Security Checklist

Your data is always private thanks to CipherDB. So in most cases none of the additional measures listed below are strictly required. Having said that, security in layers (or defense in depth) combined with good security hygiene can help security compliance as well as promote security-conscious thinking within your organization. Some of those good practices would be:

  1. Firewall your database server
    Although CipherDB, by itself, always protects your database for privacy, it is good security hygene to firewall your database server(s).
  2. Use strong passwords to log into the database server
    Have a strong username and password for accounts, either human or program/machine, that log onto the database server.
  3. Always use SSL when connecting to the database server
    Although the data itself is encrypted by CipherDB, enabling SSL for connections encrypt everything that goes between your application and the database – including any database control commands. SSL also verifies the certificate of the remote database server, so you can be sure that the remote party is indeed the party you wish to talk to (prevents man-in-the-middle attack).
  4. Patch your application / web / database servers
    Ensuring that all security patches are applied to your servers and workstations is a good way to limit the possible weaknesses that can be exploited.

Additionally, enterprise customers running the self-hosted version of the Crypteron Security Platform are also advised to:

  1. Control the distribution of the CipherDB certificate private key
    CipherDB’s builds its trust zone out of the CipherDB certificate and its corresponding elliptic curve private key. Keep that private key secure and control it’s distribution. Some suggestions:

    • If the private key is on an application server or web server or a workstation, you should keep that server secured (patched, access controls in place etc). This is very similar to protecting the private key stored on SSL/HTTPS servers.
    • Have only trusted personnel handle the private key. If such a person is exporting the certificate and private key, always use a strong password to encrypt the export .PFX file. Further, when installing the PFX file, mark the private key an non-exportable so additional downstream exports are contained.
  2. Limit access the keychain file
    The CipherDB keychain is a strongly encrypted NoSQL database that itself protects all CipherDB keys. In other words, the encryption keys are themselves encrypted. This means in theory one could very well leave the keychain publically accessible without any loss of informational assurance. However, for true practitioners of “Deference in Depth” we suggest:

    • If the keychain is stored in Azure Blob Storage, make the blob container non-public and keep the Azure Storage account name and account keys safely. The Azure Blob storage security add an extra layer of protection.
    • If the keychain is stored on the file system of the application or web server or even a workstation, limit access to the file with either webserver configuration or OS file system security

Recent blog posts

PCI DSS and key rotations simplified

PCI compliance requires data encryption keys to be changed frequently. Here is how you can do it easily.

Your data-center is not secure and what you can do about it

There is no secure perimeter anymore. Neither in your corporate network nor in your data center. Fight a winning battle armed with self-protecting data rather than a losing one trying to protecting the infrastructure.

Introducing the Crypteron Startup Innovators Program

Qualifying startups get up to 50% off all plans. Tell us how you’re changing the world and the our Startup Innovators Program will support your journey.

6 encryption mistakes that lead to data breaches

If encryption is so unbreakable, why do businesses and governments keep getting hacked? Six common encryption mistakes that lead to data breaches.

Announcing the new Crypteron Community Edition

Starting today you can now sign up for the Crypteron Community Edition for free with no performance limitations.

Data breach response – One click to save your business

Get breathing room – when you need it the most. Respond to a data breach with a single click.

Why We Need Proper Data-At-Rest Encryption: 191M U.S. Voters’ Data Exposed

Adding security at the application level is a large step forward in protecting data from the constant threat of data breaches

How to encrypt large files

CipherStor is blazingly fast! Here we show how to use it within your data-flow pipeline to maintain high performance when encrypting large files.

Crypteron CipherStor Performance Benchmarks

Blazing fast performance by Crypteron CipherStor that hits several gigabytes/sec enabling security even in high bandwidth scenarios

Data-Centric Security: The Way Forward

Properly implemented encryption holds the key to a robust data-centric approach to security.