Cyber Security

How to handle Sensitive Data Types in logs without violating GDPR compliance?

SA Asked by Sarah Miller · 05-05-2024
0 upvotes 9,183 views 0 comments
The question

Our application logs currently capture raw user input, which sometimes includes PII (Personally Identifiable Information). I need to implement a solution that masks these sensitive data types (like Email or Credit Card strings) before they reach our ELK stack. Should this be handled at the application level via custom data types or through a log-shipping filter? 

3 answers

0
EL
Answered on 07-05-2024

The most secure way is to handle this at the application level using a "Secure String" or a custom wrapper class for sensitive data types. By the time it hits the logs, it's often too late if the logging framework isn't configured perfectly. In Java or C#, you can create a SensitiveData type that overrides the toString() method to always return [MASKED]. This ensures that even if a developer accidentally logs the whole user object, the PII remains hidden. Complement this with a Logstash filter as a "second line of defense" to regex-pattern match emails or card numbers just in case something slips through. 

0
RY
Answered on 09-05-2024

What’s the performance impact of running regex filters on every single log line in a high-traffic environment?

JA 10-05-2024

Ryan, it can be heavy. If you're logging thousands of lines per second, regex will spike your CPU. That's why the application-level approach Elizabeth mentioned is superior. It’s a "proactive" rather than "reactive" fix. If you must use Logstash, limit the regex to only specific high-risk log categories rather than scanning every single field.

0
A
Answered on 11-05-2024

We use a centralized vault. We store a "Token" (a non-sensitive data type) in the logs and only authorized users can swap it for the real PII in the vault. 

SA 12-05-2024

Tokenization is definitely the gold standard for security. It makes the logs useless to a hacker while remaining helpful for debugging.

Share your thoughts

Your email address will not be published. Required fields are marked (*)

Professional Counselling Session

Still have questions?
Schedule a free counselling session

Our experts are ready to help you with any questions about courses, admissions, or career paths. Get personalized guidance from industry professionals.

Request a Call Back

Search Online

We Accept

We Accept

Follow Us

"PMI®", "PMBOK®", "PMP®", "CAPM®" and "PMI-ACP®" are registered marks of the Project Management Institute, Inc. | "CSM", "CST" are Registered Trade Marks of The Scrum Alliance, USA. | COBIT® is a trademark of ISACA® registered in the United States and other countries.

Book Free Session