there some addition steps I should take?

I'm new to security so sorry if this is a bad question.

Ross Kinsella
  • 21
  • 4
  • Storing that type of information, I'd be concerned as much about physical security as digital. Personally, I would start by looking at PCI-compliant hosting facilities (and regulations in general). While your specific use case may not require PCI compliance, aligning yourself with that type of scenario would probably be a good thing. – willc Feb 04 '15 at 17:33
  • Besides PCI compliance, you are storing a ton of high-value PII, and you have regulations that you need to make sure you comply with (depending on jurisdiction) – schroeder Feb 04 '15 at 17:51

1 Answers1

3

Do: use the banking centers data center. Let them take on the burden of physical security. They need to provision something with their IT infrastructure for compliance. Until it's in their environment, just host locally on an encrypted drive with dummy data.

Don't: use any cloud environment. Use a dedicated, managed host. Let the client foot the bill.

Do: double-check on the pg_crypto library's best practices and check out this word for word. http://www.postgresonline.com/journal/archives/165-encrypting-data-with-pgcrypto.html

Do: read in general about key pairs, salts, and hashes here: https://dba.stackexchange.com/questions/35296/database-encryption-and-key-management-with-pg-crypto

Do: add some authenticators like security questions and allow automated detection of suspicious behavior like logging in from new IP, double-blind customer service verification (customer service cannot see the answers, they only type in the customers security challenges and see if it passed or failed at end)

Do: periodic security audits. Suggest outside firms to assist you and pad your proposal with the added cost. A small e-commerce operation (just talking about signing up for online ed, and paying for it for ex.) costs about $5,000 to audit yearly by a recognized firm.

Do: read up about MITM attacks. Prevent out of date browsers, or self-signed certs from ever using the site. Prefer to use a highly trusted CA and never allow wildcard certs, express certs, or out-of-date certs on server side. All that is your job to do! Congrats on the RFP and good luck.

More to come.

Community
  • 1
Kevin Yu
  • 144
  • 5
  • This is very helpful @Kevin Yu, thank you. -- On a side note; in the event the client refuses to go with a dedicated, managed host -> Am I liable for damages arising from an attack? I am an Ireland based developer and the client is UK based. – Ross Kinsella Feb 04 '15 at 20:33
  • Not sure about international trade laws in the UK but your consulting agreement should have liability clauses and also require mediation in your home country if the need arises. – Kevin Yu Feb 06 '15 at 17:22