Bonafeyed‘s Cy4Secure is a data protection solution that safeguards an unlimited number of data fields and tables contained within databases, whether deployed in the cloud or utilized by SaaS applications. It is fully interoperable with today’s security technologies covering detection, prevention, and transportation, and protects data even after a security data breach. Our Data-Defined Protection approach natively secures data, allows full database query operations, and keeps queried data protected when sent to another enterprise or security domain, placed in backups or archives, or after received on endpoint devices. Cy4Secure supports either an advanced 800-bit streaming cipher or AES-256 block cipher encryption, multi-factor authentication or password-less data cryptography without impacting user workflows. When compared to other approaches, Cy4Secure goes beyond traditional data “in-flight” or “at-rest” security technologies by protecting data “in-use” within a database or database driven SaaS CRM, ERP, Retail, Health Services, Finance, Telecom or Services applications.
The underlying problem with data protection is a general lack of awareness and understanding of how to protect the data itself, not just guard the systems holding it. Data protection regulations do not specify how to safeguard data, only that “somewhere” encryption be utilized. Transit protection only secures data “in-flight”. Data “at-rest” protection only secures where data is physically stored. Traditional security solutions try to detect and prevent unauthorized access at the edge of an enterprise, but once a cybercriminal penetrates the security perimeter, data is freely available by querying the databases. When protected by Cy4Secure, unauthorized users can only receive or pilfer encrypted data. Data remains safe even while IT applies patches and updates to fix regularly discovered exploits to the perimeter security. In the event Cy4Secure protected data is lost, stolen, abandoned, or forgotten, it remains secure and is demonetized and permanently inaccessible once the crypto keys protecting it are disabled or retired, ensuring cybercriminals or non-authorized users only obtain unintelligible encrypted data.
Cy4Secure Data Security can be seamlessly and rapidly deployed in existing environments. All modern database systems can be protected without impacting user workflows, changing existing infrastructure, and with no perceivable impact to performance. Users or external customer/clients perform password-less or multi-factor authentication to validate credentials which allow access to protected data. More importantly, each data element or field can be independently encrypted/protected. No two data elements are required to share the same key or authorization requirements. Bonafeyed delivers privacy in plain sight!
Cy4Secure is Bonafeyed’s answer to the increasing threat of data breaches. Cy4Secure‘s architecture accomplishes this feat by only encrypting/decrypting data at authorized user endpoints. Our Data-Defined Security approach continuously safeguards data as it moves across different security domains, when it lands on an application server, after delivery from a cloud-based application, and finally, when the data rests on a recipient’s endpoint device. Cy4Secure uses the following security methods:
- Bonafeyed never sees or touches any customer data
- All encrypt/decrypt operations are performed on the user’s secure endpoint device (SED)
- All authentication data is hashed using SHA-512
- Shared data is encrypted before it leaves the user’s SED
- Encryption secrets are disassociated from the protected data’s location
- Data and corresponding encryption secrets only unite on an authorized user’s SED
- Agnostic Data-Defined Architecture with all transport, network, or other security protocols
- “Airgap” technology ensures keys and credential information are inaccessible to hackers
- Minimum of 800-bit size keys are utilized for strong crypto operations
- Five 9’s Availability for authentication, and crypto management services reliability and uptime
At the center of Bonafeyed’s data security is the Cy4Secure Arbiter (CSA) which is responsible for managing all crypto functions. They include maintaining crypto secrets and credentials relationship, authorizing crypto information, supporting RESTful API, enforcing encryption key lifecycles, monitoring access habits, trends, frequency to proactively detect attacks, and theft or misuse of user credentials. It stores cryptography secrets and credentials, operates in a highly reliable and available clustered and distributed configuration. The CSA is deployable within the cloud as a service or on premise using a software-defined deployment model.
The Bona-Isolator™ provides an industry leading security air gap between public facing servers and the CSA. It ensures that no direct access to the ML Data Store or the CSA is possible
The Data Security Gateway (DSX) is a data gateway and security software that connects legacy devices and applications to Bonafeyed protected databases whether located in the cloud, within a SaaS product, or an on-premises DBMS. The DSX compliments existing security infrastructure and operates on application data independent of a protocol or data structure. Without any changes to end-point devices, DSX brings Bonafeyed’s data-defined security, data cryptography, and last mile protection - a rapid, light-weight deployment option for any Enterprise.
DSX is designed to interoperate with database management systems, database driven applications and 3rd party SaaS such as salesforce.com, Facebook Workplace, ServiceNow, and NetSuite. There is no change to an application’s functionality. Users continue transparent use of applications. DSX identifies and secures an application’s data so that the data is protected from hackers and cyber-thieves while allowing authorized users to see and use the protected data. It supports both the patented 800-bit high performance Stream Cipher and standard AES256 Block Cipher operations to protect data without impacting performance or functionality.
DSX encrypts application data fields before it is stored in the cloud and decrypts the data when it is en route to the client’s web application. The cloud applications or servers are not negatively impacted – it has no idea that the data is encrypted. Additionally, when the cloud server is hacked and the data stolen, the hackers only have access to encrypted data, digital gibberish. IT installs DSX on virtual machines or appliances, describes the cloud system, updates the configuration so DSX exists between the clients and application server, and DSX does the rest.
DSX performs encrypt/decrypt operations and works in conjunction with Bonafeyed’s Cy4Secure Arbiter (CSA) where users are authorized, and 800-bit encryption keys are created and managed. Each DSX supports up to 175 users and each cluster can manage up to 3 separate applications.
Key DSX features:
- Secured data gateway for any legacy and 3rd party SaaS applications
- Encrypts and Decrypts data between application servers and clients
- 800-bit or AES256 encryption, auto data field detection, and admin dashboard
- Supports 175 users per DSX node and up to 3 applications per DSX cluster
- High availability active-active n+m cluster failover design
- Low-latency, scalable high throughput architecture
Data protection begins at the client’s computer system regardless of device type for the secure use of native applications, web browser applications or internet pages. This means data is protected before it leaves an endpoint device or network element and remains secure until the recipients of the data are authenticated to read or use the encrypted data. The Cy4Secure data protection system allows 100% Transparent “No-Touch” enterprise deployments or client “one-touch” 3rd-party application integration. A typical enterprise deployment entails an IT organization or resource to first determine the best deployment option for their applications. Depending on the application type the following options are possible for IT.
Applications that utilize off the shelf web browsers including Microsoft Windows Edge, Firefox, Google Chrome, and MacOS Safari are supported through a plugin. When data is sent or received, the plugin verifies a user’s permission to use the built-in cryptographic engine to either decrypt or protect data. In addition, the Data Security Gateway (DSX) facilitates the fastest deployment option for legacy devices or applications without the need for endpoint plugins or altering applications.
No matter the endpoint device, whether within the same network domain or external, the Cy4Secure system can extend the data security domain, validate and authorize access to protected data using an 800-bit Stream Cipher based technology. When encrypted data is lost, stolen, abandoned or forgotten, it remains protected and becomes permanently inaccessible or demonetized once access is deleted or retired ensuring cyber criminals or internal non-authorized users only obtain unintelligible data.