Adobe Campaign Standard

AEM_Forum · 12/19/17

Hi,

Kindly suggest how to Enable the client to implement techniques such as data partitioning, pseudonomisation, anonymization, encryption on Adobe Campaign data.

Appreciate your replies.

Thanks,

Rama.

Amit_Kumar · 1/31/18

Hi Rama,

Have you have seen Adobe Security guidelines?

http://wwwimages.adobe.com/content/dam/acom/en/marketing-cloud/campaign/pdfs/54658.en.campaign.wp.ad...

If your instance is hosted by Adobe, ask support to install GPG utility on the server.

Get public-private key pair generated for outbound transfer.

While doing export, you can encrypt the file on Campaign server and also provide the public key to external sFTP server team for decrypting the file. And use vice-versa to decrypt the file to decrypt at adobe campaign.

This can be done in file load activity and js activity, and for all the transfer via the database, it happens via secure transfer so that should be covered.

For deletion, if it's hosted by Adobe you are covered because it's Adobe's responsibility to ensure the compliance if it's on the premise, Move all the data marked as delete to an Archiving location and use Gutmann method to delete which will ensure that you are covered.

https://en.wikipedia.org/wiki/Gutmann_method

A sample tool buit ontop of this method, use this for Linux environments.

http://manpages.ubuntu.com/manpages/xenial/en/man1/shred.1.html

PS: Build a new strategy for data sharing between two markets based on the permission.

Regards,

Amit

View solution in original post

florentlb · 1/2/18

Hi Rama,

The first thing that comes to my mind here is this section about restricting PII view: https://docs.campaign.adobe.com/doc/AC/en/CFG_Editing_schemas_Restricting_PII_view.html

Now, that does not answer all of your question so I've forwarded it to our security team to get their point of view as well.

Thanks,

Florent

AEM_Forum · 1/30/18

Is there any update as yet Florent?

I need the answer very urgently.

Appreciate all your support.

Thanks,

Rama.

florentlb · 1/30/18

Hi Rama,

Encryption and anonymization are I think already possible with Campaign. As for the other parts, some product enhancements are on the way to help companies using Adobe products to comply with GDPR regulations. More information will be provided shortly by the product team (in a few weeks).

Florent

AEM_Forum · 1/30/18

Thanks Florent for responding.

"Encryption and anonymization are I think already possible with Campaign".

How are they achieved?

Using Configurations (where in the tool?) or customization (coding)?

Since this info is very urgent, kindly update me as soon as you receive it from the product team.

Thanks,

Rama.

florentlb · 1/31/18

Hi Rama,

Can you confirm that your requests are related to GDPR compliance?

In any case, I'd recommend reaching out to support so they log in all your different requests and provide you with the existing solutions, and put you in relation with our security specialists directly, since people on this forum won't have real insight on GDPR enhancements before it's live in a few months.

Florent

AEM_Forum · 1/31/18

Thanks Florent for responding.

Yes, my requests are related to GDPR compliance, but approaching security specialists, etc from my side would take a long time.

By May-18, GDPR compliance should be achieved.

Kindly try to answer from the product capabilities, as it stands currently and also reach out to them for the things unclear to you.

Thanks,

Rama.

Amit_Kumar · 1/31/18

Hi Rama,

Have you have seen Adobe Security guidelines?

http://wwwimages.adobe.com/content/dam/acom/en/marketing-cloud/campaign/pdfs/54658.en.campaign.wp.ad...

If your instance is hosted by Adobe, ask support to install GPG utility on the server.

Get public-private key pair generated for outbound transfer.

While doing export, you can encrypt the file on Campaign server and also provide the public key to external sFTP server team for decrypting the file. And use vice-versa to decrypt the file to decrypt at adobe campaign.

This can be done in file load activity and js activity, and for all the transfer via the database, it happens via secure transfer so that should be covered.

For deletion, if it's hosted by Adobe you are covered because it's Adobe's responsibility to ensure the compliance if it's on the premise, Move all the data marked as delete to an Archiving location and use Gutmann method to delete which will ensure that you are covered.

https://en.wikipedia.org/wiki/Gutmann_method

A sample tool buit ontop of this method, use this for Linux environments.

http://manpages.ubuntu.com/manpages/xenial/en/man1/shred.1.html

PS: Build a new strategy for data sharing between two markets based on the permission.

Regards,

Amit