Atakama operates as a mounted file system. It is therefore straightforward to integrate it into a business workflow, and there's no need to use an API or learn new technologies to do so.
Begin by identifying the specific files you want to protect. Identify files that can be secured by looking for:
- infrequent access (as a percentage of the overall data)
- multifactor approval process (ideally manual, but automated systems, like badge readers, are ok)
- highly sensitive data (where the cost of change to a workflow is less than the risk of breach)
As an example, imagine health records stored in a database.
Instead of storing the records directly in the DB, store the path to a file on an Atakama drive with a SAN mount back end.
Important things to note:
- the *name* of the file on disk is the same name that will be prompted for on the device;
- the folder should be created as an "Atakama Share", which can be manually created by an administrator with access to the SAN and the Atakama software, or can be populated by a script when the customer is created;
- your business app must be running as a logged in user on a supported o/s, not as root.
Next, in your business application, there must be some sort of event that triggers access.
- a customer service representative takes a phone call to unlock the health records to be released to a hospital;
- a web application end point is hit that is a request to release;
- any other infrequent action that releases the sensitive data.
At that point, your software attempts to open the customer's data file on-disk. Atakama detects the open request, and routes it though an anonymous, end-to-end encrypted communication layer to the shardholders of the data on disk.
Depending on your business needs, this request can go to:
- the customer themselves (most secure!);
- a customer service representative that approves the request (still good);
- an automated validation system of some sort (useful sometimes).
The key here is:
- identifying the best integration points;
- placing Atakama software in the data flow at these key points in the flow;
- no special API is needed to access, just the ability for your software to open and read files.