How can I set up secure spreadsheets for PII and other sensitive data? I need to restrict access and prevent sharing, copying, and downloads.
Row Zero is specifically built for spreadsheet security and data governance. Enterprise plans include advanced security features that let you restrict data access and export so users only see data they’re authorized to see and data never leaves the cloud. Here is how enterprises set up spreadsheet security in many cases in Row Zero. You should always consult with security and legal experts to review your particular use case.
Access to spreadsheets and data:
- Enable SSO and SCIM so that spreadsheets are only accessible via secure company login
- Connect spreadsheets to your data warehouse using OAuth so that spreadsheets will inherit the row-level security and access controls for each user from the data warehouse.
Restrict data export, sharing, movement
- Restrict data export so that users cannot export data out of Row Zero. You should also generally restrict data export across your tech stack so that users can’t export CSVs of sensitive data from BI dashboards and SaaS tools like Salesforce, Hubspot, Netsuite, Quickbooks, etc. This ensures that sensitive data stays in the cloud and doesn’t leak onto employee laptops.
- Restrict external sharing - this ensures that spreadsheets cannot be shared or accessed outside of your organization
- Enforce data residency - region lock your data to a particular cloud region
Enforce data lifecycle rules
Set spreadsheets to automatically delete after a specified time. This is required by modern privacy regulations and ensures that spreadsheets persist in perpetuity with sensitive data.
Use workspaces to further isolate sensitive data or client data
Enterprises can create workspaces to isolate sensitive data and further restrict access within their organization. Workspaces are also useful for isolating client data when working with external clients.
Private Link and Private storage
Private Link and private storage are optional features to enhance data security. Private Link sets up a secure, private network connection between your Virtual Private Cloud (VPC) and Row Zero so that data never traverses the public internet.
With private storage, spreadsheet data is written to your own private object storage that you manage and is never persisted within Row Zero.
As mentioned above, you should consult with security, legal, and data professionals to review your particular use case, but Row Zero can play a central role in securing spreadsheets and data within your organization and maintaining compliance with modern data privacy regulations. Row Zero is SOC 2 Type II certified and is GDPR and HIPAA compliant.