How is best practice for data security from all user including admin user

Hi all,

 

Anyone know how to keep data secure from all user include admin user ?   May be like encryption or decryption or any other method ?  I just read encryption from Workbench, but still not clear how to use it.

Please share best practice about security data in Domo from all user including admin user.

 

 

Thanks,

Martin

 

Comments

  • Not sure that Domo has this fleshed out yet, but would be cool to hear from a Domo employee w/r/t where this fits in their dev roadmap.  

     

    As far as I know, there is no way to limit an admins access to data.  

     

    For other users, I've had success limiting dataset access to a named user group by a) creating a user group in the admin feature, b) adding the appropriate members, and c) limiting the sensitive dataset to the named group using the PDP feature.  

     

     

  • CWebb
    CWebb Domo Employee

    Hi @Martin

    Workbench does offer a way to encrypt columns. However, the only way to decrypt the values is in a Sumo table card. There is a KB article that goes over the details of using encryption in a Workbench job:

    http://knowledge.domo.com?cid=wb4transforms

    With security best practices, all Admins currently have access to all data or the ability to grant theselves access to the data. So, data must either be encrypted via the above or excluded from being sent to Domo. Let us know if you have any further questions.


    * I work for Domo * 

     

  • @Martin tagging you to check out @Cody's reply.

  • @Cody @Dani I am new to this chain, but I can't imagine that in 3 years there has been no update to this process from Domo. Can you please let us know if there is anything available to prevent this aside from reducing access/roles in Domo. Given GDPR and HIPPA I think having some control might make sense. Is this something Domo is considering?

  • CWebb
    CWebb Domo Employee

    Hi @dmoney1 ,

     

    There is a new feature in the works that will answer this use case. Presently, the project is called 'Departmental Admins'. Please get with your CSM to express interest, and potentially getting in on a beta when it becomes available.

This discussion has been closed.