CipherStash

To coincide with #RSA2024, today we are launching CipherStash Proxy: the last database proxy you'll ever need. Initially available for Postgres, Proxy includes 3 modules: ✅ AUDIT: which logs every database statement, identifies unusual query patterns and even records exactly which records and fields are returned in queries. ✅ IDENTIFY: which makes Proxy Identity aware by integrating with the likes of Auth0, Okta and Ping. Audit traces include exactly who accesses what data even for the end-users of your application. ✅ ENCRYPT: protects sensitive data with field-level encryption-in-use that supports SQL queries via fast, scalable searchable encryption. Proxy can also replace your existing PGBouncer or PG Pool service and supports load balancing, sharding and connection pooling. Its also almost 2x as fast as PGBouncer. Install Proxy via a Docker container and get started in minutes. No code required. You don't even have to talk to sales! https://cipherstash.com

We're so very pleased to celebrate our newest Stashie and first Account Executive – Trey Burton! Trey has a heap of experience in tech sales, and we're excited for the skills and energy he brings to the team. Welcome Trey!

Welcome to the secret lives of our Stashies! 😀 Get to know the team behind the scenes working to protect data not just systems. What's your job title, and what do you actually do here? 👩💻 Hey there! I’m Kate Andrews, CipherStash’s VP of Engineering. I do a whole bunch of things – I’m always busy and never bored! The most important of those is looking after our team of talented engineers. They’re distributed across many locations and work in a stack that I’ve not been exposed to much before, so there are some juicy challenges for me, but their passion and generosity makes it extremely enjoyable. What drew you to CipherStash and how did you get started in this field? 👀 I knew some of the team, and was confident that working with them would be a delight. I also find this stage of startup life really invigorating – there are so many fun technical and business problems to solve, and heaps of opportunities to influence things. It was also cool to know that CipherStash is building something entirely new! That gives us a chance to completely change the conversation about data security and encryption, which is super exciting (and hard, in lots of good ways). Do you have any hidden talents or hobbies? 👩🎨 My main hobby is picking up new hobbies! One thing that not many people know about me is that I’m an award-winning sculptor, even though that’s definitely not something I do on the regular. Collaborative art inspires me, and so I embrace opportunities to be creative with others, whether it’s performance or visual art. What's your favorite work-related app or tool? I love Slack. It just kinda fits with my brain – lots of simultaneous threads going on at once, with just enough structure for sense-making. At the moment, though, I’m enjoying Notion database relationships, and am trying to learn more by using Notion for my personal travel planning! Thanks Kate! 🙌

🔒🎮 Level up your data security game with CipherStash Check out a playground we built to highlight the benefits of understanding who is accessing data in your database, and how we go about integrating encryption in use. Why care about encryption in use? 🤔 1️⃣ Not just at rest: Encrypting data in use means your applications are handling encrypted data rather than plaintext. 2️⃣ Regulation and compliance: GDPR, HIPAA, etc. CipherStash makes it easier to meet customer demands and data privacy regulations. 🔒 Why CipherStash? We have a free version which outputs data access events which you can ingest into your own observability stack. Ship those same logs to CipherStash with our Audit product for anomaly detection, and start encrypting your data in use with the same tool. 👉 Check out the playground https://bit.ly/3VYNeUD #DataSecurity #Encryption #Security #Compliance #Regulation #CyberSecurity #DevOps #Playground

🚀 The Risks and Rewards of Open-Source Software 🚀 At CipherStash, we understand the critical role open-source software (OSS) plays in today's digital landscape. Here’s a breakdown of its significance, risks, and how enterprises can navigate this ecosystem effectively: 🔍 Key Insights: ⏺ The recent backdoor discovery in XZ Utils sparked intense discussions on OSS risks. However, eliminating OSS is impractical given its deep integration into modern technology. ⏺ Quazi Nafiul Islam from Sonar highlights, "Open-source technologies are the very foundations on which the digital world has been built." ⏺ A Harvard Business School paper estimates the demand-side value of OSS at $8.8 trillion, underscoring its immense value. ⏺ The Linux Foundation reports that OSS penetration in vertical software stacks ranges from 20% to 85%. 🌍 The Open-Source Community: ⏺ OSS is powered by a global community of passionate developers. Many contribute voluntarily, driven by interest and the desire to innovate. ⏺ Paul Hawkins, CISO at CipherStash, notes, "Several large tech vendors employ people to work extensively with OSS, allowing them to continue contributing while being paid." ⚖️ Balancing Risks and Rewards: ⏺ OSS offers continuous improvement and collective problem-solving. However, it also poses security challenges due to its open nature. ⏺ Nigel Douglas from Sysdig states, "It's basically an impossible ask for any organization to create their own language framework independent of OSS." ⏺ Hawkins adds, "It's extremely valuable to build on top of these great projects, but we need to understand our dependencies and evaluate them to accurately assess our security posture." 🔐 Security and Maintenance: ⏺ The XZ Utils incident and the Log4J vulnerability highlight the potential risks but also demonstrate OSS resilience and the community's ability to respond swiftly. ⏺ Maintaining OSS requires understanding current patch states, component sustainability, and leveraging tools like the Open-Source Software Foundation Score Card for security evaluation. 💡 Moving Forward: ⏺ Enterprises should shift their perspective on OSS from being a free resource to a critical component requiring investment and support. ⏺ Supporting OSS projects, whether through monetary contributions or dedicated engineering time, ensures the ecosystem's robustness and security. At CipherStash, we are committed to leveraging and contributing to the OSS community, ensuring a secure and innovative digital future. #OpenSource #CyberSecurity #Innovation #TechCommunity #CipherStash

