Data encryption made easy

Sam Sehnert

Chief Technical Officer

Categories:

In this video, Sam Sehnert, CTO here at Custom D, shares his vast knowledge (with you, and the audience at Laracon AU 2023) on encryption, privacy and securing your personal data.

Most countries have similar privacy rules these days, with a few differences, but to summarise;

We must have a legitimate reason to store peoples pii (personally identifiable informations), and if we do it's our responsibility to keep that information safe and secure.

The best approach is to take a defence in depth strategy - basically, putting security in place at every level of your organisation. The thinking is that if one line of defense is compromised, additional layers exist as a backup to ensure that threats are stopped along the way. Defense in depth addresses the security vulnerabilities inherent not only with hardware and software but also with people, as negligence or human error are often the cause of a security breach.

Data Encryption - Defence in Depth strategy

In the video Sam talks about encryption & hashing, their differences, how to implement them, and, their limitations.

Effective data encryption is easy... easy to get wrong!

Maintaining all the logic required, managing keys stores, mapping to the right users, and all the layers of encrypting and decrypting can get pretty confusing and difficult to manage — and it's only as effective as your ability to protect encryption keys.

So - to make it easy, we built a library: Eloquent Model Encrypt. This takes care of all the hard bits of this process. We've battle tested it for over 5 years in productions systems for our clients. The package is designed to be flexible and extendable.

We hope you find it useful and it helps protect your users. All feedback is welcomed and responsible disclosures are appreciated.