Cloaked Search
Sensitive data stored in Elasticsearch and OpenSearch is vulnerable to hackers. Secure it with searchable, drop-in, application-layer encryption.
Searchable encryption so you can encrypt and then search
Reduce risk by protecting data at the application layer
Application-layer encryption (ALE) provides strong protection against breaches, unauthorized insider access, injection attacks, and cloud misconfigurations.
Protects your sensitive data while allowing rich analytics
Secure personally identifiable info (PII) and other data without losing your ability to find or run analytics on it. Works with logs, user-generated content, and other enterprise data.
Comply with privacy and security regulations
Meet the strictest data security obligations without losing functionality. Comply with the data protection requirements in privacy laws by encrypting the data.
Drop-in protection without code changes
The Cloaked Search proxy sits in front of your search cluster and doesn't require code changes or plugins to use so you can seamlessly encrypt and search.
Why it matters
Your search service is a treasure trove of data and a hacker's dream
Too often companies focus on the primary data storage but ignore the secondary ones like the search service and log data, which can contain incredibly sensitive information and are rich targets for attackers and impulsively curious insiders.
Familiar stack
Integrates with your existing search service
We support both OpenSearch and Elasticsearch,® the two most populare search services in applications and cloud infrastructures. Cloaked Search can protect either one seamlessly with no server-side plugins required.
Meaningful encryption
Data protection for always-on cloud servers
Encryption requires the correct key to unlock the data. But when you use low-level encryption like database or disk encryption, the key has already unlocked the data and stays in memory for as long as the server is running. This doesn’t do much to protect data in the cloud.
The alternative is application-layer encryption (ALE) which encrypts data before storing it and keeps the key(s) separate from the data. It’s a simple, but powerful concept that often prevents network breaches, cloud misconfigurations, and application vulnerabilities from turning into costly data breaches.
Privacy guarantee
Completely blind services
IronCore never sees your data. All data encryption and decryption is done inside your app and you store the encrypted data.
Some products operate entirely offline while others use our cloud services. In either case, IronCore is never in a position to see unencrypted data, to decrypt encrypted data we hold, or to see your keys.
No key, no access
What is encrypted search?
A search index is much like a book index. It contains a list of words that point back to the locations where they appeared. But this data can be used to recreate the entire book. And in most cases, the search service actually retains the original book, too. Yet for most companies, the data in the search index isn’t protected at the same level as other data stores.
Encrypted search is a technique that encrypts both the raw data and the index. The data can still be searched over without decrypting it, but anyone who wants to search it must have the right key. The server is blind to the data it holds and to the meaning of the searches that are made.
Features
All the search functionality you need without the risk
| Query logic | George AND (Coffee OR Mug) |
|---|---|
| Exact phrases | "IronCore Labs" |
| Prefix/suffix wildcards | Iron* |
| Phonetic matching | Kathryn == Catherine |
| Field and subdocument search | title:security author.name:george |
| Single and multi-tenant | Key per data segment |
| Complex result rankings | (weighted fields, etc.) |
| Multi-index | Search multiple indices at once |
You choose which fields to encrypt on which indices. You can do everything on unencrypted fields, and nearly everything on the encrypted ones.
Encryption is best suited to text fields such as name, email, address, health data, and user-generated content. Nearly all of the functionality you love from Elasticsearch and OpenSearch can be used over the encrypted data.
While not everything is supported, for example, you can’t do regular expression searches over the encrypted data, all of the most commonly used features are.
And most of the time, you don’t even have to change your code.
How it works
Drops in as a proxy between your app and your search service
Single key standalone mode
In standalone mode, a single key is loaded into the proxy at startup and that key is the root of trust for securing all the data. This is the simplest deployment available. Simply configure which fields you want encrypted in which indices, then point your code to the proxy instead of the search service.
Multi-key advanced key management
When you need different keys for different segments of data or when you want to make sure the service provider (eg, Amazon, Google) can’t gain access, then you can integrate SaaS Shield as a key orchestration component for keeping master keys in one or more independent key management servers. This is especially useful for multi-tenant SaaS and customer-held encryption key patterns.
Use cases
Built for people who need to use the sensitive data they hold
Customer data / PII
You can’t communicate with, bill, or deliver value to customers without their contact information or even more sensitive data. Once you’ve collected the data, it’s now subject to data privacy laws that make it costly if the data leaks.
So you need to hold the data and, more importantly, you need to be able to find it. And you’re still obligated to protect it.
Cloaked Search was built especially for use cases around personally identifiable information (PII), contact info, health info, user-generated content, and other text-based data protected by contractual obligations and regulations.
Enterprise search
Smart companies make it easy for employees to find the information they need across services like email, issue tracking, file sharing, and the CRM. But convenience for employees brings convenience for attackers, too. Search services can be a backdoor way for hackers to gain access to everything across an organization.
By application-layer encrypting the data with Cloaked Search you can drastically reduce the risk of storing sensitive data.
Log processing
Logs have a habit of capturing data that they shouldn’t. For example, plain passwords submitted on login have repeatedly made it into production logs at companies like Twitter, GitHub, and Facebook.
Data compliance officers generally have no idea what’s in logs and neither does anyone else. It changes often and filters designed to keep out sensitive data are imperfect and quickly become stale.
While logs are needed to monitor the platform and debug problems, they’re also a potential liability in a breach. Those who send their logs to Elasticsearch or OpenSearch can use Cloaked Search to encrypt the logs so if there is toxic data, it stays protected from casual snooping and determined hackers.
Insider protection
Companies should and do trust their employees and their service providers. But just one set of compromised credentials (yours or your provider’s) can turn into a nightmare if those credentials can easily access anything. It’s also inevitable that employees with access get curious now and then. An employee who peeks at a customer’s private data without a business reason is just as much of a breach in customer trust as if a hacker did the same thing.
Minimizing access is a basic tenet of security, but it’s one that rarely gets applied to Ops and Admins. With Cloaked Search, you can secure the data to minimize who has access and capture audit trails of any abuses.
Ransomware protection
The scourge of modern IT is ransomware. Instead of just stealing and trying to sell data, hackers can directly monetize their access in two ways. First, they lock the data and try to hold it hostage, threatening to erase it. Second, they exfiltrate the data and demand a payment to keep it secret. A good backup strategy can reduce the effects of the first attack, and application-layer encryption can handily defeat the second.
If the hackers can’t read the data, there’s no need to pay them to keep it secret.
Benefits
Find your encrypted data without sacrificing security
1. Protect
Secure sensitive customer PII in Elasticsearch or OpenSearch without compromising on privacy or data security.
2. Comply
Encryption means customer PII remains safely locked away so you can comply with GDPR, CCPA, and more.
3. Drop-in
No need to reinvent the wheel or rewrite your code. Keep existing code and infrastructure.
Next steps
Learn more or give it a try
Read our docs
Check out our thorough documentation that explains deployment, configuration, and internals in depth.
Read the docsUse the online demo
Explore an already-running instance seeded with data and a web interface for you to explore and learn.
Try the live demoTry it locally
Get started with a local docker image to try it out. Just follow the instructions
in our try-cloaked-search GitHub repo.