Using Structural securely

To generate de-identified data, Tonic Structural requires access to customer data that might be sensitive in nature, protected by regulation or contract, or that otherwise requires special handling to meet processing obligations.

To ensure the security of your data, when you configure and use the Structural application, Structural advises that you use industry best practices for secure data handling.

We have compiled the following recommendations for using Structural securely. This list of suggestions is not comprehensive, and is based on a general use case.

Your use case might require additional considerations depending on the type of data that is processed, your underlying systems, and other legal and organizational requirements.

Recommendations for both Structural Cloud and self-hosted Structural instances

The following recommendations apply both to Structural Cloud and to self-hosted instances of Structural.

Restrict access to Structural

You should grant Structural accounts to users based on the principle of least privilege. Each user should only have access to the workspaces and datasets that they need to perform their required tasks.

Structural produces de-identified data that is stored in destination databases. Some end users might not need access to the Structural application at all, but still need access to the destination data.

Restricting access to Structural includes restricting access to the application and API keys that provide access to the Structural API.

Review access to Structural

Periodically review the current user access to Structural to ensure that the current access levels are appropriate.

Secure data in transit

Maintain protective measures for data as it moves from your data store to Structural.

Configure databases that the Structural application connects to (source and destination databases) to only accept encrypted connections that use industry standard cryptographic algorithms.

Secure physical devices and access points

Make sure that there are physical security and environmental controls for all of your devices and access points.

This includes devices that are used by remote or home-based employees who use Structural.

Use single sign-on to manage access

If you have a Professional or Enterprise license, use an external identity provider to manage access to Tonic.

When you use an external identity provider, you can control the password, multifactor, location, and other authentication requirements to meet your specific use case.

Additional recommendations for self-hosted instances

For self-hosted instances, the following additional recommendations apply.

Maintain firewalls and restrict network access

Deploy Structural in an environment that prevents unauthorized and accidental access from outside the system.

This can include:

  • Configuring and using web application and network firewalls

  • Using AWS Security Groups, Azure Network Security Groups, or Google Cloud firewall rules to control access to Structural and to control Structural access to other networked devices

  • Using firewalls or stateless access control lists to deny traffic on unapproved ports or based on the traffic direction or type

  • If applicable, allowlisting end-user traffic to IP addresses within a network or VPN

Maintain security for inbound and outbound data

Maintain protective measures for data as it moves from your end users to the Structural application. Configure your infrastructure deployment to use encryption-in-transit. Structural can be configured in multiple ways to use and enforce encryption-in-transit. recommends that all customers who deploy Structural enforce encrypted communication.

Inbound traffic to the Structural application can be load balancer configured with TLS termination. Some customers either do not want to or cannot use a load balancer. In that case, when you set up Structural, you install a certificate to encrypt inbound traffic to the Structural application. You can also use this configuration to ensure encrypted communication between the load balancer and the application.

For outbound traffic (traffic from the Structural application to source and destination databases), you can configure Tonic to enforce SSL/TLS communication.

Require HTTPS for inbound traffic

For increased security, ensure that the Tonic web server only listens on https and not on http.

To configure this, set the environment setting TONIC_HTTPS_ONLY to true.

See Configuring environment settings.

Monitor network traffic

Because of its access to sensitive data, you should configure and monitor network traffic for environments that run the Structural application.

At a minimum, suggests that you use industry standard IDS/IPS systems to detect unauthorized access.

Use disk encryption

Use industry standard disk encryption on all of the underlying storage that is associated with your Structural instances and the associated databases.

Collect and analyze logs

Collect logs from Structural components and analyze them for anomalies that indicate malicious acts, natural disasters, and errors. Analyze anomalies to determine whether they represent security events.

Enable log sharing with to allow staff to monitor these logs. staff can apply their domain knowledge of Structural to the log analysis.

Keep Structural upgraded releases updates to the Structural software multiple times a week. Updates can include fixes to improve Tonic security.

We recommend that you upgrade Structural at least once every two weeks. For details, go to Updating Structural.

Last updated