SOLUTIONS

Cloud Encryption
Cloud Data Anonymization
Cloud Access Security Broker
Data breach prevention

COMPLIANCE

HIPAA compliance
Data sovereignty compliance
Data residency
Data breach law
CASB - Cloud Access Security Broker
Contact us to get started with an evaluation of the StratoKey Cloud Access Security Broker (CASB) or our Cloud Compliance Manager (CCM).

Securing Data at Rest

When considering overall application protection, serious thought must go towards data at rest. Many applications make use of database encryption to secure the database. The unfortunate Achilles' heel of database encryption is not what one would expect, it is that it's rare for a physical databases to be stolen.

Data Breaches in Action..

When data breaches occur, the usual theft target is the data stored within the database, not the physical database. Data breaches generally stem from vulnerabilities in weak or stolen user credentials, insecure web applications, server mis-configurations and other vulnerabilities. These vulnerabilities can open the door for unfettered queries against a database. The database generally cannot distinguish between a legitimate query from the web application, and an illegitimate query as a result of a security breach. The database is therefore none the wiser and provides rogue queries and requests with freshly unencrypted data. StratoKey however offers distinct protection against these types of attack.

Layering Encryption to Secure Data at Rest

Whilst a database may provide data content to a rogue SQL query, StratoKey will still offer critical protection as the contents of the database will be encrypted. The database content can only be decrypted by passing back through the StratoKey gateway. The database itself, has no mechanism to decrypt data encrypted by StratoKey. Essentially there are multiple layers of encryption in play. The database's own encryption (if configured) and StratoKey's separate encryption mechanism. This layering of encryption adds a significant level of security as more than one individual system must be compromised to gain unencrypted data.

Some Data-in-Transit coverage

Because StratoKey acts as a Security Gateway, there are some flow on benefits for data-in-transit. When data travels from your web or cloud application to your users, content that is configured as "sensitive" will be encrypted by StratoKey. What this means is that from the point of your remote application to StratoKey, the sensitive content will be encrypted. If StratoKey is deployed behind your corporate firewall, then this may well provide sufficient data in transit coverage for sensitive data stored in the cloud and web applications. For complete coverage you can use StratoKey with your remote application via SSL (Secure Socket Layer) to have complete data-in-transit encryption.