IronCore SaaS Shield Platform
SaaS Shield is a suite of products designed to enhance per-tenant security in your multi-tenant SaaS app. The two main products in the SaaS Shield platform are the multi-tenant security system (SaaS Shield Kit) and the S3 proxy (SaaS Shield for Amazon S3).
If most of your multi-tenant data is in S3 and you just want to make sure that it’s secure, you want to check out SaaS Shield for Amazon S3. If your multi-tenant data is in other forms of storage (databases, disk, key value stores, etc.) or your use case is more complex, then you’ll want to use the SaaS Shield Kit directly.
The SaaS Shield Kit provides services and SDKs to enable your customers (or you on their behalf) to easily configure external cloud KMS and logging. It makes it easy to use those cloud options to encrypt multi-tenant data in your service’s code with a high level SDK, and provides benefits like security event audit logging without any additional code. You get the advantage of having each tenant’s data encrypted with a different key, creating additional protections against mixing multiple tenant’s data inadvertently, even if they are all sharing a data store. This kit is made up of a Tenant Security Proxy, a Tenant Security Client SDK, and a Configuration Broker.
SaaS Shield for Amazon S3 is a pre-created SaaS Shield Kit based system that deploys directly into your AWS instance using CloudFormation templates. It uses the Configuration Broker to allow you and your customers to manage KMS and logging cloud options, but doesn’t require any code changes to your services. You simply deploy it, configure it, and point your current S3 app to it. SaaS Shield for Amazon S3 can also be purchased directly from the AWS marketplace.
If you are using Elasticsearch or OpenSearch to index your tenants’ data, you can take advantage of Cloaked Search. This is another ready-to-deploy container that can be configured to use SaaS Shield to manage the keys it needs to protect fields in the index and still allow searches on the data. You can secure your search service and still allow you and your customers to manage KMS and logging cloud options.
Was this page helpful?