DevOps teams are constantly challenged with rapidly developing and releasing full stack apps or backend service processes so that websites and businesses can react and respond to market changes and competitive threats. For many, to avoid delays deploying and managing server resources they turn to serverless solutions like AWS Amplify. AWS offers a modular approach with additional components like AWS Cognito to provide access control / authentication and AWS Lambda to manage the compute resources.
These services allow DevOps to build and deploy website and app capabilities quickly using modular components and standards-based development to mitigate risks and drive reliability. However, when you are developing customer facing apps, the issue of privacy becomes increasingly more vital for compliance and a critical part of driving the user experience and trust in your brand. Therefore, we think DevOps need a standardised privacy component for these RAD environments in order to build in Privacy by Design in an easy to consume way.
Privacy1 is an expert privacy solution developer that provides such a service thats available on the AWS marketplace using our Harpocrates™ product ( Get it here) . Privacy1 provides a privacy framework that gives you a step-by-step guide to implement technical and organisational measures in your apps to ensure personal data is managed legally and ethically.
Personal data should only be accessible with the right permissions for the specific processing purpose on a lawful basis. The period of storage, the extent and purpose of processing and pseudonymisation are all vital considerations. So, how do you implement Privacy by Design in an easy to consume way when systems are being rapidly developed and legacy apps extended and modified ?
Often done by applying privacy processes manually, this leads to a lot of extra coding, delay and approval processes as you are essentially building it for the first time every time. Privacy1 built our solution as an open and flexible platform that brings all the privacy capability you need with the ease of a standardised AWS marketplace component to solve these problems.
The Privacy1 team has years of experience implementing data protection in both small businesses and huge enterprises that serve hundreds of millions of users. But that does not mean we don’t recognise new challenges. Recently, we took a challenge from one of our clients to implement Privacy by Design in an AWS Cognito based data service.
AWS Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily with scalability. The best part? It is hosted by AWS. Our customer production system is simplified in schematic 1 below. AWS Cognito system takes care of all the user management and authentication functions. The rest of the backend functionalities are all implemented in a serverless backend which is achieved by a combination of technology AWS API Gateway, AWS Lambda and a persistence layer AWS Dynamo DB.
Schematic 1 — Classic AWS serverless application stack
Many of our previous experiences implementing Privacy by Design have focused on vendor-controlled technology with the backend systems written and managed internally. In these cases, integrating with our APIs is as easy as finding the right point in the business service code and invoking functions in our SDKs.
However, in this case, all the services are managed by AWS, the rigidity of this third-party technology brings us a challenge in a Privacy by Design implementation as we don’t have a lot of control over the implementation details of those AWS managed services.
The top challenge here was to integrate Harpocrates™ seamlessly into Cognito and the serverless Lambda backend systems.
After some sleepless nights and loss of hair we solved the issues so that you don’t have to. With some inspired configuration and some creation of new serverless Lambda functions we enabled the functionality you see below that went into operation of our customer data services app and finally turned it into a system worthy of Privacy by Design status.
Schematic 2 — AWS serverless application stack with Privacy by Design incorporated by Privacy1
If you are curious about how the implementation is done on coding levels, here is the repository that describes all the details and the code we have open sourced. Without getting our hands dirty on the technical details, let’s go through the high level design we have made for this type of architecture and some lessons we have learned along the way.
Let’s back up a bit to where we started. What is the task again? To implement Privacy by Design in an AWS RAD environment. To understand better about Privacy by Design, this is what the GDPR regulation says :
“Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this regulation and protect the rights of data subjects. “
Privacy1 provides in Harpocrates™ a series of easy to consume compliance tools that provides the capabilities you need to deploy data subject rights management, data permission control, data accountability check, data transparency enforcement, data mapping, and data pseudonymisation.
We provide a front end that you can embed in your app for data subjects such as business consumers or employees to exercise legal rights. There is a management console used by the business to demonstrate the implementation of appropriate technical and organisational measures, and the core of the system that brings the personal and service key encryption and pseudonymisation and integration platform. So, for the details on how to integrate them into a AWS Cognito based serverless business system, here are the four steps we took to fuse those two systems together and make the solution available to everyone.
Step 1 — Integrate Privacy1 with AWS Cognito
First, we need to leverage Cognito to do data subject authentication. We created a simple lambda that fulfils this task. Upon completion of this first step, Harpocrates™ is capable of handling authentication requests from a business’s data subjects. With this in place our communication between data subjects — Privacy Manager — Privacy Front — is connected and all personal data from a data subject to the Privacy by Design system we provide to the business can be processed.
Privacy Manager, allows data subjects to exercise all their regulatory granted privacy rights. It is intelligent enough to register a new user into Harpocrates™ inherently but this should not be triggered by a user action, it should be done by your AWS Amplify/Cognito/Lambda app. This leads us to the second step, embed Harpocrates™ API into the AWS Cognito user registration flow.
Step 2 — Make sure all new registered users are protected
Since Cognito incorporates no data privacy protection into its design, we need to connect Cognito with Harpocrates™ during new user registration. This is done easily by invoking our “new user create API”. Cognito has a trigger called Post Confirmation when a new user has been registered successfully into the Cognito system. We extend the user registration flow to do the extra task, and include Harpocrates™ in the registration. The only reference between a business system and Harpocrates™ is a pseudonymised user ID. This protects the business personal data and meet regulatory compliance, the Harpocrates™ system itself does not store any personal data.
This step guarantees Harpocates is aware of the new users registered into the Cognito system and therefore a business can execute all sorts of data protection measures inside Harpocrates™ to protect the users data and ensure compliance for the business
Step 3 — Data pseudonymisation in serverless Lambdas
GDPR Article 25 identifies Pseudonymisation as an appropriate technical measure. It is also the most powerful tool that Harpocrates™ offers in its solution. With Privacy1 patented pseudonymisation technology, a business can carry out data privacy protection and data security enforcement at the same time.
Step 4 — Make the configuration and additional components open source
As a company committed to the propagation of good personal data management practises to all, we make all our configurations and integrations available to all our customers, so upon download of our solution you have full access to this and all our other out of the box integrations
With that, using standard components, we just turned a system built on AWS technologies into a Privacy by Design system. AWS has done a great job in helping your business develop applications and services without any concern for servers. Privacy1 strives to ensure the business running on the services and all the valuable data in those serverless applications are protected and risks to compliance and brand impacts are mitigated, all built into the underlying architecture with a modular approach.
Privacy1 brings these benefits to the Amazon development stack in an easy to consume, AWS marketplace component. Now you can include privacy by design as you deploy your AWS apps in a standardised repeatable way.
About Us — Privacy1 is a software company headquartered in Stockholm that develops technologies for practical management of personal data. With a vision to empower the consumers and citizens to manage their own personal data, and provide tech to help companies and governments encrypt, secure and automate to ensure they fulfil their privacy promises and meet all level of data regulatory requirements, Privacy1 is about building trust to reset the data privacy balance to the advantage of all.