An Intellyx Brain Candy Brief
Encrypting individual records or fields in databases has been a useful approach to providing security to data at rest as well as in motion for many years now, but this approach has always been database-specific.
In contrast, CipherStash encrypts and decrypts data at the value level across Postgres-compatible databases as well as file systems, object storage, and many data warehouses and data lakes.
Each encrypted datum includes the field designator (e.g., ‘email’), value, and the relevant policy. Should a breach occur, the bad actor would only obtain unusable ciphertext, regardless of the entry point of the attack.
Such value-level encryption (which CipherStash refers to as field-level, even though it is database-independent) requires a unique key for each value, which might potentially introduce a performance bottleneck.
To address this problem, the company offers ZeroKMS, a patent-pending high availability key management solution that is dramatically faster than alternatives on the market.
To decrypt a value, the data consumer can use a client-side SDK, a transparent proxy, or identity-aware authentication to fetch the appropriate context from CipherStash’s HSM-based cloud platform, which can also run on-premises if necessary. The consumer then decrypts the value only at the moment of need.
Intellyx hot take: CipherStash offers the ability to conduct many types of search operations across encrypted values far faster than homomorphic encryption can deliver.
Intellyx cold take: CipherStash doesn’t yet work with most popular SaaS apps (other than ones based on Postgres). The company must work individually with each SaaS vendor to build support for value-level encryption into each vendor’s offerings.
Copyright © Intellyx BV. Intellyx is the change agent industry analysis and advisory firm focused on enterprise transformation. Covering every angle of enterprise IT from mainframes to artificial intelligence, our broad focus across technologies empowers business executives, IT professionals, and software vendors to leverage disruptive trends to succeed in a dynamic business environment. None of the vendors mentioned in this article is an Intellyx customer. No AI was used to produce this article. To be considered for a Brain Candy article, email us at pr@intellyx.com.
