encrypting Gravity Forms data

[Beth]

Hi all,

Has anyone used Gravitate Encryption to encrypt gravity forms data? view more product info here: http://www.gravitatedesign.com/blog/wordpress-and-gravity-forms/ or here: https://wordpress.org/plugins/gravitate-encryption/

I'm wondering if any of you have any good or bad experiences with this. This is the first time I've needed to collect data that should be encrypted from a gravity form. Any other info or advice for encrypting data?

Beth 

[Peter - Computer Steroids]

Once it's collected what are you plans to do with the data? Store it
in a database?

I'm looking forward to hearing back from you!
Thanks, Peter (612)234-2768 computersteroids.com

[Beth Backen]

Yes, once it's collected the (hopefully encrypted) data will be stored in the database.

--
You received this message because you are subscribed to the Google Groups "Minneapolis St. Paul WordPress User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mpls-stpaul-word...@googlegroups.com.
To post to this group, send email to mpls-stpau...@googlegroups.com.
Visit this group at http://groups.google.com/group/mpls-stpaul-wordpress.
For more options, visit https://groups.google.com/d/optout.

[Nathan Corbier]

What level of protection are you trying to achieve? I've noticed that it supports OpenSSL using a 2048bit RSA key, which I think is OK, but really to give advice about this, the (general) type of information being encrypted, the level of threat, and what (if any) regulatory standards you have to obey when handling the data.

Is the data being inputted via SSL? Is there a valid SSL certificate on the website? Is this on shared hosting where someone could have a rootkit watching everything going on on the web server? 

Lots of questions.

If this is something that, should it be compromised, ends you up on KTSP as a story -- there's also other considerations like insurance, liability, etc to consider as well.

Nathan Corbier

Founder and President

E-Mail: nathan....@corbierandassociates.us

Twitter: @nathancorbier

Corbier and Associates Corporation

Promises Made. Promises Kept.

Web: http://corbierandassociates.us/

Twitter: @corbierandassoc

Phone: 612-567-9620 (M-F 0900-1700 Central)

[Beth Backen]

Thanks for your reply Nathan.

They want to capture employee data (including Social Security, which is what I'm concerned about) from new applicants in one consolidated form. No financial or banking data involved.

They don't currently have an SSL certificate, but I've already mentioned that as a requirement if they are to collect this data in an online form. They are on very cheap shared hosting.

The security measures I'm thinking about are:

get an SSL certificate on the site.

encrypt the form (entries in database would be encrypted)

exclude SSN from email notifications of the form

verify that strong passwords are used/enforced in the admin and limit access of personal data to only the relevant person within the company

It's not a huge company and there's no financial data involved, my concern is more about general hackers that normally attack wordpress sites, but then we don't really know what kind of breach might happen. I don't feel I have enough info about regulatory standards for collecting sensitive applicant/employee data and will have to learn more. I will have to get more info about their internal processes too.

[Peter - Computer Steroids]

Just an idea use a cellphone number in place of a social security number.

[Nathan Corbier]

Biggest thing is, "Why are we taking SSNs and putting them into an employee database?" Is it for I9 reporting? Actually, it doesn't matter, lets pretend its a valid reason.

Cheap shared hosting and Personally Identifying formation don't really mix. But, unless the client is required to maintain information security to a set standard under penalty of law, you don't need to go all out and follow the GSA Privacy Directive or FIPS standards for information security -- your client probably doesn't want to afford that level of protection and they aren't being actively targeted by an adversarial group. 

As long as you have a contract in place that removes liability in cause their inaction or action (their fault) causes them to have a data breach, you're reasonably certain that the security precautions you've taken are secure to defeat the types of people you reasonably believe to be the threat, and you're not negligent in your security practices, I think this plugin is enough.

Mainly because it uses an industry standard cryptological solution, Shared Key Authentication through OpenSSL, I think the plugin itself is secure enough (if properly setup to the instructions) hold personally identifiable information as long as it is keyed in from a website that is protected via SSL as well.

Hopefully someone else has more experience with general business requirements for PII and can say something on this. 

