Take a security-first approach to search.
Search security comes standard with SearchBlox, but not everyone provides out-of-the-box peace of mind. If you’re shopping around, ask each vendor how their security stacks up. Here are five important questions to guide that conversation:
1. Does your security architecture comply with the latest regulations and privacy industry standards?
Privacy compliance is constantly evolving. If your enterprise search isn’t doing the same, you risk crippling penalties and reputational damage.
Our search products comply with the following:
2. What kind of data encryption do you offer?
There are three types of data encryption you need to ask about:
- Encryption at rest protects your data “on disk.”
- Encryption in transit protects your data as it travels from one server to another.
- Encryption in use or searchable encryption allows you to search sensitive data without decrypting it.
We support OpenSSL and TLS 1.2/1.3, allowing you to meet stringent security standards and compliance requirements for data at rest and in transit.
In addition we offer a data privacy module that allows you to search data while it’s still protected with AES-256 encryption. Every user can search the data, but only privileged users can see the decrypted Personally Identifiable Information (PII). (We offer this feature as part of our Platinum Support.)
If an unauthorized user somehow gains access to the server, they’ll only see encrypted data — data they can’t do anything with. (To learn more about this novel solution, read “Protect Your Data — and Your Reputation — on Elasticsearch.”)
3. What types of authentication do you offer?
Authentication verifies who a user is. Your users need the right credentials to gain access to your enterprise search.
We can leverage your existing authentication infrastructure, including:
- Lightweight Directory Access Protocol (LDAP) or Active Directory (AD)
- Security Assertion Markup Language (SAML)
- Kerberos (a network authentication protocol)
- JSON Web Tokens
- Transport Layer Security (TLS) certificate
- Proxy authentication or single sign-on (SSO)
We also offer an internal user management realm with support for Basic HTTP authentication for easy security setup. And we support secure and authenticated crawling for data ingestion.
4. How granular is your authorization?
While authentication verifies who a user is, authorization verifies what they have access to. At a high level, many enterprises talk about public, private and sensitive data. But these distinctions aren’t granular enough for authorization, so you’ll need to understand how many levels of permission your search software gives you.
SearchBlox offers very granular authorization. We start with standard group- and role-based access controls. But we can also restrict access to parts of a document or even specific fields, granting different users different levels of access to the exact same document.
We support multi-department and company-wide controls, which allow organizations to share the same search setup while simultaneously restricting each team’s access to their own data and search results.
5. What kind of search monitoring do you offer?
Monitoring search allows you to observe and track the operations and activities of anyone using the search product. In other words, it lets you see who searched what and when.
Our audit logging offers real-time monitoring for access, activity, query and user logs. That means you can record and track any action performed by users and spot suspicious activity, which is essential for security incident response. Audit logging also supports compliance with government and industry regulations, such as GDPR, HIPAA, PCI and ISO.