Shield or Fig Leaf?


This post was originally published here by  Nat Kausik.

Global banking giant headquartered in Europe is rolling out Bitglass searchable encryption for their CRM application.   In contrast to their brethren this side of the pond, the bank refused to be strong-armed into native encryption from the SaaS vendor.  Intriguing.

At first we thought that it must be the peculiarities of GDPR or other geo-political considerations. Not so.  The security folks at the bank are very savvy.  They had figured out that native encryption at the SaaS application was a fig leaf since the search index had to be maintained in plain text anyway.  

Specifically, the bank wants to encrypt names, account numbers and addresses of their customers on the CRM application.  If they were to use the application’s native encryption, even though these fields would be encrypted in the data base, the search index would contain them in the clear. Furthermore, related entries in the index would carry pointers to the corresponding record in the database.  Hence, it would be trivial to collate customer names, addresses,  and account numbers for all of the customers from the clear text search index. Native encryption on the SaaS application was a fig leaf, rather than a shield, they observed.

Enter Bitglass. True 256-bit AES encryption with full 256-bit Initialization Vectors. Searchable, sortable.  Installed in your private cloud, so your cleartext data never leaves your control.  

Photo:Information Security Buzz


No posts to display