- Docs
- SaaS Shield
- Suite Architecture
SaaS Shield Suite Architecture
SaaS Shield Kit
IronCore’s solution for multi-tenant security, the SaaS Shield Kit, is targeted towards SaaS providers looking to accelerate their roadmap to meet their customers’ increasing demands for privacy and security of their cloud data. IronCore adds a number of features and integrations and handles a variety of supported Key Management Systems (KMS) including Google Cloud KMS, Amazon KMS, Azure Key Vault, and Thales CipherTrust Manager, so your customers can use their platform of choice.
IronCore also protects the KMS configurations using end-to-end encryption and abstracts policy choices away from developers so they can focus on simple integration code without worrying about the complexities of key management, cryptography choices, SIEM integration, etc. The diagram below shows how this works, with IronCore’s Tenant Security Proxy running in your infrastructure as a Docker container.
IronCore’s SaaS Shield Kit relies on three distinct components: the Configuration Broker, the Tenant Security Proxy, and a Tenant Security Client.
Configuration Broker
The IronCore Configuration Broker is an IronCore-hosted web app which is the connection point between SaaS providers (vendors) and their customers (tenants).
Vendors use the Configuration Broker to provision their CMK tenants and optionally to provide KMS configurations for those tenants. In addition, they can add configurations for the Tenant Security Proxy and Vendor Bridge Docker containers. Tenants use the Configuration Broker to manage access to their KMS, regardless of which cloud provider hosts the KMS. They also use the Configuration Broker to configure access to their logging / Security Incident and Event Management (SIEM) system, wherever it runs. This configuration feeds the Real Time Security Events logger that is collocated with the Tenant Security Proxy.
Most importantly, the Configuration Broker is a zero-trust system; all information for both vendors and tenants is end-to-end encrypted and never seen in its unencrypted form by IronCore. Both you and your customers can feel safe that the information provided within the Configuration Broker is only ever seen by approved administrators and systems. And better yet, all access is logged and can be audited by the customer.
Single Sign On (SSO)
The Configuration Broker allows each vendor to configure an Identity Provider (IDP) that can be used by admins of any of their tenants to authenticate via SAML-based SSO when logging into the application. In addition, each organization (tenant or vendor) can choose to configure its own IDP for authentication of its admins. An organization can thus choose to use its own IDP, the IDP of one of its vendors (for tenant organizations), or standard username and password authentication.
More details on SSO are here.
Tenant Security Proxy
The Tenant Security Proxy is a Docker container that is run within your SaaS infrastructure. It is the gateway between your application and your customer’s KMS and logging infrastructure, regardless of where that runs. Because this Tenant Security Proxy Docker container runs in your infrastructure, you control its scaling and rollout.
Tenant Security Client Libraries
The Tenant Security Client Libraries are SDKs provided by IronCore that you integrate into your applications’ codebases. These libraries interact with the Tenant Security Proxy, providing simple configuration and method calls to encrypt and decrypt your customers’ data. They also generate auditable events that are fed to your customers’ logging systems.
The data that you encrypt and decrypt is never transferred to the Tenant Security Proxy and always stays directly within your application.
Vendor Bridge
The Vendor Bridge is a service that is delivered in a Docker container that is run within your SaaS infrastructure. It provides an API that can be used to manage tenants and KMS configurations by communicating with the Configuration Broker on your behalf. This is useful when provisioning your tenants programmatically.
SaaS Shield for Amazon S3
If your SaaS application is using Amazon S3 to store customer data, IronCore offers a tailored solution to further decrease the time and effort required to allow your customers to control their own data. SaaS Shield for Amazon S3 is an AWS-specific offering that is built to be installed into the same infrastructure that is hosting your S3 buckets. It is built on the SaaS Shield Kit, but instead of embedding the Tenant Security Client library in your application, IronCore provides an S3 proxy service that handles calls to S3 and transparently encrypts and decrypts the S3 data using keys managed by your customers.
You don’t need to make any changes to application code; just change your configuration to point to the proxy instead of the S3 endpoint you were using, et voilà, you have KMS encryption (and optionally CMK) for all your S3 data!
Setup and configuration is similarly quick and easy. After you have requested access and created a vendor account in the Configuration Broker, we provide a streamlined way to install the necessary components in your AWS infrastructure. Your operations staff can have a test system up and running in no time. We also provide a global test instance, so you can verify that your S3 client software is compatible with the S3 proxy before you set up a system to do more extensive tests.
And since you already have an account set up in AWS to use S3, you can purchase this offering in the AWS Marketplace. Monthly subscription fees will be included in your AWS bill. When you purchase the subscription, it will guide you to the Configuration Broker to complete product setup and obtain the scripts necessary to get everything up and running under your AWS account.
SaaS Shield Real Time Security Events
As mentioned above, these SaaS Shield offerings use the Real Time Security Events product to log CMK key operations to tenant-configured logging and SIEM systems. The Tenant Security Clients also allow your applications to generate additional security-related events and log them to the same logging systems. This gives you the ability to provide a comprehensive view of your security operations to your tenants.