1 Reply Latest reply on Nov 8, 2021 11:48 PM by Nico Heinze

    Full encryption?

    Martin Treder New Member

      Is there a way to run Informatica MDM in an encrypted mode so that nobody from Informatica themselves or from the cloud provider could gain access to plain text data?

       

      As a more concrete question: Is a setup possible where a private key would be required to access data, created by the Informatica customer, and shared with authorised persons only?

        • 1. Re: Full encryption?
          Nico Heinze Guru

          Short answer: not really possible (no matter what sales people say).

           

          Longer answer: each time you have to process some data item (some "value"), you have to convert it from encrypted form to plain-text form in order e.g. to search for a special substring, some standardisation rule, or whatever processing you need here (and be it "only" a comparison with some flag date, such as "last business day of October 2020").

          So eventually data must be decrypted anywhere where you need to apply any logic.

           

          Which means that usually you cannot shift around encrypted data, eventually you have to decrypt data during processing.

          Which in turn means that at some point during processing (e.g. some filter condition when reading from a huge table) you have to cope with plain-text data.

           

          So a complete encryption during the complete life cycle of any data value is an illusion.

           

          This is way most software vendors don't provide data encryption all along any way of data values (because it's technically not feasible).

           

          In PowerCenter, IDQ, and IICS (to name just three examples), data records being processed within memory are always decrypted. And I am 100% sure this applies to most other software products as well.

          Even if you store data in some encrypted DBMS, then the data values in memory must be handled in plain-text mode; only while storing / retrieving them on/from some storage device they will be encrypted / decrypted on the fly, the actual processing must take place in unencrypted form.

           

          That's not a technical thing, that's "by nature". One example: how is a DBMS supposed to handle a SQL query with a condition like WHERE LOAD_DATE >= TO_DATE( '2020-01-15', 'YYYY-MM-DD') if the LOAD_DATE remains encrypted. That's plain impossible.

           

          Just my 2 cents.

           

          Regards,

          Nico