Sue is a mid-level web developer working with a small charity. Like many in similar positions, she’s both the development team and IT support within her organization. She’s well-read on new technologies but is spread pretty thin when it comes to being the go-to “expert” on tech-related questions coming from her co-workers. This makes her one of the busiest, most important people on the team and she doesn’t have time to stop and really invest in learning everything there is to know about data security.
That’s not to say that data security isn’t important; it couldn’t be more important. The charity’s website takes online donations, and Sue is responsible for making sure that the money coming in is safe and that donors can follow up on their contributions come tax time. Thanks to some useful workshops presented at user groups, she’s already fully integrated the site with Stripe to protect donor payment information and provide real-time receipts.
But now her boss also wants to generate monthly and quarterly reports about donor activity. This information will help with end of the year tax receipts and will also help build internal donor profiles to help with more effective fundraising.
Unfortunately, Sue’s employer has been hacked in the past. They’ve lost data and had the personal information of their donors leak on the public Internet. Sue has already integrated with Stripe to ensure donor credit information is stored securely, but she wants to do whatever possible to ensure donors’ other private information is properly protected.
InnoVault Feature Offering
InnoVault works by encrypting customer information before it ever leaves the browser en route to the server for long-term storage. Every InnoVault-protected data entry form creates individual encryption keys on a field-by-field basis and stores both the information and the means to encrypt it in a protected data store. Only the owner of the form can ever retrieve or use the information it submits.
All of the data lives in the cloud, safely encrypted with offline keys that have never traveled across the Internet. The only information stored in your database is a reference to the record that lives in InnoVault – if your data is ever breached, nothing is leaked. Likewise, if the database itself is ever infiltrated, no data can be extracted without the proper keys. Through InnoVault, your data is completely safe and secure.
A Better World
Sue already used Stripe to store donor’s credit information, so she was ready and able to integrate external storage with submission forms. Adding InnoVault to her existing donor information forms was quick and easy – she just added a script tag and flagged the fields that needed to be protected. Now, whenever a donor contributes, their payment information is securely stored with Stripe and their other personal information is securely stored with InnoVault.
At the end of the month, Sue uses InnoVault’s Ruby SDK to pull down and collate the information she needs for her reports. The charity’s database stores only a Stripe customer ID and an InnoVault record ID. Even if it were to be breached in the future, there’s nothing for an attacker to steal. They don’t have access to Stripe to fetch payment information and they don’t have the keys for InnoVault to retrieve any personal information.
Sue’s boss wanted to be sure the charity had access to information when they needed it. Sue wanted to make sure no one else would have access. InnoVault wanted to make sure both of them were happy and provided the toolkit to make that possible.
How can InnoVault Help You?
InnoVault is a developer toolkit for easily adding encryption capabilities to your website. Learn more about how you can use InnoVault or send us suggestions for data security capabilities you’d love to see.