Over the next several weeks, we want to introduce you to some of the key customers of our new product,
Jack is a senior backend engineer with a large enterprise software firm. He has a lot of experience working with secure systems and takes the time to guarantee data privacy is considered throughout the various steps of his long release cycle. He’s a frequent reader of various forums, particularly discussions about OWASP, so ideas about better ways to secure his web app aren’t particularly new. Jack is comfortable with various programming languages, so he’s ready to pull in whatever technology is required to help boost his product.
Pain Point
Up ’til recently, Jack had been relying on the encryption-at-rest features present in his hosted database platform. This protected his data should anyone steal a physical disk from the data center, but some internal testing has revealed that the data isn’t really protected against theft. Jack’s boss wants to move forward with stronger protective measures to keep any personal information in their database separated and secure.
While Jack knows what crypto tools might make this possible, he also recognizes that he’s not an expert. Crypto is hard to get right, even for those with experience, so Jack wants to buy rather than build a solution.
Further, some of Jack’s customers have started voicing explicit interest in having their data protected. They’ve read about high-profile hacks in the news and want assurances that Jack’s team won’t accidentally leak their secrets if they’re attacked down the road. Just having “security” isn’t enough; Jack needs to back up his tool of choice with legitimate standards.
InnoVault Feature Offering
Unlike at-rest database encryption, InnoVault encrypts data before it ever leaves the browser and enters the database. Every InnoVault-protected data entry form stores both the information and the means to encrypt it in a protected database. Data is therefore encrypted not only at rest, but until it’s explicitly unlocked by an authorized user.
All of the data lives in a hosted server – there is no infrastructure for you to setup or manage. The only information stored on your end is an identifier pointing to an encrypted record and the keys used to unlock it. All of the crypto is baked in, and your keys live safely offline_, minimizing the risk of a hack or data breach.
InnoVault uses industry-standard crypto tools that are publicly audited for correctness and privacy assurance.
A Better World
Jack’s infrastructure was already pretty solid. All he had to do to better protect private data entering the system was wire some JavaScript to his front-end data entry forms. The data was encrypted and stored directly in InnoVault. He used InnoVault’s Java SDK to pull the data back out for use on the protected pages of his web app.
Since Jack was already building a command-line auditing tool in Go, he was able to integrate with InnoVault’s Go SDK to pull the data into the console as well. Everything was available at his fingertips and Jack spent more time explaining the new features to his boss than he did writing any code.
Afterwards, when a key customer reached out to ask for verification, Jack was able to merely point them at Tozny’s Crypto Brief and let the security experts explain for themselves. InnoVault helped Jack increase the security assurances of his system without requiring him to build anything custom.
How can InnoVault Help You?
InnoVault is a developer toolkit for easily adding encryption capabilities to your website. Learn more about how you can use InnoVault or send us suggestions for data security capabilities you’d love to see.