Securing Databases/Websites/SaaS

Databases are traditionally known for running business applications and financial transactions, but they have become the engine for today’s ecommerce. Databases store and retrieve data very quickly and are used to track or hold customer, business activity, inventory, employee and accounting information. In the era of the computing cloud, it is the backend workhorse for many Software as a Service, SaaS, health services, financial institutions, online retailers, brick and mortar retails, and websites applications. Unfortunately, they are also a target for cybercriminals worldwide. Protecting an enterprise’s database typically involves setting up security perimeters using some of the most advanced security technologies covering detection, prevention and transportation. However, as evident in the weekly news regarding corporate data breaches, cybercriminals continue to find a way in to a company’s security domain and ultimately gain access to these databases that are typically not encrypted and ripe for exploitation.


Bonafeyed’s approach of data centric security, protects the data within the database rather than applying a secondary encapsulation of the entire database or the volume where it resides. What this means is as data is placed in the database it is first encrypted and then submitted to the database application. Using this approach, the Cy4Secure data security solution is capable of individually encrypting each field or row or column of data. The benefits of protecting the database entries allows not only the highest level of data protection but access control as well.



The question that instantly comes to mind is how can the database work if it is only storing encrypted data? The answer is very simple, the database does not know the difference between data that is encrypted with Cy4Secure or data that is human readable. Its only concern is that it meets the requirements of the entry field. In other words, does it look like data? If so, databases can perform their operations as normal such as whole searches and partial searches or sorts. When making queries, the operation is performed with Cy4Secure encrypted versions of the data and the database just searches for the encrypted equivalent version of the data. However, there are instances where arithmetic operations are required on numerical entries. In this case, all fields but a numerical value such as dollar amounts, or quantities of a record may be encrypted. PII numeric data such as a social security number can and should be encrypted because its not used in mathematical operations.


Lastly, individual data fields, records and columns can be encrypted to control access from unauthorized users. This allows broader sharing of a database and ensure even on the event of a data breach or by a bad actor, data remains protected and unavailable.