Key Manager Plus provides a set of privacy options which administrators can customize according to their requirements in order to meet the privacy standards laid down by the General Data Protection Regulation (GDPR).
- Provision to Purge Audit Trails
- Password Protection for Exports
- Provision to Control the Exposure of Personal Data in Reports
- Provision to Manage Non-User Email Addresses
1. Provision to Purge Audit Trails
Administrators can choose to purge old audit trails operation-wise, those which are no longer required in relation to the purposes for which they were originally recorded. To purge audit records,
- Navigate to Settings >> Privacy Settings >> Purge Audit Trails
- For those operations where audits need to be purged, specify the time interval in days beyond which you want to have the audit records erased.
- Click Save. The Audit settings are successfully updated.
2. Password Protection for Exports
Administrators can now enable password protection, thus enforce an additional layer of security for all files exported from Key Manager Plus. Key Manager Plus currently offers two levels of password protection for exports:
Global password - A uniform password applicable for all users when exporting files from Key Manager Plus.
User password -In addition to the global password, administrators can also allow users to set their own separate passwords to be used when exporting files from Key Manager Plus.
To enable password protection for exports,
- Navigate to Settings >> Privacy Settings >> Export Settings
- Check 'Enable password protection for exports'.
- Set a global password that will be used uniformly by all users to access files exported from Key Manager Plus.
- Administrators can also allow users to set their own separate passwords to access files exported from Key Manager Plus. Check 'Enable User Password'.
- Users can set their own passwords which is to be used at the time of accessing files exported from Key Manager Plus.
- Click Submit. The changes are updated successfully.
- Once you set up a global password, all files will be exported in password-protected zip folders that are encrypted using the Advanced Encryption Standard (AES) algorithm. Please extract the files from the zip folders using a third-party tool that supports AES encryption and decryption, such as 7-ZIP or WinRAR.
- Only the global password should be used to access report exports in e-mail notifications for scheduled report generation even if you have enabled the user password option.
3. Provision to Control the Exposure of Personal Data in Reports
Key Manager Plus includes provisions to control the extent to which personal data is exposed in canned reports. Administrators can choose to 'mask' or 'hide' certain Personally Identifiable Information (PII), and thereby can replace those specific personal data with random fictious characters or entirely hide them in reports exported from Key Manager Plus or in scheduled reports that carry those personal data.
Key Manager Plus provides options to mask / hide the following private data.
- User name
- SSH user name
- Resource name
- Landing server name
- Key name
- IP address
- Instance name
- Host name
- Domain name
- Domain controller
- DNS name
- Data center
- Common name
- Certificate template
- Certificate authority
- AD user name
To mask / hide PII in reports,
- Navigate to Settings >> Privacy Settings >> Export Data Settings
- Select those personal data that you wish to mask / hide in reports exported from Key Manager Plus or in scheduled report generation using the combinations provided.
- After providing your inputs, click Submit.
- You will note that data privacy is applied to report exports and scheduled reports as per your requirements.
4. Provision to Manage Non-user Email Addresses
Key Manager Plus allows administrators to configure email notifications about the completion of scheduled tasks, license expiration and other important operations to users who do not have an individual account with Key Manager Plus. A complete list of all such external IDs are duly maintained in Key Manager Plus to assist authorized administrators to keep a track on non-user email addresses being used in Key Manager Plus and also delete them if needed.
To manage non-user email addresses,
- Navigate to Settings >> Privacy Settings >> Unmapped E-mail IDs
- You can find a list of email addresses that are not mapped with any of your Key Manager Plus users.
- Administrators also have the privilege to delete those non-user email addresses that have become irrelevant. Select those email ids that need to be deleted and click Delete.
- The email ids are deleted from Key Manager Plus database.