Overview of IronCore Cloaked Search

Cloaked Search is a transparent proxy for the Elasticsearch and OpenSearch services that protects sensitive data in the search service index and document store to protect it from hackers, curious administrators, and other threats.

(See product descriptions, use cases, pricing, and other information here).

You can decide which fields in a document are sensitive, and the proxy will apply cryptographic techniques to cloak any index terms generated from those fields. This protects the data in those fields from being extracted from the index. It also processes all queries and cloaks the search terms, so an eavesdropper can’t make guesses about the documents by watching the query traffic. The proxy also encrypts the full document. Put it all together, and Cloaked Search lets you do full text searches on encrypted data.

Cloaked Search’s API is the same as the underlying search service API, so all requests intended for the search service should flow through the proxy. The proxy will only modify requests that involve fields that have been configured for protection. For those fields, the data will be encrypted before being passed on to the search service.

Cloaked Search can be configured for a multi-tenant environment where separate keys are used for each tenant’s data. When combined with SaaS Shield, tenants may manage their own encryption keys to take control of their data. The multi-tenant feature also reduces the possibility of accidental information leakage and cross-tenant data pollution.

What Types Of Fields Does Cloaked Search Support?

Cloaked Search works best on text fields like titles, abstracts, names, and addresses, but it does work on boolean and numeric fields as well; they are treated as strings. Other field types like dates cannot be encrypted at this time unless they are provided as strings (explicitly enclosed in quotes). Range and comparison matches on protected numeric and date fields (eg, values greater than x) will not work.

What Queries Are Supported?

Cloaked Search supports a large part of the commonly-used query syntax. For details and examples for different types of queries, see our Querying pages.

Features

Cloaked Search provides the following key features:

• compatibility with both Elasticsearch and OpenSearch services
• SaaS Shield integration for managing per-tenant keys
• standalone key mode for single-tenant operation and self-contained testing
• fuzzy matching with a phonetic matcher
• substring matches for prefix wildcards
• boosting
• phrase queries

Getting Started and Learning More

We have a live demo that will let you play around with Cloaked Search queries to see how this all works in an interactive setting.

You can try out Cloaked Search in about 5 Minutes. All you need is a basic *nix installation and Docker to run it locally.

If you’d like to dig into how to configure and deploy Cloaked Search to talk to an existing search service running in your development cluster, check out Configuring and Deploying Cloaked Search.

If you’d like to understand how Cloaked Search secures your data, check out What Is Encrypted Search.

You can see the changes in each version of Cloaked Search in its changelog.