Keeping data private and secure has become increasingly challenging for companies. Data usually has to be stored on behalf of users on a server or cloud service somewhere. Responsibility for security and privacy lies with the company storing the data. This involves several hurdles. First of all, data breaches have become extremely common. A black market for user data has emerged that makes it extremely profitable for bad actors to launch sophisticated cyber attacks aimed at stealing private data. Secondly, privacy regulations, such as GDPR and CCPA, make it hard for data hosts to comply, especially so in specific industries, for example, HIPAA-compliance in the healthcare sector.
In terms of cybersecurity, a large number of incidents have shown that companies simply lack the capabilities to implement the required safeguards. Even the biggest names in technology have had embarrassing data breaches, as just again demonstrated by the latest large-scale Twitter hack.
Let us Deal with Cryptography for You
SylLab Systems is proud to announce the release of the SylLab encryption API. This API is the first in a range of products offered under the Cryptography as a Service paradigm. As companies struggle with applying complex cryptography directly, it only makes sense to let the experts deal with encrypting the data. SylLab API clients can focus on their business logic, and simply make an API call to encrypt and store data. Optionally, data storage can also be dealt with by the client, allowing integration with existing software or third-party solutions.
Changing the Economics of Attack Vectors
Figure 1: Traditional Blanket Encryption
Most encryption systems blanket-encrypt data by securing all data with the same key, for example, by encrypting a file storage system or a whole database. Some systems improve on this by at least providing each user with their key for securing data. We go one step further: the SylLab API provides a separate key for all individual data items. This means that whenever you send a block of data, usually a fil, to the service, the underlying key management system generates a new encryption key.
The SylLab API uses state of the art encryption. Based on 256-bit AES encryption, the underlying system uses an underlying key management system to isolate stored keys.
Figure 2: SylLab High-granularity Encryption
This not only provides better security, but it also removes the incentive for large scale attacks. A worst-case scenario data breach would provide the attacker with a single data item, which means that it simply does not make economic sense for most hacker groups to launch an attack with the goal of selling data on the black market.
Auditing and Compliance
One of the key aspects of privacy regulations is for the user to have control over who has access to their data at which time. Another aspect is this information being provided to users and regulators alike. For example, the above-mentioned HIPPA standard for medical records states that an auditable record of full data access history has to be available. To facilitate this, the SylLab API provides an easy to use dashboard for data-analytics, showing the users, which records have been accessed by whom and at which time. This makes it easy for SylLab customers to build complaint systems that place the user at the center of access control and provide all the necessary information to provide auditable records.
Even without the compliance aspects, the advanced data visualization of the SylLab dashboard allows organizations to gain important insights into their data usage and access patterns, that can help to optimize their systems in many ways.
The SylLab Crypto-Ecosystem
In the modern connected world, encryption has become the base layer required for any type of data storage and online interactions in general. The SylLab API encryption is our first step to building a full encrypted enterprise ecosystem, in which companies don’t have to worry about complex cryptographic protocols and just use convenient building blocks to construct secure systems. Our current release focuses on secure and granular encryption services that can be used to build compliant systems. In phase two we will add built-in access management primitives to the system. For the future, we envisage a complete ecosystem of APIs and components that cover all aspects of enterprise computing.