Skip to content

Data Security

In the era of cloud computing, data security is of utmost importance. Having comprehensive data protection capabilities enhances visibility and insight, automatically warns of security risks, and thus improves overall protection capabilities, ensuring data is available and compliant.

When using TrueWatch , its built-in tools will perform risk assessments and process received data.

How to Reduce Data Risks?

TrueWatch collects monitoring information from your infrastructure and services for centralized management, making it convenient for you to analyze and process anytime. During this process, servers transmit various types of data. Normally used TrueWatch servers send all kinds of data content. The data collected by the TrueWatch product mostly does not contain personal privacy information. For potentially unnecessary personal data, we provide detailed explanations and suggestions to prevent confusion. TrueWatch provides multiple ways to help reduce data risks.

Data Security Considerations on the DataKit Side

HTTPS Data Upload

All DataKit data is uploaded via the HTTPS protocol, ensuring secure data communication.

Limited Downstream Mechanism

The central server cannot issue commands to be executed by DataKit. All requests are initiated actively by DataKit. DataKit can only periodically pull some relevant configurations (such as Pipeline and blacklist configurations) from the center. The central server cannot issue commands to execute on DataKit.

Field Value Masking in Tracing Collection

During the Tracing collection process, some SQL statements' execution may be collected. The values of fields in these SQL statements will be masked. For example:

SELECT name from class where name = 'zhangsan'

will be masked as

SELECT name from class where name = ?

Pipeline and Blacklist Mechanism

If there are indeed some sensitive data that cannot be removed during collection, specific functions within the Pipeline (like the cover() function which replaces certain parts of a string with *) can be used to mask sensitive data (e.g., phone numbers).

Additionally, configuring blacklists can also prevent the upload of sensitive data.

Sensitive Data Scanning

Sensitive data scanning functionality can identify, mark, and edit data containing personal privacy and other risks. As a security defense line, it effectively prevents the leakage of sensitive data.

For more details, please refer to Sensitive Data Scanner.

Logs

The use of TrueWatch's service generates numerous log records. Due to the strong correlation of log data itself, specific rules must be applied during the collection and analysis processes to filter massive amounts of log data.

By configuring sensitive fields in log data, members with corresponding permissions will only see the masked version of the log data.

Access control of data is another key method to reduce the security risks of log data. By setting different log data query scopes for different roles, data can be isolated, achieving comprehensive management and filtering of sensitive data.

For more details, please refer to Multi-role Data Access Control.

Snapshots

TrueWatch's snapshot service acts as an instant copy of data, containing exception data filtering conditions and records. When sharing monitoring data, setting data masking rules or deciding the sharing method when sharing snapshots can generate access links with specified viewing permissions, automatically forming a data shield.

For more details, please refer to Snapshots.

RUM

When collecting related data about user visits, the RUM (Real User Monitor) SDK customizes modifications and interception of data to avoid the flow of sensitive data.

For more details, please refer to SDK Data Interception and Modification.

Session Replay Privacy Settings

Session Replay offers privacy controls to ensure no company exposes sensitive or personal data. And the data is encrypted at rest. The default privacy options for Session Replay aim to protect end-user privacy and prevent the collection of sensitive organizational information.

Global Configuration

By enabling Session Replay, sensitive elements can be automatically masked so they aren't recorded by the RUM SDK.

To enable your privacy settings, set the defaultPrivacyLevel in your SDK configuration to mask-user-input, mask, or allow.

import { datafluxRum } from '@cloudcare/browser-rum'

datafluxRum.init({
  applicationId: '<DATAFLUX_APPLICATION_ID>',
  datakitOrigin: '<DATAKIT ORIGIN>',
  service: 'browser',
  env: 'production',
  version: '1.0.0',
  sessionSampleRate: 100,
  sessionReplaySampleRate: 100,
  trackInteractions: true,
  defaultPrivacyLevel: 'mask-user-input' | 'mask' | 'allow',
})

datafluxRum.startSessionReplayRecording()

Once the configuration is updated, you can override the privacy settings for elements in your HTML document:

Mask user input mode: Masks most form fields such as inputs, text areas, and checkbox values while recording all other text as-is. Inputs are replaced with three asterisks (***) and text areas are obfuscated with x characters preserving space.

