Data is critical to the operation of most businesses today. We have access to a significant amount of information about a variety of things, from network analytics to customer data. And if you work in a highly regulated industry you know that someone having access to that data could spell disaster for you if it leaks.
Think about all the data you have and how hard it is to protect. And realize that there are even more things in those databases that could cause complications. What about individual records that are very sensitive? Not just regular medical data, for example. What if it was data about a celebrity or a government official that absolutely should not be shared with anyone outside of a specific group? How do you protect something like that in a database?
I had the chance a few weeks ago to sit down and chat with a new company named Bonafeyed (pronounced like “bonafide”) about this very subject. Lance Smith briefed me on some of the interesting things they’ve been up to. I met Lance years ago when he was a part of Primary Data, so seeing him land at a security startup was an interesting move.
As it turns out, security is a huge driver for data storage today. Given the amount of data that’s being stored and the accelerating pace at which it is being stolen and leaked or sold on the black market it’s a crucial problem to solve. It’s even worse when you realize the possibility that insider threats are capable of extracting that data and passing it along to places it shouldn’t be sent.
Bonafeyed accomplishes all this with their Cy4Secure solution. Cy4Secure uses an 800-bit stream cipher to ensure that the data is encrypted at all points in the process. Through their use of plugins and SDKs, you can ensure that all your end users are using the solution when they’re writing data to the database. Everything can be encrypted per-row or per-column. That means you can make very sure that your data is safe.
You are probably asking the same question I did during the briefing: If all that data is encrypted in the database, how can you search for anything? Well, Bonafeyed is one step ahead of you. They automatically translate the search or query parameters to look for the encrypted version of the data you’re looking for. That way they don’t need to pass any information in the clear that could be related to the subject of the search. This is really only useful for non-numeric data, though. If you have to do calculations on a dollar figure, for example, it’s better to ensure that Cy4Secure only encrypts the individual fields containing text data.
Avoiding Insider Hijinks
It’s all well and good to encrypt the data in the database, but how does that stop someone on the inside from getting in? That’s the other part of the Bonafeyed platform that I was excited to hear about. Encryption in and of itself isn’t a good solution. You need to have a way to identify authorized users. If all you do it encrypt the data and give the keys to everyone in the organization you’re going to quickly find that your data will leak before you know it.
Bonafeyed has an authentication scheme that allows you to designate groups that can view specific data sets. You can build in 2-factor authentication (2FA) to improve your security posture. That way, you can make sure your users are keeping everything safe. And you can reassign those roles and permissions quickly and easily to grant access to needed data for a small group.
Imagine having this solution for something like medical record data. You can encrypt the data in the database using Cy4Secure and ensure it’s safe. You can then grant access to a particular patient’s data to the medical personnel assigned to their case. You could even allow those professionals to add someone to the case as a consulting physician for a specific time. Then, when that consultation is finished you revoke the permissions and that person can no long view the case data. HIPAA is satisfied and everyone can get their job done!
Bringing It All Together
Bonafeyed is jumping into a market that needs security of this nature. It’s a big investment of time and training to ensure that your users are going to do things right after getting everything up and running. And I would love to see the stats on how database performance queries look with the overhead of encryption/decryption through the agent. But I wish success to Lance and his team. And if Bonafeyed can increase the security of databases with Cy4Secure then everything will be brighter indeed.