Securing and encrypting a custom-built CRM

The need for a custom-built CRM

A specialized consulting agency was managing sensitive payment and salary information through a combination of manual workflows and online spreadsheets. As the organization grew, it recognized the need to consolidate that information into its existing custom-built Customer Relationship Management (CRM) platform. This system would streamline processes such as payment history tracking and approval workflows while maintaining appropriate access controls for sensitive data.

The paradox of access.

The critical hurdle was a paradox of access. The agency's existing, simple encryption solution was insufficient for the sensitive financial data they planned to incorporate. Furthermore, the client's internal technical team needed to maintain full administrative access to the server infrastructure to ensure system uptime and maintenance.

However, strict internal policy dictated that this same team should not have access to the sensitive production data itself, even if they accessed the server or database directly. The business needed a way to guarantee a zero-trust environment.

Envelope Encryption

We selected an envelope encryption approach to meet the project's security requirements, allowing sensitive data to remain protected even when infrastructure access was available. Because we couldn't find an existing Laravel implementation that met our needs, we developed our own.

In this particular implementation, authorized users in Google can access keys via Google KMS tokens that are stored as encrypted cookies, eliminating any need for persistent data storage and any data leak vectors regardless of infrastructure access levels.

We used the following technologies, software patterns, and encryption concepts to build a custom solution:

  1. Envelope Encryption - DEK (key that decrypts the data), KEK (key that encrypts the DEK) on a per database row basis

  2. Google KMS (Cloud Key Management Service) - storing key rings and governing access to encryption keys using Google IAM (Identity and Access Management) roles.

  3. google/cloud-kms - idiomatic PHP client for working with Google Cloud Platform services.

  4. Manager Pattern - allows "driver" swapping (local devs don't need Google Cloud credentials as they aren't required to use the Google Encryption driver). Also opens up the possibility for using other key management services outside of Google.

  5. Observer Pattern - ensures database fields are properly encrypted and prevents users who may have access to row data but not encrypted data from accidentally overriding data they were unable to "retrieve".

  6. Attribute Casting - custom database field value casting that interfaces with Laravel model observers for decryption and null value handling.

  7. Filament - since the existing CRM was written using Filament, we needed to ensure that no data was exposed in the front-end JavaScript.

Risk mitigation and enhanced operational capability.

The primary outcome was immediate risk mitigation and enhanced operational capability.

By using a well understood and industry reliable encryption strategy our client achieved a high degree of confidence that their sensitive data was protected from accidental or malicious exposure, even by their most technical internal staff. This assurance immediately enabled the business to integrate critical processes, specifically their payment history and approval workflow, directly into the new CRM, which was previously deemed too risky.

This integration provided a significant boost to internal efficiency and improved the value (actual and perceived) of the internal CRM. The approach transformed a critical security vulnerability into a core business asset.

Security is not a barrier to business.

This project underscores our philosophy that security is not a barrier to business but an enabler of growth. By focusing on a Technology solution that solves a core Business Outcome (mitigating insider risk while increasing workflow efficiency), we delivered a system that is both highly secure and highly usable. Our expertise lies in architecting custom solutions that navigate the complex intersection of high security, performance, and operational feasibility, ensuring our clients can scale their business operations without compromising confidence.

Start a conversation

Have a project in mind, or just exploring an idea? Let’s talk.
Fill out the form or give us a call.

413-570-3299

What can we help you with?