As you can see from the Security and privacy page, AppMon is able to measure application performance on the user side. At the same time it is also able to capture sensitive user data. It is your responsibility to handle it according to applicable laws. Here you can find how to do it.
Here are general step you need to take:
- Configure which data you're capturing. Don't capture the personal information unless it's absolutely necessary. Respect user's privacy settings, and never capture credit card details.
- Protect captured data on its way between your application and AppMon and in AppMon storage.
- Configure the rights to access AppMon. Only let AppMon users to see what they need. Limit the number of users who can configure your AppMon installation, and who can perform audit of it.
Prevent capture of confidential data
AppMon UEM's high business value is derived from its ability to measure end users' experience of a website. It provides insight into an individual user's session to see how quickly the web pages render and measures overall performance on the client side. The built-in features of AppMon allow you to configure and operate it in accordance with privacy regulations, which may prevent you from capturing certain information about your users. For example, you should never configure your Business Transactions to capture credit card details.
To capture additional information, you must configure AppMon to tag user visits. For example, if a user logs on to your web shop, you can identify the user by account data and then see what the user does on your web page. This function is helpful for user complaint resolution: If the user has a problem and contacts your support desk, Customer Support can identify the user's session and find out exactly what happened.
You can configure visit tagging through System Profile Preferences > User Experience > <application name> > General. See User experience - general settings to learn how.
To obey privacy requests, tag users with a parameter that does not allow direct user identification: for example, the department or location instead of the account ID; or don't tag visits at all.
Although this feature offers a powerful means of providing high service levels to external visitors, it violates privacy regulations if you configure it for use on your internal applications. In EU countries, it is illegal to track employees. To comply with privacy regulations, do not identify internal users directly. Use aggregation information instead; for example, track the department or site that the user comes from.
AppMon privacy settings
AppMon provides a set of properties to care about end user privacy. You can find them in System Profile Preferences > Data Privacy.
IP address masking
Data protection laws in some countries require to anonymize IP addresses of your users for data protection reasons. That means you cannot store the complete IP address.
To follow these laws, enable IP address masking. AppMon anonymizes the IP address of your customers as soon, as it technically feasible, at the earliest possible stage of connection. The masking occurs in memory. Full IP addresses are not written to disk. The masking replaces the following part of the IP address with zeros:
- IPv4 last octet of the monitored IP address.
- IPv6 last 80 bits of the monitored IP address.
Do not track
Modern browsers support the do not track feature, which is a technology that enables end users to opt out of tracking by websites. Although accepting a user's tracking opt-out setting is not activated by default, you can configure AppMon to accept the opt-out. In such instances, AppMon UEM respects the user's privacy, does not set a cookie, and does not measure that user's performance experience.
User actions masking
Some HTML elements may contain private information, for example a button with user's name as a caption. Also, user may type in personal information, for example while filling in shipping address. By default AppMon captures such things, and they are seen as names of user actions, like click on "Button", or keypress "Key", therefore revealing private information.
Select Enable masking of the user action names to prevent such revealing. When the feature is active it displays HTML element's tag name, instead of the caption. It also suppresses capturing alphanumeric keypress values. This is done at the earliest possible stage of collection, so it is not sent on the monitor signal.
Data can also be collected by memory dumps. AppMon collects memory dumps for diagnostic purposes when a Java virtual machine or .NET instance runs out of memory. Such memory dumps can contain confidential data.
You can turn off the automatic generation of memory dumps. Additionally, you can use permissions to restrict the manual generation of memory dumps. Permissions for analyzing memory dumps can also be restricted.
See Memory diagnostics to learn more about memory dumps usage.
Protect captured data
Even if you don't capture personal data, the information you do capture needs to be protected.
Data in transit
Most Agents are located inside the application infrastructure, either on the web or on application servers. For performance reasons, the communication between the Agent and the Collector is in plain format. Combining performance and security reasons, the Collector should be located in the same network and behind a firewall.
Because data transmission between Classic Agents and Collectors is not encrypted by default, you must either restrict physical access on the network or put a Collector on the same machine as the Agent. If it is not possible, you can enforce SSL communication between Classic Agents and Collectors.
With the AppMon Agent, traffic between Agents and Collectors is encrypted end-to-end by https.
If the AppMon Server is located outside the application infrastructure, place Collectors in the local network and enforce SSL encryption between Collectors and the AppMon Server.
See Set up SSL communication to learn how to configure secure communications.
It's a good practice to keep all of your connections secure. Be sure to use safe protocols.
You may also consider to use your own SSL certificate. See Certificate Management configuration to learn how to manage certificates in AppMon.
Data at rest
After your data is securely delivered to the AppMon Server, you need to care about storing it safely.
First of all, in production environments the AppMon Server must always be located behind a firewall.
The Server stores and processes cyclic measures and PurePath metrics data as a live session. Live session contains a number of bulk files that are kept in plain format for performance reasons. Plain means that AppMon does not encrypt the data. However, Live Session information has a short retention time based on the available storage and configuration.
Operating system permissions deployed on the live session, combined with physical access controls, are the minimum requirements for protecting stored information from direct access. Additionally, you can use external tools to encrypt the live session. Full disk encryption is recommended because it normally does not interfere with performance. You can use dm-crypt on Linux servers or BitLocker on Windows servers for the encryption of data partitions. Self-encrypting hard drives are also an option.
The Performance Warehouse, which stores performance metrics over a longer period of time in a relational database, is less likely to hold confidential data. PurePath information that contains confidential strings is usually stripped out. Access controls and encryption may also be applied to the Performance Warehouse database system.
Apart from restricting access on the operational system level, you can also fine-tune access levels to AppMon. See the Control Access to AppMon section below to learn more.
Control access to AppMon
Operators can use the AppMon Client and AppMon Web to inspect recorded metrics and thus, potentially access confidential information. Best practice is to restrict the access to confidential information. Configure AppMon with user permissions, so only people who need to know are able to inspect confidential data.
AppMon user permissions
AppMon allows you to fine-tune users access level to data and configuration features. See User permissions and authentication to learn how to configure users and Permissions mapping to learn about available permissions.
Permissions allow you to restrict access to AppMon on a need-to-know basis. You can configure who can access confidential data, who can access configurations and so on. You can control the changes in permission assignments via the audit log files in the System Information dashlet.
AppMon allows you to mark certain information as restricted. To access the respective settings, in the AppMon Client select Settings > Dynatrace Server > Settings, and click the Confidential Strings tab.
Here you can define which data is confidential. It can be hidden in AppMon Client, AppMon Web, and also on session export. See Handling confidential strings to learn more.
On session export, for example, to allow a developer to review an erroneous session, you can remove confidential strings from it. If it is necessary to see the method arguments, you can use a screen sharing or web conference tool to give screen access and record the session for auditing purposes.
AppMon user authentication
To ensure reliable and secure user authentication, a best practice to use existing LDAP or Active Directory user groups. Specify an LDAP group to which AppMon users must belong. Activate SSL encryption for LDAP authentication. See Users - LDAP to learn more.
AppMon 2018 April You can also reuse your authentication services and use your corporate credentials to log in to AppMon, by using the SAML Single Sign-On functionality. See SAML/SSO configuration to learn more.
If you opt to use AppMon user accounts, change passwords of built-in users immediately after installation. You may also change IDs of built-in users. Admin is the only ID that cannot be changed. Be sure to set a strong password for the admin user account, as it has full access to AppMon.