Using Tonic securely
To generate de-identified data, Tonic requires access to customer data that might be sensitive in nature, protected by regulation or contract, or that otherwise requires special handling to meet processing obligations.
To ensure the security of your data, when you configure and use the Tonic application, Tonic advises that you use industry best practices for secure data handling.
We have compiled the following recommendations for using Tonic securely. This list of suggestions is not comprehensive, and is based on a general use case.
Your use case might require additional considerations depending on the type of data that is processed, your underlying systems, and other legal and organizational requirements.
The following recommendations apply both to Tonic Cloud and to self-hosted instances of Tonic.
You should grant Tonic accounts to users based on the principle of least privilege. Each user should only have access to the workspaces and datasets that they need to perform their required tasks.
Tonic produces de-identified data that is stored in destination databases. Some end users might not need access to the Tonic application at all, but still need access to the destination data.
Restricting access to Tonic includes restricting access to the application and API keys that provide access to the Tonic API.
Periodically review the current user access to Tonic to ensure that the current access levels are appropriate.
Maintain protective measures for data as it moves from your data store to Tonic.
Configure databases that the Tonic application connects to (source and destination databases) to only accept encrypted connections that use industry standard cryptographic algorithms.
Make sure that there are physical security and environmental controls for all of your devices and access points.
This includes devices that are used by remote or home-based employees who use Tonic.
If you have a Professional or Enterprise license, use an external identity provider to manage access to Tonic.
When you use an external identity provider, you can control the password, multifactor, location, and other authentication requirements to meet your specific use case.
For self-hosted instances, the following additional recommendations apply.
Deploy Tonic in an environment that prevents unauthorized and accidental access from outside the system.
This can include:
- Configuring and using web application and network firewalls
- Using AWS Security Groups, Azure Network Security Groups, or Google Cloud firewall rules to control access to Tonic and to control Tonic access to other networked devices
- Using firewalls or stateless access control lists to deny traffic on unapproved ports or based on the traffic direction or type
- If applicable, allowlisting end-user traffic to IP addresses within a network or VPN
Maintain protective measures for data as it moves from your end users to the Tonic application. Configure your infrastructure deployment to use encryption-in-transit. Tonic can be configured in multiple ways to use and enforce encryption-in-transit.
Tonic recommends that all customers who deploy Tonic enforce encrypted communication.
Inbound traffic to the Tonic application can be load balancer configured with TLS termination. Some customers either do not want to or cannot use a load balancer. In that case, when you set up Tonic, you install a certificate to encrypt inbound traffic to the Tonic application. You can also use this configuration to ensure encrypted communication between the load balancer and the application.
For outbound traffic (traffic from the Tonic application to source and destination databases), you can configure Tonic to enforce SSL/TLS communication.
For increased security, ensure that the Tonic web server only listens on
https and not on http.To configure this, set the environment variable
TONIC_HTTPS_ONLY to true.Because of its access to sensitive data, you should configure and monitor network traffic for environments that run the Tonic application.
At a minimum, Tonic suggests that you use industry standard IDS/IPS systems to detect unauthorized access.
Use industry standard disk encryption on all of the underlying storage that is associated with your Tonic instances and the associated databases.
Collect logs from Tonic components and analyze them for anomalies that indicate malicious acts, natural disasters, and errors. Analyze anomalies to determine whether they represent security events.
Enable log sharing with Tonic to allow Tonic staff to monitor these logs. Tonic staff can apply their domain knowledge of Tonic to the log analysis.
Tonic releases updates to the Tonic software multiple times a week. Updates can include fixes to improve Tonic security.