How is auditing, authentication, and authorization handled in Senzing?
This is one of many aspects of the Senzing API that our customers LOVE. Senzing is a library that is embedded in other things and connects to a database... no moving parts, no network access, etc. As such, we operate as a library and the workflow/processes that call the Senzing API are the components that control the secure access. We do not require the use of any particular auditing, authentication, and authorization frameworks. You would use your own corporate standard mechanisms to implement those capabilities in your use of Senzing as well as the database it connects to and do not have to deploy/learn a completely new stack.
Our Senzing Community assets (docker, REST, GUIs, etc) are all open source (Apache 2.0) and built on some of the most popular industry standards (Jetty, Angular, etc). This allows you to incorporate and lock down these components much more readily than closed and proprietary capabilities.
A helpful article on the Senzing Architecture related to this topic: https://senzing.zendesk.com/hc/en-us/articles/360011569214-Senzing-Architecture
Is the Senzing data encrypted at rest?
Yes, it can be. Encrypting Senzing's data at rest is handled by the specific data store being used.
IBM DB2: If you are using IBM DB2, refer to this: http://www.ibm.com/support/knowledgecenter/SSEPGG_10.5.0/com.ibm.db2.luw.licensing.doc/doc/c0058536.html
AWS Aurora: If you are using AWS Aurora, refer to this: https://aws.amazon.com/about-aws/whats-new/2015/12/amazon-aurora-now-supports-encryption-at-rest/
MySQL: If you are using MySQL or MariaDB, refer to this: https://www.percona.com/blog/2016/04/08/mysql-data-at-rest-encryption/.
Database encryption can have significant performance implications so please involve your IT team and make sure they have reviewed some of our key documents:
Are there options to anonymize fields closest to source systems before the data is submitted to Senzing?
There is an advanced Senzing feature called Selective Feature Hashing that allows data owners to one-way hash selected fields (e.g., driver's license and date of birth) before the data is submitted to Senzing for Entity Resolution.
Here are a few articles on the concept and method:
NOTE: This is an advanced feature that currently requires consultation.