Crypteron’s cloud-first security model

Posted by Sid Shetye

Traditional security approaches often involve securing a myriad pieces of infrastructure and people who go into a building, deploying and managing your server or cloud application. This made sense 10 years ago when the border with the outside world was very clear and ownership of data, databases, servers and administrators all meant the same thing. In the cloud however, this is a tremendous security nightmare because you’re forced to trust (from a security perspective) people and infrastructure that you really cannot or should not.

But before we continue, let’s talk about one thing …

TDE is not very useful in the cloud

Yes, it’s true. TDE or Transparent Data Encryption encrypts the actual database file that’s resident on the database server’s filesystem. Specifically, the threat model it protects against is when someone might pull out your server’s hard drive, read the database file and the information within the database file. This made sense in the pre-cloud era where the database server would be on a server rack down the hallway but no hacker attempts to steal your hard drives from your inside data-center. Not unless it’s Tom Cruise and it’s the Mission Impossible movie. So the first issue with TDE is that this threat model is obsolete in the cloud – no one tries to steal your hard disks from the data-center anymore. The most common attacks in the cloud, the ones that will compromise your data and take down your business, are actually network and logical attacks at the SQL layer. It’s like jumping off an aircraft high up in the clouds and hoping your trusty motorcycle helmet will save you. Well, what you really need is a parachute. The second issue with Transparent Data Encryption is that, well, it’s transparent! This means the database server will happily decrypt encrypted data for requests it receives at the SQL layer. It doesn’t care if that request is coming from your legitimate app or an attacker. And guess what? Most attacks are happening at this logical, SQL level. Be it SQL injection, insufficient access controls or compromised connection string.

A cloud-first security model

Crypteron’s CipherDB and CipherStor products enable a true cloud-first security model. To fully appreciate this, let’s examine the traditional security model first.

Traditional Security Model

The traditional trust footprint does not reduce data breaches

 

As all the recent security breaches clearly demonstrate this security model is broken since it’s very hard to uphold. It requires trusting all of the underlying systems that power your app. This is not only unmanageable but also very untenable in the long run. If any one system is compromised, it can compromise the security and privacy of the entire application and it’s secured data. In addition, infrastructure management is often a shared responsibility that spans multiple organizations making audits complex, compliance a nightmare and true security impossible.

Crypteron Security Model

Crypteron Security Model

CipherDB accelerates you to a truly cloud-first security model. No “afterthought security”, no legacy artifacts from prior computing eras. With CipherDB and CipherStor, you  need to only trust the application itself. This simpler and agile model offers extraordinary security at a system level. With CipherDB and CipherStor, every supporting infrastructure or personnel that lives outside this ultra-tight trust boundary can be totally untrusted. You no longer rely on pure goodwill of 3rd party maintenance staff. You rely on concrete, modern cryptography to protect the privacy of your data no matter what. Just as a VPN can protect all data within it when traversing wide open public networks, CipherDb and CipherStor protect your data even when stored in the public cloud.

Decoupling that guarantees secrecy

With CipherDB, no 3rd party can ever get to your data. Neither Crypteron nor the cloud database provider. Crypteron only has the keys which are useless without the encrypted data. On the other hand, your cloud provider/hosting company only has your encrypted data which is useless without the encryption keys. Everything comes together in harmony only within your CipherDB enabled app and even there, keys are kept in working memory only when in use.

What does this buy me?

As a Crypteron customer this should be your top question. An investment in the security and integrity of your cloud app is critical to your reputation, business operations and in some verticals, human lives. Here are some of the top attacks that are active in today’s cloud computing environment and which CipherDB and CipherStor mitigate

