Securing Data in the Age of Personalization
By Andy Brooks, VP of Information Security
There are countless benefits to digitizing government services to make it easier for residents and businesses to interact with their local government. Cities taking steps toward personalizing the civic experience can allow people to opt-in to storing personal preferences and information, like preferred communication channels or billing methods.
A digital two-way street between government agencies and residents is convenient for people who want to:
- Check the status of a request like a payment plan or an application like a business permit
- See all their paid or pending obligations like property tax bills or parking ticket due dates
- Easily make those payments using a saved credit card or bank account
- Identify topics they care about like school closings or their neighborhood’s recycling schedule
As governments begin collecting information that allows for these personalized interactions, they are responsible for protecting this data from threats such as ransomware and hackers. The applications that store and transmit this data must be built with a security-first mindset. While the domain of application security is vast, and beyond the scope of this post, here are some best practices to follow for basic application security hygiene.
Allowing people to set a preferred credit card or other payment method makes it easier for them to make payments. In addition to not having to type in their credit card details for common payments like monthly water utility bills, they can also have more flexibility in the way they pay. For instance, if someone is paying down a parking ticket, they may opt to set automatic biweekly payments of a smaller amount instead of paying for the entire lump sum up front. Tokenization allows you to store a data item that refers to the credit card, without ever having to store the card itself.
If you are building an application that will process or handle credit card details, that application should never store card and CVV numbers. In fact, storing this data is a massive violation of the Payment Card Industry Data Security Standard (PCI-DSS) and could result in hefty fines. In instances where you may need to refer to the credit card number, instead store a token with a non-sensitive value. This is a widely adopted industry practice known as tokenization. Tokenization allows you to refer to the credit card number by means of a value that you can store locally.
Providing password-protected areas of a website allows people to set the types of preferences discussed above. But storing passwords in a secure manner is one facet of application security that many have gotten wrong, often with devastating results. The easiest way to secure passwords is to not store them at all, and by that, I mean delegating authorization using an open standard such as OAuth as provided by a trusted third party, like Google or Microsoft. If you must store passwords, it is highly recommended to review the OWASP Password Storage Cheat Sheet. It may not be necessary to implement all of the controls listed based on your use case. Two of the most important controls that everyone should adhere to are:
1. Using an adaptive one-way function such as bcrypt
2. Using a cryptographically strong credential-specific salt
It is important to monitor the health and status of your applications by logging system activity. In order to answer questions about what is happening in your environment, your log data must be detailed. However, it is important to ensure that your log data is not capturing too much information, such as usernames and passwords, credit card numbers, CVV numbers, etc. It is often the case that detailed logs are generated with the best of intentions, but in reality, this often results in logging sensitive data items, as well as copying this sensitive information into one or more separate systems. Best practices are that application development teams identify sensitive parameters in their applications, and have filtering in place to ensure that those values are never outputted in application logs.
Another important item relating to best practices for logging is to determine how long you will keep this log data for. Many organizations keep more data than is necessary. By storing an abundance of log data for an indefinite amount of time, you are creating a potential treasure trove of sensitive internal information for hackers. Organizations should identify what their data retention strategy will be, and implement it such that they are deleting old data from their environments once it is no longer needed, or of use.
Modern Technology Requires Modern Security
While the above is by no means an exhaustive list about developing secure applications and handling sensitive data, it does highlight some of the common mistakes in the development process. As cities continue to personalize service delivery and expand their digital footprint, it is important that security is treated as a core component for all applications and systems.