Elasticsearch is an excellent datastore to store and search PII (Personally Identifiable Information). Using Elasticsearch, large volumes of Personally identifiable information (PII) such names, email addresses, usernames, credit card numbers and social security numbers are available for fast searches.
While Elasticsearch offers encryption-at-rest and encryption-in-transit security, PII data breaches on Elasticsearch are far too common. Here are a few headlines on Elasticsearch data breaches that have occurred in the last six months:
Unprotected Elasticsearch Server Leaks 5 Billion Records - March 20, 2020 - https://www.cisomag.com/unprotected-elasticsearch-server-leaks-5-billion-records/
Elasticsearch Server Exposed 1.2 Billion People Data - November 25, 2019 - https://www.cisomag.com/elasticsearch-server-exposed-1-2-billion-people-data/
French Hotel Giant Leaks 1TB+ of Client Data - November 22 2019 - https://www.infosecurity-magazine.com/news/french-hotel-giant-leaks-1tb-of/
Why do data breaches happen on Elasticsearch?
While Elasticsearch supports encryption-at-rest (on disk) and encryption-in-transit between servers, searchable data cannot be encrypted. Besides, tools like Kibana allow users to see everything stored in the index (including sensitive PII information).
When access to Elasticsearch endpoint (port 9200) is not secured, or user security managed incorrectly, it is easy for an unauthorized user to access and see all searchable data. Most data breaches on Elasticsearch have used this route to gain access to the PII data.
What are we missing in terms of data security on Elasticsearch?
Enterprise infrastructures consist of tens of thousands of cloud resources that create opportunities for leakage. In this situation, when the security of a single Elasticsearch server is changed even for a legitimate reason, it has the potential to expose millions of records containing PII.
In complex multi-cloud environments that enterprises operate today, finding this type of vulnerability can be like looking for a needle in a haystack. A prevention-first approach is critical in situations where PII information is involved.
How do we protect PII information stored in Elasticsearch?
SearchBlox provides a novel solution for searching and encrypting PII information stored in Elasticsearch. SearchBlox Enterprise Search product offers a Data Privacy Module that manages the security and encryption of PII information stored in Elasticsearch index. PII information and even entire documents can be stored in Elasticsearch in encrypted form using AES-256 encryption while providing the full search capability. All users can search the data, but only privileged users can see the PII information which is decrypted at search time by the Data Privacy Module. In this situation, should an unauthorized user ever gain access to the Elasticsearch server, the user will only see the encrypted information.
SearchBlox Enterprise Search product implements this capability out-of-the-box to every Elasticsearch cluster, offering an end-to-end solution for searchable encryption to keep your PII data secure in Elasticsearch.
The cost of data breaches are very high, and organizations need to take a critical prevention-first approach when using Elasticsearch for PII data.