01-20-2010 02:48 PM - last edited on 01-21-2010 01:42 PM by ghollister
Increasingly, we are required to protect personal client information by encryption of data files (or other means). Almost all of our client information are in our ACT! database. If we can encrypt this information we should be OK. We have ACT! 2010 Premier. I wonder if such encryption is possible with ACT! (we already use passwords) and how to go about it?
01-25-2010 12:42 AM
I don't think it's possible to fully encrypt the database, but it would be possible to create a plug-in the encrypted specific fields... but this could be complex if you wanted to do more that access them in the normal UI. EG to include those fields in reports, templates, exports or some other functions
You need to think about what data you store that is at risk... then look at network security to prevent the database being taken (more complex if users are using sync to laptops or smart phones).
Then you can look at network security to protect the database and, if essential, have a plugin created to secure specific fields or content - GL computing can help with that last bit if you need it and have the budget.
07-08-2010 02:28 PM
TrueCrypt is one of the best encrypting utilities for PCs (and it's free open-source code, see http://www.truecrypt.org/). Blogging at http://community.act.com/t5/ACT/Act-TrueCrypt-and-CompanionLink-for-Android/m-p/72811 includes other ACT owners who successfully use TrueCrypt with ACT. But, as Greg Martin says in http://community.act.com/t5/ACT/How-to-use-TrueCrypt-and-Act/m-p/73443, one of the reasons Sage switched to SQL was to include transparent encryption (TrueCrypt allows for slightly stronger encryption and control). Note, there are many tools for brute force hacking of passwords - so, IMHO you should double the lenght of a person's normal password (making brute force much harder)... as one would with any encryption. I would quess HIPPA requirements for user names, data encryption, strong passwords, audit trails, inactivity timeouts, etc can be met by ACT / SQL / Windows for the lone workstation (I don't believe, though, there is any formal HIPPA certification process for anyone, like Sage, to guarantee compliance). I understand HIPPA also (reasonably) requires encryption for any network activity as well as all backups (which is often overlooked).