IronCore SaaS Shield Suite
IronCore’s solution for multi-tenant security, the SaaS Shield Kit, is targeted towards SaaS providers looking to accelerate their roadmap to meet their customers' increasing demands for privacy and security of their cloud data. IronCore adds a number of features and integrations and handles a variety of supported Key Management Systems (KMS) including Google Cloud KMS, Amazon KMS, and Azure Key Vault, so your customers can use their platform of choice.
IronCore also protects the KMS configurations using end-to-end encryption and abstracts policy choices away from developers so they can focus on simple integration code without worrying about the complexities of key management, cryptography choices, SIEM integration, etc. The diagram below shows how this works, with IronCore’s Tenant Security Proxy running in your infrastructure as a Docker container.
IronCore’s SaaS Shield Kit relies on three distinct components: the Configuration Broker, the Tenant Security Proxy, and a Tenant Security Client.
The IronCore Configuration Broker is an IronCore-hosted web app which is the connection point between SaaS providers (vendors) and their customers (tenants).
Vendors use the Configuration Broker to provision their CMK tenants and to add configuration for the Tenant Security Proxy Docker container. Tenants use the Configuration Broker to manage access to their KMS, regardless of which cloud provider hosts the KMS. They also use the Configuration Broker to configure access to their logging / Security Incident and Event Management (SIEM) system, wherever it runs. This configuration feeds the Real Time Security Events logger that is collocated with the Tenant Security Proxy.
Most importantly, the Configuration Broker is a zero-trust system; all information for both vendors and tenants is end-to-end encrypted and never seen in its unencrypted form by IronCore. Both you and your customers can feel safe that the information provided within the Configuration Broker is only ever seen by approved administrators and systems. And better yet, all access is logged and can be audited by the customer.
The Tenant Security Proxy is a Docker container that is run within your SaaS infrastructure. It is the gateway between your application and your customer’s KMS and logging infrastructure, regardless of where that runs. Because this Tenant Security Proxy Docker container runs in your infrastructure, you control its scaling and rollout.
The Tenant Security Client Libraries are SDKs provided by IronCore that you integrate into your applications' codebases. These libraries interact with the Tenant Security Proxy, providing simple configuration and method calls to encrypt and decrypt your customers' data. They also generate auditable events that are fed to your customers' logging systems.
The data that you encrypt and decrypt is never transferred to the Tenant Security Proxy and always stays directly within your application.
If your SaaS application is using Amazon S3 to store customer data, IronCore offers a tailored solution to further decrease the time and effort required to allow your customers to control their own data. SaaS Shield for Amazon S3 is an AWS-specific offering that is built to be installed into the same infrastructure that is hosting your S3 buckets. It is built on the SaaS Shield Kit, but instead of embedding the Tenant Security Client library in your application, IronCore provides an S3 proxy service that handles calls to S3 and transparently encrypts and decrypts the S3 data using keys managed by your customers.
You don’t need to make any changes to application code; just change your configuration to point to the proxy instead of the S3 endpoint you were using, et voilà, you have KMS encryption (and optionally CMK) for all your S3 data!
Setup and configuration is similarly quick and easy. After you have requested access and created a vendor account in the Configuration Broker, we provide a streamlined way to install the necessary components in your AWS infrastructure. Your operations staff can have a test system up and running in no time. We also provide a global test instance, so you can verify that your S3 client software is compatible with the S3 proxy before you set up a system to do more extensive tests.
And since you already have an account set up in AWS to use S3, you can purchase this offering in the AWS Marketplace. Monthly subscription fees will be included in your AWS bill. When you purchase the subscription, it will guide you to the Configuration Broker to complete product setup and obtain the scripts necessary to get everything up and running under your AWS account.
As mentioned above, these SaaS Shield offerings use the Real Time Security Events product to log CMK key operations to tenant-configured logging and SIEM systems. The Tenant Security Clients also allow your applications to generate additional security-related events and log them to the same logging systems. This gives you the ability to provide a comprehensive view of your security operations to your tenants.
If you’re using Elasticsearch in your infrastructure, IronCore has created an easy way for you to protect any sensitive data in the documents you make available for search. SaaS Shield Cloaked Search is an Elasticsearch-specific product that you configure and deploy into your infrastructure. Without significant code changes to consumers of the Elasticsearch API, fields you specify as containing sensitive data are encrypted before being sent to Elasticsearch for storage. Cloaked Search maintains data inside Elasticsearch that lets you query the encrypted data securely.
It can either be configured to use the SaaS Shield Kit to manage keys for your tenants or to use standalone keys. If you use the SaaS Shield Kit to manage keys you don’t need to embed the Tenant Security Client library in your Elasticsearch clients and make a bunch of code changes - you just configure the clients to make calls to Cloaked Search instead.