Product showcase: Searchable encryption in Elasticsearch and OpenSearch with IronCore Labs
When it comes to sensitive data, search services are the ultimate treasure trove for hackers. Why slowly sift through information when a search service has indexed it all for you?
Mistakes are inevitable and cloud misconfigurations are the number one cause of data breaches. The number two cause is when insider credentials are stolen. In either case, having your sensitive data encrypted can provide the defense-in-depth you need to prevent a mistake from becoming a catastrophe.
Application-layer encryption (ALE) is a data protection pattern that encrypts data before it goes to the data store. Cloaked Search by IronCore Labs uses ALE to protect your search data by ensuring that the data it holds is protected from unauthorized access even while the service is running.
This can be useful if you distrust your cloud provider, need to meet data residency requirements, need to show security by design, or just want to be a good steward of the sensitive information you hold.
Companies use Cloaked Search to protect customer data, personally identifiable information, enterprise search, logs, insider information, and to prevent ransomware extortion.
Quick look: What you need to know about Cloaked Search
- Cloaked Search is a transparent proxy that encrypts data before it goes to Elasticsearch or OpenSearch while still allowing you to search that data; no plugins required
- Choose which indices and fields to encrypt while the rest pass through normally, so you can start with your most sensitive data and expand over time
- Perfect as a PET (privacy enhancing technology) for safeguarding personal information and complying with global privacy laws and data sovereignty concerns
- Protects against breaches, unauthorized insider access, injection attacks, and cloud misconfigurations
How Cloaked Search works
Cloaked Search uses encryption-in-use techniques to allow searching over encrypted data without decrypting it. Any search of the encrypted data requires a key and produces an encrypted query. The search service remains ignorant of the data it holds and the queries made against that data.
There are four steps to making use of Cloaked Search:
- Step one: Pick which indices and fields you want to encrypt.
- Step two: Configure Cloaked Search to encrypt those fields and determine how the keys are managed and stored.
- Step three: Determine where Cloaked Search lives and deploy it (details below).
- Step four: Point your applications at Cloaked Search instead of the search service.
Not all fields must be encrypted. Cloaked Search can handle a combination of encrypted and unencrypted indices and fields to suit your business needs.
How to deploy Cloaked Search
Cloaked Search is deployed as a proxy. The proxy can live in the same environment as the search service or it can live in a different environment such as on-prem. A similar choice can be made for the keys: they can live in the same environment as the search service, or they can be held outside of that environment in another cloud service or on-prem.
By splitting trust, you can improve your security posture so that an attacker has more things to compromise before a successful data breach can occur.
Yet even when the search service, the proxy, and the keys are all held in the same environment, your data protection is much higher with Cloaked Search. That’s because the encryption protects your data even if the indices are accidentally made public, your backups are leaked, a search injection attack is successful, or any number of other common issues.
Deploying for data sovereignty and residency
Cloaked Search lets you treat different segments of data with different policies. For example, you can opt to encrypt EU data with keys that reside in the EU while you store the keys for U.S. data in the U.S. This ensures that the personal data of citizens is under the control of keys held in-country – and potentially can only be decrypted in-country – which helps meet requirements around data sovereignty in much of the world.
The same functionality can also be used to enable multi-tenant SaaS systems to offer customers the ability to hold their own keys.
Supported search functionality
All of the advanced search functionality you rely on remains available to you over the Cloaked Search encrypted data, including field matching, phonetic matching, exact phrase matching, boolean queries, subdocument searches, autocompletion, wildcard searches, field boosting, and more. Fields must be configured for the specific capabilities like phrase search, but when configured properly before indexing documents, you just search like you always have.
How to get started
Deployment itself is easy. The proxy is a docker container that runs in most environments and scales horizontally. It’s efficient in memory and CPU and introduces minimal overhead. In fact, you can try it out yourself by running the docker container locally in about five minutes after which you will have:
- Elasticsearch or OpenSearch running on your local machine
- Cloaked Search running on your local machine
- Sample data indexed with body and summary as protected fields
- Query results from sample queries using the protected body and summary fields
To learn more and get started, head over to the Cloaked Search docs site. And for questions, join the IronCore Labs Discord server.