Skip to main content
Version: v1.105

Security Guidelines for Data Integration Implementations

Even if the technologies leveraged in your integration solution can be considered secure, there are still many security risks in data integration, especially during implementation. With support from Digital Square, we have therefore developed a Security Guidebook for Data Integration Implementations.

Since 2014, we at Open Function Group (the primary custodians of OpenFn) have helped implement nearly 100 data integration solutions for over 45 NGO and government partners around the world. Through our engagements with security teams at different partners, our own research and development, consultations with security experts internal and external, and partnerships with other communities of practice, we have developed a strong understanding of security best practices and considerations for data integration projects that we would like to share with the wider digital development community.

This Guidebook aims to help digital implementers in the Digital Public Good and Global Goods communities better understand security risks and presents 23 best practices for the various implementation phases of data integration projects. It also links to some open-sourced OFG resources our team uses in our own implementation process for OpenFn projects.

You can find a complete list of the 23 best practices on this page below.

To access the Guidebook, check out the below slides or click the link to share & download: https://bit.ly/security_guidebook

Secure Data Integration: 23 Implementation Best Practices

Core Tenets

  1. Understand relevant policies specific to data sharing, storage, and protection
  2. Only extract & transfer essential data points
  3. Document, document, document

Analyze & Plan

  1. Don’t take API security for granted
  2. Budget time for security testing

Design

  1. Resource: Mapping specification template
  2. Resource: Architecture data flow diagram
  3. Resource: Project Security Configuration & Go-Live Checklist
  4. Consider idempotency, unique identifiers, & “upsert” operations to ensure data integrity
  5. Design for failures & transaction reprocessing
  6. Consider data validation

Build

  1. Use change tracking & version control
  2. Encrypt where possible
  3. Use strong authentication; don’t talk to strangers
  4. Authorization scopes to limit access
  5. Log transactions for activity monitoring & control what information is logged

Deploy

  1. Test again, especially credentials, before deployment
  2. Train users and system administrators on integration security
  3. Review your security requirements again before go-live
  4. Determine point of contacts for reporting security issues

Ongoing Monitoring & Management

  1. Consider Governance models for ongoing management & changing requirements
  2. Train partners on change management
  3. Have a strategy for access management

Read on for other resources and implementer communities to check out.

Resources referenced in the guidebook

OpenFn Resources

More implementation guidance can be found across this Docs site. For OpenFn users, learn more about OpenFn security & compliance at openfn.org/trust and openfn.org/compliance.

Here are the key OpenFn templates and resources referenced in the Guidebook:

Communities of practice & other experts

Here are some other communities you may consider following for more security guidance.

  1. OpenHIE Privacy & Security Working Group
  2. GovStack
  3. DHIS2 Security Team & Community of Practice
  4. Asia eHealth Information Network (AeHIN) Communities of Practice