Pretty much every organization of any size is paying close attention to the adoption of security practices in order to manage and protect their most sensitive data, including personal identifiable information (PII), personal health information (PHI), or other customer and financial data. For any team using SaaS tools, data protection is a table-stakes requirement. For compliance regulated industries — banking, financial services, healthcare. etc — the stakes are higher and negligence or a breach can bring a business to a screeching halt. In those industries, SaaS tool vendors are asked about SOC 2 Type II certification, which means the provider securely manages your data to protect the interests of your organization.
Honeycomb’s engineering team, led by VP of Engineering Emily Nakashima, architected the Secure Tenancy capability in 2018, which just received a patent by the U.S. Patent and Trademark Office. Honeycomb’s engineers Chris Toshok and Ben Hartshorne with co-founders Christine Yen and Charity Majors designed a way to operate Honeycomb in the most secure way aligning with data privacy and protection concerns. The easiest way to think about the patented approach is that it enables teams with stringent requirements around data storage to use Honeycomb with confidence. Now, all Honeycomb Enterprise plan customers have that confidence easily available.
Simply put, Secure Tenancy provides you the ability to analyze your production data with Honeycomb in a way where your sensitive data never reaches Honeycomb infrastructure.
The storage and masking details for Secure Tenancy come in two distinct flavors. In either case, the net effect is that Honeycomb infrastructure never has access to your sensitive data in plaintext. Data is masked using keys you control and that are never sent to Honeycomb. That functionality is enabled with by setting up an on-premises proxy server with a MySQL backend data store within your infrastructure. Your data is decrypted only by authorized users and Honeycomb’s infrastructure never receives any plaintext sensitive data.
“We share the same concerns about storing sensitive data as our customers. Anything we can do to help ensure our mutual safety is a big win for everyone involved,” commented Chris Toshok, senior engineer at Honeycomb. “There should be no way for an attacker to craft a document that contains anything material with this approach. It’s near impossible to brute force your way to figuring anything out in this setup.”
Secure Sensitive Data in Your Observability Journey
The additional work to setup Secure Tenancy involves a load balancer, a MySQL instance, and high availability configuration. With just those components, you can reliably get your team to start sending production event data to introspect and troubleshoot, all without ever sending any unencrypted sensitive data to Honeycomb. If you are in an organization with concerns around data privacy and security, or you’re subject to industry regulations like HIPAA or GDPR, you can use Secure Tenancy to start your observability journey today.
Skedulo provides mobile workforce management solutions for desk-less workers. “Home health care providers trust Skedulo to protect their client’s personal and health information,” commented Will Thames, Skedulo. “Honeycomb’s Secure Tenancy means that protected health information remains secure within Skedulo’s data stores, allowing teams to use Honeycomb’s world class observability platform without sharing any client’s private data, satisfying HIPAA requirements.”
“At Honeycomb, we’ve always known the power and flexibility of SaaS tooling that will win over the legacy on-premise approach,” said VP of Engineering Emily Nakashima. “However, sensitive data like PHI has long been one of the sticking points that has made it harder for companies to take advantage of the SaaS future. I’m proud that our team has designed and implemented an innovative SaaS solution that doesn’t sacrifice the security and privacy of on-prem and brings with it all the benefits of SaaS,” added Emily.
Be sure to check out the press release.
If you’re interested in Secure Tenancy or other Enterprise features, you can reach out our sales team at firstname.lastname@example.org.