TOPAZ & Data Security: Encryption

Encryption involves the “scrambling” or encoding of data so that it can only be read via the use of an encryption “key”.  From our perspective, there are two flavors of encryption—encryption of the data streams and “encryption at rest”.

Encryption of the data stream prevents “snoopers” from stealing data as it travels through the Internet. This type of encryption is fairly easy to implement. Our formal position on this type of encryption reads as follows:

“TOPAZ uses industry standard cryptographic libraries that are part of the Microsoft Windows operating system and the Microsoft development tools which we use for development.

We recommend our clients use Secure Socket (SSL) transport between the client and server, achieved via industry standard SSL security certificates issued by commercial certificate authorities and generally created with 2048-bit or higher encryption. If TOPAZ provides hosting, these recommendations are used.”

This is a fancy way of saying, “use https”.

Encryption at rest is a little more complicated to implement, as it affects the actual application.  This would encrypt the data that sits quietly in the database, and you could only then read that data if it was decrypted within the application. Given that Elements includes things like TOPAZ Reporter and a Web Services based API, this would be very expensive to implement.

It would also make things like troubleshooting and debugging significantly more complicated.

For this reason (and because of the low risk), Elements only encrypts user passwords at rest. This only impacts those customers who use local authentication, which we’ll touch on in more detail later

You May Also Like…

Clarifying the Reporting Requirements

Clarifying the Reporting Requirements

It's Important to stay aware The National Institutes of Health (NIH) Office of Laboratory Animal Welfare (OLAW) released its “Request for Information (RFI) on Clarifying the Reporting Requirements for Departures from the Guide for the Care and Use of Laboratory...

How does Health Check Work?

How does Health Check Work?

In our last blog post, we detailed the importance of conducting regular Health Checks. This week, we will take a look at the different ways that a Health Check can be done, as well as other factors that should be considered when evaluating your processes.   What is a...

The Importance of Regular Software Health Checks

The Importance of Regular Software Health Checks

Purchasing laboratory management software may seem like the obvious fix for an institution’s productivity. Robust software that streamlines processes and improves workflow are highly valued and touted as a must-have for any organization with an animal research...