Log access to sensitive data

Before putting much contact PII in, like might be part of features such as

or other sensitive data, like some IP, HR, etc. discussions, it would be good to be able to mark the data as particularly sensitive and then have added audit capabilities, both in Fibery and its API.

Entity access levels are great - but if, even with that set well, a particular record or record set is compromised addressing it will take being able to trace views et al, not just edits.

(This level of logging can take a lot of resources. So, maybe for those who intend to have data like that in Fibery there could be a collab to have the log data saved to their shares or some such, especially if access gets to some threshold.)

#CRM #email-integration #permissions #PII #security

Could you please share a couple of scenarios when you consider a record “compromised”?
Would “someone has been accidentally given extra access and it took us 2 weeks to notice it” be an example?

1 Like

That is a good description of compromised.

Also:

  • Account stays logged in. 4 yr old plays on the laptop, munges around tables, takes screenshot of the pretty purple on and shares it on their Insta w/ a fun filter. Having a day/time/account that viewed helps figure that out when the image is shared virally or whatever.
  • Account’s password is compromised, purposefully - through human engineering or whatever. Connection from hacking pool in other country happens. Viewing of specific record/s of interest happens. Having a day/time/account that viewed/ip address helps flag the activity and figure that out.
  • API access using compromised account happens. Being able to set flags helps cut that off as quickly as possible.

etc.

Thank you! The problem is more clear now, I’ve tweaked the name of the Topic a bit.
We will collect more cases like this to see the demand — any solution is likely to affect performance so we’ll be careful with the balance here.

2 Likes