Data encryption in Lyftron works transparently to the end user.
Here are the steps needed to make use of Lyftron's automatic data encryption:
- classify data as sensitive in the pass-through database (VDB directly connected to the source), using metadata editing. For example, set "Lastname" column from CRM as holding sensitive information.
- classify connection to data processing system as untrusted and provide a seed value to use
If any user decides to cache sensitive data on the untrusted system, Lyftron will automatically detect that sensitive data is being stored and will encrypt the data. The user will not detect that encryption happened because he or she will see real data, even if processing happened on the untrusted system.
Connection seed value is used to initialize internal structures that encrypt the data when needed.
Properties of data encryption built into Lyftron
Main properties are:
- Data is encrypted using reversible encryption and obfuscation, for example, a text will not be human-readable, while numbers and dates will and will hold fake data.
- Encrypted data types are preserved, for example, varchar(80) and datetime types will not change in the encrypted result. Encrypted data types can be changed manually in a view using specialized SQL functions: lyft_shuffle and lyft_deshuffle.