Data Encryption Strategies
This article expands on the major areas for enabling GDPR-compliance for your PubNub-powered applications. In addition to our own compliance, these are important considerations for complying with GDPR requirements for your app.
Point-to-point Encryption/Data in Transit
PubNub’s encryption offering satisfies Articles 6 and 32 of the GDPR by providing both encryption for data in transit and data at rest. SSL/TLS endpoints for all APIs and data streaming services are included at no extra cost for all PubNub customers.
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS encryption is used by most secure websites today and accepted as a standard for point-to-point security over public networks.
PubNub Functions with AES Encrypted Messages
Since messages encrypted with AES are not readable as they route through PubNub, PubNub Functions cannot read or act on the message data. However, PubNub messages have two parts: the body and the envelope. Data placed in the message body will be both TLS and AES encrypted, but data placed in the envelope will be encrypted with TLS (point-to-point) encryption.
This approach optionally allows the developer to leverage PubNub Functions by placing actionable data in the message envelope, while placing the bulk of the message content into the message body.
End to End Message Security
Advanced Encryption Standard (AES) is a specification for the encryption of electronic data. AES has been adopted by many governments around the world and is now used worldwide in many high-security applications. PubNub client SDKs provide built-in AES encryption support out of the box at no extra cost.
As a consequence, PubNub has no ability to decrypt the customer’s data.
Log Access & Audit
GDPR Articles 33 and 34 define reporting requirements for a data breach. Having an audit trail provides applied controls, allowing you to demonstrate compliance with these two articles. PubNub access logs provide full visibility on all API calls made to the network using your PubNub keyset. In addition to the network logs, the SDKs also generate logs that can be used for audit or troubleshooting purposes.
PubNub Functions and Gateways provide a highly flexible option to route messages to your own servers so that developers have the option to leverage their own infrastructure for audit purposes.
Developers who need messages presented in a time-series manner can enable PubNub Storage & Playback to persist all messages sent by their devices for retrieval at a later date.
Data access is a core tenant of GDPR (specified in Articles 5 and 32) – ensuring that distribution and use of personal data is limited. PubNub Access Manager (PAM) allows developers to create and enforce secure access to channels throughout the PubNub Data Stream Network.
Access Manager enables the following functionality:
- Fine grain control of realtime data streams authorizing specific users to read/write messages on one or more channels
- Instant grant/revoke of permissions for realtime data streams at the user/device, channel, or key level via a simple API call
- Compatibility with auth tokens from any existing authentication system: OAuth (Facebook Connect, Twitter, Google, GitHub, etc.), LDAP, Enterprise ID management solutions, and homegrown/custom solutions
- Configuring an Access Token lifespan from 1 minute to infinity
The Net Benefit: PubNub handles all Access Control so your Article 5 and 32 requirements are met; and no callbacks to customer-hosted access control servers are necessary to verify access for read/write permissions.
PII Data Privacy
GDPR Article 17, and other articles, define a framework for access to end user data. PubNub is set up to facilitate that process. At a high level, PubNub offers developers the option to decide if they want messages persisted in the network by enabling the Storage/Playback feature.
If enabled, developers have full control and can decide which messages will be persisted. This allows them to only persist messages that meet certain conditions, messages that are sent over certain channels and even restrict message storage to users from specific geographic locations.
In addition to providing the ability to set a time-to-live for persisted messages, developers also have access to PubNub data deletion APIs (such as delete from history) to delete any persisted messages to stay compliant with Article 17 of the EU GDPR – Right to erasure.
Data Storage & Portability
While GDPR permits cross-border data transfers from the EU to the US, PubNub provides an option for any keyset to persist its data only in E.U. hosted data centers. Without this setting, by default, the customer’s data is persisted and replicated to multi-regional (multinational) data centers.
By providing Storage & Playback as an opt-in feature, PubNub also supports use cases that do not need access to historical messages. PubNub offers a “transient-only” mode with RAM-only message routing that prevents any data from being stored throughout the global network pipeline.
For data portability, as provided in GDPR Articles 13, 14, 15 and 20, PubNub provides access to your stored data, in a standard JSON format.
PubNub was created with a ‘security by design’ mindset and has a robust compliance environment. Beyond the comfort level, PubNub’s work can be relied on to support your ‘privacy by design’ efforts required by GDPR Article 25.
As a Data Processor, we have all our Article 30 records up to date and can present them to data supervisory authority on demand.
As a Data Controller, you are required to respond to a data breach within 72 hours; PubNub’s own policies and procedures enable you to comply with GDPR Articles 33 and 34.