11 months ago


encryption in transit

encryption in transit MASS DATA BREACHES ELIMINATED PANOPTEX TECHNOLOGIES IS A SOFTWARE COMPANY OUT OF THE U.S. THAT'S MAKING WAVES BY PROVIDING AN INDUSTRY FIRST: A MASSIVE SCALE NOSQL DATABASE THAT ACTS AS THE LAST LINE OF DEFENCE AGAINST MASS DATA BREACHES BY PROVIDING ENCRYPTION IN TRANSIT, AT REST AND IN USE. WE INTERVIEWED PANOPTEX'S CHIEF TECHNOLOGY OFFICER JOSEPH YANNACCONE TO GET A BETTER UNDERSTANDING ON OLFACTEX AND WHY IT'S A GAME-CHANGER. HERE'S WHAT HE HAD TO SAY Q. Computing Security: We've heard a great deal about your Olfactex solution. How exactly does it work? Joseph Yannaccone: Olfactex is a massively scalable NoSQL hybrid DBaaS that provides unprecedented protection against mass data breaches and privacy violations, while delivering the ability to perform sophisticated in-cloud queries and analytics. Olfactex encrypts all data using an enterprise gateway before sending it to the cloud for storage and data remains encrypted while it is in the cloud, even during query and analysis. Data is only decrypted after being returned to the enterprise gateway as results for a query operation or analysis routine. Olfactex achieves this powerful capability by combining a unique transformation process with strong industry-accepted encryption algorithms. Q . Can you tell us more about how you prevent mass data breaches? Olfactex employs a variety of safeguards to protect against internal and external threats, regardless of whether they originate accidentally or intentionally. This includes division of data and key information into separate administrative domains, finegrained policy-based data access rules, integrated non-repudiated audit reporting to an administratively separate security team and, of course, always-on data encryption while data is in the cloud, even while it is being queried or analysed. This combination of security, privacy, auditing and advanced query capabilities is absolutely unprecedented for database solutions. Q . Aren't there already encrypted databases available on the market? Existing database solutions employ a variety of encryption technologies, but they all suffer from the same fundamental weakness: they must decrypt the data, in order to perform query operations or return results. This provides database administrators with direct access to unencrypted data and the unrestricted ability to manipulate or exfiltrate data. 12 computing security May/June 2017 @CSMagAndAwards

encryption in transit While a variety of add-on solutions exist to help detect or prevent such activity, none of them is integral to the database system itself and therefore has the risk of being circumvented. Q . How can organisations use Olfactex to protect their sensitive data? We are currently working with organisations that are investigating it for a variety of applications, including as a backend for new applications that house sensitive data, as a means to migrate data and applications to the cloud that would otherwise have to be kept in-house for compliance reasons and even as a secure online disaster recovery solution to protect against everything from catastrophic failures to ransomware events. Q . What about emerging solutions that use homomorphic encryption? Most security and privacy standards exclude the loss or leakage of encrypted data from the definition of a breach, as long as the encryption is an accepted standard. This means that, if a hacker obtained full administrative access to an Olfactex persistence engine, it would still not be considered a breach and, in most cases, would not need to even be reported, because Olfactex employs only proven and accepted strong encryption algorithms. Unfortunately, there is no accepted standard for homomorphic encryption. In fact, there isn't even one in progress. This means it would be years before homomorphic encryption could be accepted as a compliant means of securing sensitive data. Q . Does Olfactex support SQL? Not directly. Olfactex is a NoSQL database that employs its own rich query language to deliver its advanced analytical capabilities on encrypted data. However, many applications can be mapped from SQL to the Olfactex query language and we have a Panoptex team that can perform that translation work for solution integration projects. Q . You mentioned that Olfactex can secure sensitive data for new applications. What type of applications do you have in mind? Olfactex could support a wide range of possible applications, including IoT (Internet of Things) and mobile applications, as many of them collect large volumes of private data regarding users. We are also seeing very positive responses regarding upcoming applications in the health and financial industries, as Olfactex is the only database solution that can secure their data in the cloud using compliant encryption algorithms while retaining the ability to query and analyse that data. Q . How can you prevent ransomware attacks? Ransomware depends on the ability for an attacker to directly access an organisation's data, encrypt it and then threaten to destroy the key, if a ransom is not paid. Olfactex distributes data across many systems with multiple replicas of every data object. Further, data from many companies is distributed across the same infrastructure. Only the owner of the data is able to generate the index values necessary to identify their information from among the masses. Q . If companies are storing their sensitive data in Olfactex, reliability will be an important requirement. How does Olfactex ensure that data is stored reliably? Olfactex stores data in a distributed manner by spreading it across hundreds or even thousands of systems with multiple replicas of every data object. Further, these systems may be distributed across geographically diverse data centres to provide protection against localised disasters. Q . Explain why Olfactex is more secure than in-house data storage Olfactex divides system functionality into two distinct administrative domains to ensure that no single breach can yield any unencrypted data. In-house database systems are often wide open to DBAs, even with significant security measures in place. The root problem with these systems is that they were not designed from inception to address today's threat landscape. Every additional layer of security introduces more cost and complexity, restricts capability and introduces new opportunity for human error. This is analogous to putting a bandaid over a deep wound; it simply hides it from view and it doesn't address the actual problem. Additionally, this often results in the secret keys and bulk data being present in the same security domain. This presents an opportunity for an attacker to obtain the keys and bulk data from a single infiltration. Q . You mentioned privacy - how do you protect this? Fine grained access control policies define rules for what data a user can access and how it may be presented. Each user can have different rules for queries and results. This makes it possible to define rule sets that allow a user to include restricted data in a secure analysis pipeline without granting them the ability to actually view any restricted data. This could have significant benefits for industries where fraud detection and prevention are presently hampered by privacy regulations. Q . How is the Olfactex system being made commercially available in the UK? We are launching our service in the UK and throughout the EU with our Cloud partner SURE from the Channel Islands. We will be commercialising the software via the Panoptex and Sure direct sales teams, as well as via key industry agents and consultants. Q . This all sounds really interesting and engaging. Where can our readers can go to get more information? They can go online to our web site at either to schedule a meeting with a sales representative or schedule a demo. @CSMagAndAwards May/June 2017 computing security 13