What is Anonymization Mode?

Anonymization Mode
tCell agents can be configured to work in a fully anonymized mode to ensure that no customer private information is stored in the tCell cloud. In some cases, this may be required to ensure that tCell is deployed in a HIPAA compliant configuration.

Enabling Anonymization Mode

1) Notify tCell support. tCell operation will then enable data anonymization on its input service for your tenant. 

2) Add the following settings to your tcell_agent.conf file

"hipaaSafeMode": true
"hmac_key": "<key>"
"tcell_input_url": "https://saninput.tcell.io/api/v1"

What Anonymization Mode Does

When Anonymization Mode is enabled, the following data field transformations happen:

Remote (client) IP is HMAC'd
Remote IP is HMAC'd on receipt by the tCell service using sha256 then divided in half. IPs display in the tCell UI as fictitious IPv6 addresses. One real IP maps to the same fictitious IPv6 address, but it is not possible to derive the real IP from the fictitious IP.

UserId is HMAC'd

The UserId, collected at login, is HMAC'd inside the agent (within the customer application) using sha256. User IDs display in the tCell user interface as a hashed string.

Referrer is HMAC'd

The UserId, collected at login, is HMAC'd inside the agent (within the customer application) using sha256. User IDs display in the tCell user interface as a hashed string.

Payloads are stripped

Payloads are never sent to the tCell service while in Anonymization Mode.

Have more questions? Submit a request

Comments