2021-05-06 Patrick Walsh
Why Your SaaS App Needs Better Encryption
If you’re building software today, you’re probably planning to run it in AWS, Google Cloud, or Azure. And you’re probably planning to leverage the tools in those platforms to secure the data.
But if you’re building a SaaS application where customer data is private to the customer, then you have a dilemma. None of the big cloud providers help you to sandbox data between your customers without standing up dedicated infrastructure (databases, queues, etc.) for each customer. Doing that is prohibitively expensive, adds provisioning complexity, and drives up hosting, maintenance, and management costs.
So it’s up to your application to create a permissions layer and to implement strategies to ensure that you never deliver Customer A’s data to Customer B. Harder than it sounds.
Unfortunately, filtering data per-tenant is error-prone. It’s a fertile area for penetration testers and hackers to explore when searching for vulnerabilities in your software. The bespoke nature of each app’s permissions scheme multiplies the opportunities for mistakes. And every single commit reintroduces the possibility that something goes wrong.
There aren’t many third-party tools that can help developers enforce permissions from the end user through to the data store. Most database layers, whether SQL or NoSQL, only offer per-application permissions.
The storage credentials are issued per application and determine which tables the app can see. The database has no concept of who is asking for the data and can’t help with row-level or field-level access controls.
Because of this, when someone finds a vulnerability in an application — and vulnerabilities are sure to be there — then an exploit of the flaw could compromise an entire database. There’s no reliable way that these databases or these cloud providers offer that will help to contain the blast radius.
One approach that’s gaining popularity improves the situation and can simultaneously help SaaS companies run the gauntlet of data privacy regulations worldwide: per-customer application-layer encryption.
The concept is pretty simple: for any regulated or sensitive data, encrypt it before storing it in whatever storage layer. But critically, use different “master keys” to encrypt Customer A’s data from Customer B’s data.
Nothing with encryption is simple, which is why, unfortunately, most companies stick to transparent disk encryption and consider that good enough. Transparent encryption, though, only protects data from physical hard drive theft. It doesn’t help with hackers or curious administrators gaining access to running machines.
Because of this, an increasing number of companies are offering per-tenant, application-layer encryption. And many are taking it one step farther and allowing their customers to manage or even hold their encryption keys.
When SaaS customers hold their own keys, they control their data. They can see how it’s used and revoke access if necessary. This improvement to multi-tenant application encryption is often called Customer Managed Keys (CMK), Bring Your Own Key, or Customer Held Encryption Keys.
Here are the three biggest worries for companies that want to take this step:
- They lack the expertise needed to build what’s required.
- They believe the project would be too large, too expensive, or lack quantifiable return (ROI).
- They assume they won’t be able to use the data, filter on the data, or search on the encrypted data.
These worries are reasonable for anyone trying to build this themselves. But there are tools that already address these problems. With the right tools, it’s not only feasible but within easy reach.
Privacy is hot right now. Companies are worried about their software supply chains, and everyone wants to know their data is being kept private. Encrypting that data on a per-customer basis can alleviate many of these concerns and help win customers over. SaaS is about trust. We’ll help you be more trustworthy than your competitors.
You can charge for premium security. Most companies who offer similar solutions charge a premium of 20–30% to those customers who want to manage or hold their own keys. It pays for itself.
Move up-market. If you’re in the B2B world, you already know what a pain it is to sell to Enterprise customers with security teams that want you to fill out pages and pages of forms. It slows and sometimes kills deals. But when you have a strong privacy and security story, it does the opposite: it helps you win sales and differentiate against competitors.
Here at IronCore, we build tools to make multi-tenant application layer encryption easy. Plus, you get optional customer-managed and customer-held encryption keys, real-time security event streams to your customer, and a whole lot more besides. Our SaaS Shield product addresses many common customer privacy concerns with SaaS, including the holding of European citizen data post-Schrems.
We’ve done most of the heavy lifting, so you just need to find your integration points. In some cases, such as for data stored in S3, you likely won’t even need to change your code.