Note

By default, mask-user-input is enabled as the privacy setting when session replay is turned on.

Mask mode: Masks all HTML text, user input, images, and links. Text on applications is replaced with Xs, rendering the page as a wireframe.

Allow mode: Records all data.

Some limitations:

For data security considerations, regardless of the defaultPrivacyLevel you configure, the following elements will always be masked:

  • Input elements of type password, email, and tel;
  • Elements with the autocomplete attribute, such as credit card number, expiration date, and security code.
Custom Configuration

Session Replay supports masking functionalities for sensitive elements, allowing flexible configuration based on business needs, such as sensitive information like mobile phone numbers. Below are specific methods of operation:

Configure Masking Through Element Attributes

You can add the data-gc-privacy attribute to elements that need masking, supporting the following four attribute values:

• allow: Allow data collection, no masking.
• mask: Mask content, displaying it in masked form.
• mask-user-input: Mask user input, preventing recording of sensitive input data.
• hidden: Completely hide content.

Example code:

<!-- Allow data collection -->
<div class="mobile" data-gc-privacy="allow">13523xxxxx</div>

<!-- Mask content -->
<div class="mobile" data-gc-privacy="mask">13523xxxxx</div>

<!-- Mask user input -->
<input class="mobile" data-gc-privacy="mask-user-input" value="13523xxxxx" />

<!-- Hide content -->
<div class="mobile" data-gc-privacy="hidden">13523xxxxx</div>
Configure Masking Through Element Class Names

Supports implementing masking functionality by adding specific class names to elements. Currently supported class names include:

• gc-privacy-allow: Allow data collection. • gc-privacy-mask: Mask content. • gc-privacy-mask-user-input: Mask user input. • gc-privacy-hidden: Completely hide content.

Example code:

<!-- Allow data collection -->
<div class="mobile gc-privacy-allow">13523xxxxx</div>

<!-- Mask content -->
<div class="mobile gc-privacy-mask">13523xxxxx</div>

<!-- Mask user input -->
<input class="mobile gc-privacy-mask-user-input" value="13523xxxxx" />

<!-- Hide content -->
<div class="mobile gc-privacy-hidden">13523xxxxx</div>
Use shouldMaskNode to Implement Custom Node Masking Policies

In certain special scenarios, customized masking processing might be needed for specific DOM nodes. For instance, in applications with high security requirements, you might want to uniformly mask all numeric text content on the page. This requirement can be achieved by configuring a shouldMaskNode callback function, enabling more flexible privacy control policies.

import { datafluxRum } from '@cloudcare/browser-rum'

datafluxRum.init({
  applicationId: '<DATAFLUX_APPLICATION_ID>',
  datakitOrigin: '<DATAKIT ORIGIN>',
  service: 'browser',
  env: 'production',
  version: '1.0.0',
  sessionSampleRate: 100,
  sessionReplaySampleRate: 100,
  trackInteractions: true,
  defaultPrivacyLevel: 'mask-user-input' | 'mask' | 'allow',
  shouldMaskNode: (node, privacyLevel) => {
    if (node.nodeType === Node.TEXT_NODE) {
      // If it's a text node, check whether the content contains numbers
      const textContent = node.textContent || ''
      return /\d+/.test(textContent)
    }
    return false
  },
})

datafluxRum.startSessionReplayRecording()

In the above example, the shouldMaskNode function evaluates all text nodes. If the content includes numbers (e.g., amounts, phone numbers), it will be automatically masked, thereby enhancing user data privacy protection.

Some Recommendations

  • Priority Rules:

    • If both the data-gc-privacy attribute and class names are set, prioritize according to the project documentation.

  • Applicable Scenarios:

    • allow: Suitable for regular data that doesn't require masking.
    • mask: Suitable for masking sensitive data, e.g., phone numbers.
    • mask-user-input: Suitable for protecting input content, e.g., password fields.
    • hidden: For content you do not wish to display or record.

  • Best Practices:

    • Prioritize simple and clear methods (like class names or attributes) to ensure accurate configuration.
    • In high-sensitivity data scenarios, such as user privacy forms, recommend using mask-user-input or hidden.

Using the methods mentioned above, you can flexibly configure masking rules for sensitive elements, enhancing data security and meeting business compliance needs.