ᐧ

Nathan Corbier

Founder and President

E-Mail: nathan....@corbierandassociates.us

Twitter: @nathancorbier

Corbier and Associates Corporation

Promises Made. Promises Kept.

Web: http://corbierandassociates.us/

Twitter: @corbierandassoc

Phone: 612-567-9620 (M-F 0900-1700 Central)

[Beth Backen]

Thanks again Nathan and Peter for the discussion. 

Just to circle back and tell you the result: I concluded that the risk of a login attack on wordpress was too high so that even with encryption working properly the data could still be breached. When I explained that to the client they agreed to keep the most sensitive pieces of data off the form AND still encrypt the form AND add the SSL certificate. So I feel that we've covered our security very well. My contact person said that she had also asked an internal it person about it and she said he really scared her so some person I've never met was backing up my position.

Beth

[Julia]

Not sure if you still need a solution but you should look into Gravity Forms Encrypted Fields on Codecanyon.

https://codecanyon.net/item/gravity-forms-encrypted-fields/18564931

It's pretty new and has options that can keep data secure even in the event of a login breach. For us it's been great in terms of setting up an environment secure but flexible to let you manage data differently for different users. Has solutions to issues we hadn't even thought of when we first wanted to encrypt the form data. :)

[Nick Ciske]

I'm curious what kinds of data you're encrypting?

If you're using this for PCI data (credit cards) or ePHI (HIPAA) I can almost guarantee this would not meet either standard for Encryption at Rest or access control. 

So I'm curious what you'd be encrypting with a plugin like this... and if the client realizes this is basically security theater.

The strength of the encryption doesn't matter if the keys are stored next to the lock...

_______________________ 

Nick Ciske 

CTO / Director of Web Engineering

Cimbura.com

@nciske

http://cimbura.com/

[greg.pe...@gmail.com]

I'll second the Gravity Forms Encrypted Fields plugin.   ..Its leaps beyond gravitate for actual security regarding encryption and user access control. It basically has user access control in mind with all its options, but yes  ..the site dev and admin have to set up the rest of the complete environment to meet any given standards they need to meet and secure the site as a whole of course.

[123frodo123f...@gmail.com]

Agreed. 

But the plugin being suggested is not Gravitate ..its "Gravity Forms Encrypted Fields" which I use and is a premium plugin and doesn't just store the key in the database. It uses split and separately stored keys and a database breach wouldn't leak the key. And with its admin lockout an admin login breach would not even leak the key or give unauthorized permission if the data is locked down until you need to access it. It also handles user/role access control to the encrypted data.  If you configure it properly, aside from someone obtaining full file system and database access to your site your data is safe, but a plugin can't handle that security, of course the web dev would have to set up a secure and compliant server environment and  data transmission via SSL ect. but I believe the plugin has some built in file access controls ect. to help with that stuff and also points out you need to handle your servers security along with user access both through the plugins access controls and via WordPress own user permissions. 

[Nick Ciske]

So as long as everything else is setup correctly (private server, only sftp access via public key, strong passwords, openbasedir restrictions, jailed shell, etc), and there's not a privilege escalation bug in WordPress (because there has *never* been one of those), or a user with a weak or reused password, or a plugin that allows you to read the wp-config file (cough Revolution Slider), or a plugin that allows you to upload a php file/fake image that can be executed and outputs the PHP global... you should be fine. Probably.

I'd be very, very careful what I encrypt with either plugin. Certain data should never be stored in WordPress (encrypted or not).

I'm just trying to make it clear these are not silver bullet solutions, lest someone happen upon this thread in the future and think "install an encryption plugin" is the only step needed.

~ Fin ~

_______________________ 

Nick Ciske 

CTO / Director of Web Engineering

Cimbura.com

@nciske

http://cimbura.com/

--

You received this message because you are subscribed to the Google Groups "Minneapolis St. Paul WordPress User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mpls-stpaul-word...@googlegroups.com.
To post to this group, send email to mpls-stpau...@googlegroups.com.

Visit this group at https://groups.google.com/group/mpls-stpaul-wordpress.