How it works

Just like with PCI compliance, your application continues to work as it always has with its own data store. InCountry augments your existing data store by adding an additional data store for regulated data.

InCountry uses a database principle called two phase commits to ensure that your data is kept in sync across two separate data centers for each country.

Your application uses the InCountry SDK to store and retrieve records in specific countries using their ISO 2 letter country code.

Your application connects to InCountry using TLS 1.2 and a revocable API key.

The InCountry SDK encrypts each of a record’s searchable fields using a hash. The full record is encrypted using a symmetric key with AES-256. Your application fully controls the encryption keys and the InCountry SDK is compatible with key management systems.

The InCountry SDK finds a record using the hashed version of the search fields and returns the full record for your application to decrypt.

Tokenization is useful for storing information like credit card numbers that have a fixed length, and in use cases where the token can fit in the space of the original data. With tokenization, the vendor has full visibility into your data. Encryption is useful for securely storing arbitrary amounts of information like health care data. With encryption, you can retain your encryption keys and the vendor does not have visibility into your data.

InCountry Border is a proxy layer running within InCountry points of presence. Your global web application can route web service calls between a user’s browser and the web application through the InCountry proxy. InCountry Border uses a domain overlay to authenticate users and automatically removes and encrypts specified fields with PII and then re-inserts the fields on subsequent web service calls.

Fully isolated databases with custom tables

• Managed Service Provider offering
• Fully isolated and dedicated API and database in each PoP
• Field level encryption settings