Table of сontents
- How to use the InCountry platform
- What should I use to store data in-country in a monolithic web app?
- How do I process data within the country of origin when cross-border transfer is forbidden?
- How do I use my own keys for encryption of protected data?
- How do I output regulated data in the application frontend?
- How do I aggregate data across multiple countries?
- How do I handle production data with InCountry?
- How do I add data residency to my Salesforce?
- How do I add PCI DSS compliance with data residency into my application?
How to use the InCountry platform
How do I set up an account on the InCountry platform?
- Create a free account on the InCountry Portal.
- Create an environment.
- Create a client.
- Use the received credentials (Client ID and Client Secret) to upload data to the InCountry platform.
What should I use to store data in-country in a monolithic web app?
If you have a monolithic web app that manages regulated data, you can take advantage of the HTML Gateway component. It can handle the regulated data within the HTML output from the backend of the monolithic web app.
Please contact InCountry for a free consultation and details on this.
You can perform HTTP requests and use the server-side encryption within the InCountry REST API. It provides all the essential operations on regulated data, but you can do this on the server side of your application without full integration into its code base.
How do I process data within the country of origin when cross-border transfer is forbidden?
InCountry Serverless provides a capability to perform additional data manipulations on regulated data besides its storing on the InCountry platform. It lets you execute serverless functions in the country of origin without transferring data for validation or aggregation to the country where the application server resides.
For implementing such complex scenarios, you can take advantage of Serverless. This component of the InCountry platform lets you manage and execute serverless functions against protected data in the country of origin without leaving it. This is extremely helpful when your application server is located in another country and you cannot perform validation or aggregation of protected data that cannot cross domestic borders and be processed outside its country of origin. As in this case, you may violate the compliance regulations.
For the details on Serverless, please see our product documentation.
How do I use my own keys for encryption of protected data?
You can take advantage of our BYOK option (Bring Your Own Key) and use your own encryption keys for encrypting regulated data that you store on the InCountry platform. You have full control over the encryption keys and manage the key rotation depending on your needs. This way you keep the highest security level for your data records stored on the InCountry platform.
For the details on BYOK, please see our product documentation.
How do I output regulated data in the application frontend?
You can use either Border or REST API to query regulated data from the InCountry platform and passing it to the application frontend for rendering.
The way to fetch regulated data for showing in the application frontend (visual interface) mainly depends on the way you write data to the InCountry platform. We strongly recommend that you use the same InCountry component for both writing and reading data in-country. Integration of different InCountry products will require additional time and effort from your side, so in most cases, they will be extensive. If you are not sure about which InCountry product to choose for a specific task of yours, please contact our support team to get a free consultation.
How do I aggregate data across multiple countries?
The InCountry platform supports three data regulation models that you can use for handling regulated data. For the specifics of each model, please see the Data regulation models page.
Depending on the used data regulation model, you may encounter the following situations:
- you can aggregate data across multiple countries. Such scenario is supported in the replication model that does not prohibit cross-border data transfers. So you can replicate data into some data lake and further perform aggregation and analysis of this data.
- you cannot aggregate across multiple countries and can do this for each country in particular. Such scenario pertains to the restricted and redacted models that do not tolerate cross-border transfer or allow data for only viewing outside the country of origin, which is insufficient for data aggregation and analysis.
You can use the InCountry REST API for querying data from the InCountry platform and pushing it to your BI tool while considering specifics of the currently used data regulation model. InCountry Border cannot be used for such scenario. Here you should consider that InCountry products can output up to 100 records per request so it may take a while to fetch the regulated data for aggregation and analysis.
The InCountry platform also supports Tableau so you can connect to the regulated data store and fetch records for aggregation in Tableau. Please contact our support team to get a free consultation.
How do I handle production data with InCountry?
When you need to move the production data to the InCountry platform, you can use the bulk data import operations in InCountry REST API.
To map records stored on the InCountry platform to records without regulated data stored in your application database, use the current record identifier in your application database as a value in the
profile_key field on the InCountry platform.
How do I add data residency to my Salesforce?
You can use the InCountry Data Residency for Salesforce package that supports three data regulation models implementing different behavior and workflows for handling regulated data in Salesforce and redacting this data when viewing it outside the country of origin.
For the details on this solution, please see our product documentation.
How do I add PCI DSS compliance with data residency into my application?
You can use Payment Vault that can be integrated into your web application or web-based mobile application on iOS or Android.
It provides a web form for entering the payment card details. This form integrates with the InCountry platform, so your application does not even touch the payment card data itself, while the InCountry platform handles this and routes this information to the service provider while storing the credit card data in the secure data store. Additionally, you can localize the retention of payment card data in the country of origin where a credit or debit card originates.