Take a prevention-first approach with end-to-end encryption.
Elasticsearch is a fast, open source search and analytics engine for structured and unstructured data. It’s a great way to store and search large volumes of Personally Identifiable Information (PII). But the headlines are disturbing.
A few days later, security researchers discovered more than 4TB of data that seems to have come from two US-based data enrichment companies on an open Elasticsearch server. It appears the leaky Elasticsearch database was not password protected. Oh, the irony.
Elasticsearch Security
Elasticsearch offers encryption at rest (on disk) and in transit (between servers). So why are these data breaches so common?
There are a couple of reasons:
#1 Elasticsearch does not allow you to search data while it’s encrypted. “In order to search the data, you have to decrypt it — even if just temporarily,” explains Timo Selvaraj, co-founder and VP of product management at SearchBlox. “This, of course, compromises security.”
#2 Unprotected apps running on top of your Elasticsearch clusters pose security risks. “Take Kibana, for instance,” explains Selvaraj. “Kibana is an open source analytics and visualization platform. It’s browser based and fetches data from your Elasticsearch databases so you can do advanced analysis on the data, and then present it visually with charts, tables and maps.” Although admins can securely configure Kibana, he explains, many don’t do it properly and there isn’t sufficient security baked in.
A Prevention-First Approach
Enterprise infrastructure consists of tens of thousands of cloud resources. Each one creates opportunities for leakage. All it takes is one improperly secured Elasticsearch endpoint (port 9200) to expose millions of records of PII. So modifying the security of a single Elasticsearch server — even for a legitimate reason, even just for a moment — is unacceptable.
That’s why you have to take a prevention-first approach,” explains Selvaraj. “That’s why we created a novel solution for searching encrypted PII stored in Elasticsearch.”
SearchBlox Enterprise Search’s Data Privacy Module
SearchBlox Enterprise Search offers a Data Privacy Module that allows you to search data while it’s still protected with AES-256 encryption. Every user can search the data, but only privileged users can see the decrypted PII information.
If an unauthorized user somehow gains access to the server, they’ll only see encrypted data — data they can’t do anything with.
Data Before Encryption
{
credit_card : "1234123412341234”,
ssn : “123-45-1234",
date_of_birth : "10-10-1950",
address : "123, Hot Springs Lane, Newcity, AA 12345”,
name : "John Doe"
}
Data After Encryption
{
deid_credit_card : “aksjdhf12akjshepiu23nda2134n2,m3en2;kj3sh1k2m3neskj2n3eskjn123esdsm,cfn;2oie4r”,
deid_ssn : “sdkjfn,m3en2;kj3sh1k2m3neskj2n3eskjn123esdsm,cfn;2oir”",
deid_date_of_birth : “askjdfn;wkejyrx;ak dns;kj2swejflwkfnlwrknfewlrr",
address : "123, Hot Springs Lane, Newcity, AA 12345”,
name : "John Doe"
}
The PII on the left will look like the data on the right to an unauthorized user.
This kind of functionality,” Selvaraj explains, “is extremely important to our government, healthcare and financial services clients.” SearchBlox Enterprise Search offers this capability out-of-the-box, so you can rest assured that you’ve got an end-to-end solution that enables you to leverage the power of Elasticsearch without compromising your customers’ data.