Riah Lawry

How To Neutralize Toxic Data In Custom Fields

Encrypting Custom Fields Reduces Risk When Customers Store Sensitive Data Within The Cloud Application

Custom fields are a mainstay in B2B software. Enterprise and SMB customers want the ability to personalize data fields in your application to meet their business needs, track their processes, or otherwise extend your capabilities. You offer this extensibility to keep your customers happy. But then they want to use those fields for toxic data.

Common Challenges With Custom Fields

Custom Fields Introduce Risk

With customers deciding what their custom fields are used for, cloud applications are at risk of unwittingly storing data that may be regulated or carry extra costs in the case of a breach. We call this toxic data, and it could be anything from government identifiers like driver’s license numbers to healthcare data protected in the U.S. under HIPPA.

Did you know?

Whatever the cause, if your cloud application or infrastructure is hacked, then that sensitive data can be stolen and your good reputation along with it.

Limiting Custom Fields Makes Customers Unhappy

As a result, many companies are hesitant to allow sensitive data like this within their application and do their best to restrict toxic data with license agreements that limit use cases for customers. Customers are forced to make do with a product that doesn’t meet all of their needs.

Protect Custom Fields With Application-layer Encryption

To make customers happy without embracing the risks inherent in storing sensitive data, the solution is to encrypt the sensitive data using application-layer encryption (ALE).

What is ALE? Application-layer encryption is an architectural approach where you encrypt data before sending it to a data store. If the data store is compromised on a running machine, then the encrypted data remains safe. This contrasts with the usual “data protection” approach of encrypting data at the disk or database level, which doesn’t stop anyone from viewing the data on a running server.

  1. Encrypting sensitive custom fields gives B2B software companies and their customers peace of mind You don’t have to encrypt every field within your application. Start with the riskiest data and encrypt it first. With ALE, you get a backstop against network breaches, application vulnerabilities, misconfigurations, injection attacks, overly curious employees, subpoenas, data-stealing ransomware, and stolen credentials.

  2. Encrypting sensitive custom fields allows B2B software companies to loosen requirements Happy customers make for successful businesses.

Encrypted Search Keeps Your Customers’ Data Findable

When you encrypt data before sending it to the data store, the store itself can’t filter, search, or otherwise operate on the data. But you can have your cake and eat it too with a breakthrough encryption-in-use product from IronCore Labs: Cloaked Search.

With Cloaked Search, you use your existing Elasticsearch or OpenSearch service, but Cloaked Search encrypts the sensitive data before it goes to the service. With the right keys, search can happen over the encrypted data. Best of all, this works with the use of a proxy service that handles the security for you so you don’t have to change your code.

Want to know more about encrypted search and Cloaked Search?

Start Here

More great reads