Secure Emergency Exports
It is recommended to setup daily or even hourly exports of important reports to prepare for possible desasters. Only Enterprise Subscribers may choose and FTP Export Target. All others are limited to email exports. However, this way massive amounts of sensitive customer data is transmitted over possibly insecure connections (unencrypted email / SMTP). That could be a GDPR violation!
I suggest making secure/encrypted sFTP Exports available for everyone and/or implement a way to guarantee secure email transmission (at least SMTPs with certifcate pinning).
Also those reports may be a potential risk when at rest (stored in an email account or in an unsecure FTP Server). Thus exported data should be encrypted by default with a customer provided key. In case of a desaster this key can be used to decrypt the data at rest.
More thought and consideration needs to be put in this issue.
Just referring to email exports is not sufficient and possibly illegal in Europe.
Jean-Philipp SPIESS
shared this idea
