This article is accompanied by sample forms, dataset definitions and sample data saved in this folder.
1. Introduction
SurveyCTO features a multi-layered set of security precautions that protect sensitive data at each step, including in-transit encryption, at-rest encryption, end-to-end encryption, and so much more. Additionally, SurveyCTO users rest easy knowing that the platform meets SOC 2 certification standards. We take securing your data seriously!
For users of server datasets, we now offer an additional layer of security. Server datasets allow you to populate forms with pre-existing data using pre-loading, and even pass collected data between forms. Data on mobile devices can be encrypted (including server datasets), and data is also encrypted at-rest on your server. When server console users with the right permissions log in, the data is decrypted and accessible to them (unlike encrypted forms that remain encrypted until purposefully decrypted).
You can now improve data security even further by encrypting sensitive data before uploading it to a server dataset stored on a SurveyCTO server. Additionally, encrypted data can be managed inside forms using field plug-ins; you can decrypt the data to make it readable in the form, and then re-encrypt the data before it gets published back to a server dataset. Data that is encrypted using form encryption is not publishable by design in the SurveyCTO system, but this approach allows users to implement a similar additional layer of security while still enjoying the benefits of data publishing. Using the field plug-ins in this solution, you can still perform essential tasks involving personally identifying data like confirming identities, contacting beneficiaries, and updating that data, while still keeping that data secure.
In this example workflow, respondents are refugees. Because of the sensitive nature of the data you are collecting, it is important to keep the data you collect secure. However, you still need to view and reference that data in later forms, so you can use the encrypt field plug-in to encrypt your data before it is published to the server dataset, and then later use the decrypt field plug-in to view the decrypted data.
| Important: The encryption field plug-ins are meant to supplement SurveyCTO security features, not replace them. Learn more here. |
This use case covers the following sections:
2. Deploy the workflow now!
Click below to view this workflow in the Hub and install it on your server.
| Advanced users can find the sample workflow files in this folder. For help with manual deployment, check out our support article Deploying form definitions and server datasets. |
3. Overview
In this workflow, you will be able to:
| Enter an encryption key using a QR code. | |
| Encrypt individual pieces of data using a key. | |
| Publish encrypted data to a server dataset. | |
| Decrypt server dataset data in the form. | |
| Update encryption data in the form. | |
| Find a record even if the respondent's unique ID has been lost. | |
| Protect sensitive data from exposure using SurveyCTO-standard form encryption. |
| Your own application of the techniques demonstrated in this guide will involve additional steps, including encrypting pre-existing sensitive data before a project starts. This use case focuses on the encrypting of form data that is published to server datasets. Feel free to contact our support team for help strategizing your deployment. |
4. Workflow components
This workflow has 2 forms and 1 server dataset.
|
Workflow Component Files Click on the section to access the files. |
||||||||||||||||||
Forms
Server Datasets
|
4.1 Encryption keys
You will encrypt and decrypt server dataset data within the form by providing a single encryption key. This is called "symmetric encryption", since the same key is used for both encryption and decryption.
For the encryption key, you can either generate your own 128-bit encryption key, or use this example:
RQmHY+vQ5UQOeufZZQHZhg==
Warning: This key is just for example purposes. Do not use it in your actual data collection project, since anyone with this key will be able to decrypt your data. For your own data collection project, generate your own 128-bit, Base64-encoded encryption key.
Make sure you keep your encryption key safe, even if it is in a QR code! Anyone with your encryption key and access to the data will be able to decrypt it.
4.1.2 Form data encryption
This form uses the public encryption key in this public key file to encrypt form data. That way, form data is also encrypted, including sensitive data (it would not make sense to encrypt the server dataset data if the original form data remains unencrypted). You can then decrypt the data using this private key file. This is called "asymmetric encryption" since different keys are used for encryption and decryption.
The fields that publish to the server dataset are publishable (column V of both spreadsheet form definitions in this workflow), and their data will not be encrypted by the public key. However, some of the publishable fields have already been encrypted using the symmetric encryption key, such as "name_enc" and "age_enc", so their data is still hidden.
Currently, only the fields that are published to the server dataset are publishable. If you'd like, you can make other fields publishable, but we recommend keeping the most sensitive data (such as the respondent's name) non-publishable.
You can learn more in our documentation Encrypting form data.
Warning: These keys are just for example purposes. Do not use them in your actual data collection project, since anyone with the private key will be able to decrypt your data. For your own data collection project, generate your own key pair. While you can share your public key (which is used to encrypt your data), keep your private key (which is used to decrypt your data) safe and secure, and only share your private key with users who are allowed to view your data.
4.2 Encrypting and decrypting data outside of SurveyCTO
If you already have data you would like to add to the server dataset, use our scto-encryption Python package to generate a CSV file with your encrypted data, then upload that data to your server dataset. Then later, you can download the server dataset data, and use that same Python package to decrypt the data.
The package was designed to be as easy to use as possible, so even if you have never used Python before, take a look, and give it a try!
5. Customization and improvements
SurveyCTO has endless possibilities, so this workflow is only the beginning. Feel free to modify and expand on this workflow to fit your own needs. Here are some tips on what you can add:
- Expand your practice of encryption by securely storing sensitive data on your computer using tools like Cryptomater.
- Hide unencrypted field data so data is hidden after it is entered, as opposed to after the form is finalized.
Do you have thoughts on this guide? We'd love to hear them! Feel free to fill out this feedback form.
0 Comments