🔒 Snowflake Breach: Key Takeaways and How Our Tech Could Have Helped The recent Snowflake breach has been making headlines, with initial reports suggesting that the details of 560M Ticketmaster customers were leaked. At first, it seemed to be a direct breach of Snowflake, affecting multiple customers who had to initiate incident response. 🚀 How Our Encryption Tech Could Have Helped: 1️⃣ Data Encryption: Snowflake customers could encrypt all their data before sending it to Snowflake. 2️⃣ Untrusted Cloud Model: Treat Snowflake as an untrusted cloud provider, acting only as a dumb data processor. 3️⃣ Breach Mitigation: Ensures a breach of Snowflake’s systems wouldn’t reveal customer information. However, the actual attack was much simpler: attackers used infostealer malware to find valid user credentials for Snowflake accounts. These accounts lacked MFA and network ACLs restricting access. Shockingly, Snowflake doesn’t provide controls to mandate org-wide MFA. Mandiant reported that at least 165 organizations were affected, providing a detailed diagram of the breach mechanism. 🔑 Updated Insights: ✅ Key Material Protection: If the key material isn’t exposed when user credentials are compromised, attackers can’t access plaintext data. ✅ Noise in Decryption: Even if key material is exposed, decrypting generates numerous data access events, making the attack noisy and easier to detect. The Snowflake breach underscores the importance of both multi-factor authentication and modern encryption approaches in safeguarding sensitive information. Our technology offers these critical layers of protection to ensure your data remains secure, even in the face of sophisticated — or in Snowflake's case, unsophisticated — attacks. #CyberSecurity #DataProtection #Encryption #Infosec #SnowflakeBreach #MFA #TechInnovation #CloudSecurity

Audit every query and data access to your Postgres database...for free! We've been working hard to make it as easy as possible to get set up with CipherStash Proxy. Using the Docker, it now takes under 7 minutes! Checkout CJ Brewer's tutorial video. Give it a try at https://cipherstash.com

The Four Principals of Data Protection: Part Four: Record the who, what when and how. Traditional logging is complex and unreliable. 😫 Traditional logging usually happens after an event occurs which means if the log fails or is intercepted, events can go unnoticed. Encryption Logging gives you high-assurance observability. 👀 Encryption-in-Use means data can only be accessed via an interaction with a key service. Logging occurs in the key service before data access is granted therefore guaranteeing that it will be logged.  Defending against compromised accounts 💊 The reliable and accurate recording of what data is accessed, by who, when and from where, strengthens an organization’s defence against compromised accounts, over-access and insider threats. Click the link to check out the white-paper written by 💻Dan Draper CEO and Founder of CipherStash. https://lnkd.in/eRsBK3aE CipherStash is the platform designed to meet the 4 principles of effective data protection. It is free to download and start seeing data, click here to start! https://lnkd.in/em5RhrQ6

The Four Principals of Data Protection: Part Three: Authorise Every Action 🛂 Encryption-in-use ensures policy effectiveness 💯 By embedding identity and authorization into the decryption process, Encryption-in-Use provides reliable and effective policy enforcement with broad coverage. To take full advantage of this approach, authorization decisions must be made based on the end user identity (i.e. originating party) and not just a service or application. ✅ Encryption-in-Use expands solution coverage ❌ Traditional system based access controls have limited coverage ✅ Encryption-in-use means data is protected by default Encryption-in-use protects data by default providing base-level coverage regardless of context. Read the full WhitePaper: Safeguarding Data with Encryption-in-use here: https://lnkd.in/eRsBK3aE

The Four Principals of Data Protection: Part Two: Minimise the Trust Boundary Minimizing the scope of any granted access to only the essential is fundamental to data security and protecting against over-access and insider threats. Access specifics are equally important. Who should have access? Which records or fields should be accessible? Should queries be allowed at any time, only during certain times of day or for a limited period? Minimizing the trust boundary provides access strictly on a needs-to-know-basis. It extends only the least privilege required for a user to achieve their goal and mitigates unwanted data access. Who, What, When and Where: 👤 Who legitimately needs access? 🗄 What data should be accessible? 💻 Where should data be accessible? ⏰ When is access is appropriate? Encryption-in-use enables fine-grained access control directly at the data level. Contextual information is locked cryptographically, in a compact data format ensuring that access control is always correct. If you want to read more on the series plus more insights from 💻Dan Draper you can download the White Paper here: https://lnkd.in/eRsBK3aE #cybersecurity #data #postgres #ciso #security #encryption