  • SQL Injection: CipherDB provided strong protection against SQL Injection. For details check out our previous blog post on this topic.
  • 1st party data breaches: Since the only trusted entity is your own server app, the likelihood of 1st party data breaches (i.e. yourself) is very slim. You can even register the production and development versions of an app as separate CipherDB apps on our management dashboard in which case production and development keys (and therefore data) are completely isolated from each other.
  • 3rd party data breaches: Since data is in the clear only inside your CipherDB enabled app, breaches anywhere, be it due to lapses on the cloud provider’s side or even Crypteron’s side, will never compromise your data itself.
  • Rogue admin: While a trusted database administrator is desired, CipherDB doesn’t require it. A rogue database administrator has zero insight into your application’s private data. This is useful not only in the cloud where it’s another company that manages the infrastructure you’re renting from them but even in large enterprises where the group managing the data-center doesn’t need to have access to data destined for another group’s business. Encryption keys never touch the database server. At all.
  • Backup losses: With CipherDB, backups inherit the security of the primary, so the backup is also safe. In fact a rogue admin could take a backup of the entire database and data privacy would be preserved.
  • Database connection string leaks: Typically loss of your database connection string is a potential loss of all the data within the database server. Not anymore with CipherDB.
  • Freedom from expensive audits: Since large parts of your application’s supporting infrastructure never touches your sensitive data in the clear they fall outside the audit scope in most compliance standards. This saves you time, money and headaches.
  • Protects your data before, during and even after an attack: This is a natural outcome of the fact that the database server falls outside the trust zone and that data breaches target the database server. Any breach will simply result in the attacker being in possession of the ciphertext version of your sensitive data. It’s AES256 encrypted, so it’s unbreakable.

Here are some of the other advantages

  • Productivity from day 1 with great code manageability: CipherDB leverages your existing skills with ORMs like Entity Framework and NHibernate to rapidly develop secure, quality code that your colleagues will understand. No custom APIs to learn and no custom code to write and maintain at every interaction with sensitive data.
  • Ultra-flexible architecture: Since you no longer have to trust the integrity of the underlying infrastructure provider, you can architect the system as you wish. In fact if you want complete independence from connectivity (e.g. A nuclear submarine that surfaces once in 6 months or an isolated power station), our enterprise self-hosted stack will work in those situations too. Since we’ve designed the system to work with long latencies, you could even host your app and database in the Amazon Web Services cloud and keep the key management running inside Microsoft Azure cloud or even inside your corporate datacenter. In fact, all three, the app, the database and the key-management systems can each be independently moved for a topology that’s ideal for your design, be it public cloud, hybrid cloud or isolated networks.
  • No limits on data sharding or partitioning: For large database systems where one would like to shard (or horizontally partition) the data across many databases, CipherDB adds no additional restrictions that would prevent you from sharing your data

Sign Up Now

If you have questions or concerns please feel free to contact us.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Recent blog posts

Migrating existing live data into Crypteron

You’re already live in production. And you have sensitive in the clear. Read this article to see how Crypteron can help.

Encryption, Entity Framework and Projections

Projections in Entity Framework live outside the entity lifecycle. Read more to learn how your can use Crypteron to secure such data.

PCI DSS and key rotations simplified

PCI compliance requires data encryption keys to be changed frequently. Here is how you can do it easily.

Your data-center is not secure and what you can do about it

There is no secure perimeter anymore. Neither in your corporate network nor in your data center. Fight a winning battle armed with self-protecting data rather than a losing one trying to protecting the infrastructure.

Introducing the Crypteron Startup Innovators Program

Qualifying startups get up to 50% off all plans. Tell us how you’re changing the world and the our Startup Innovators Program will support your journey.

6 encryption mistakes that lead to data breaches

If encryption is so unbreakable, why do businesses and governments keep getting hacked? Six common encryption mistakes that lead to data breaches.

Announcing the new Crypteron Community Edition

Starting today you can now sign up for the Crypteron Community Edition for free with no performance limitations.

Data breach response – One click to save your business

Get breathing room – when you need it the most. Respond to a data breach with a single click.

Why We Need Proper Data-At-Rest Encryption: 191M U.S. Voters’ Data Exposed

Adding security at the application level is a large step forward in protecting data from the constant threat of data breaches

How to encrypt large files

CipherStor is blazingly fast! Here we show how to use it within your data-flow pipeline to maintain high performance when encrypting large files.

Try Crypteron for Free!

CipherDB

Crypteron’s cloud-first security model

by Sid Shetye time to read: 5 min
Developer notes Improvements to Crypteron configuration settings i…
Developer notes Crypteron introduces secure, searchable encryption…
0