NEW! Download Gartner® Report: How to Improve and Optimize Retrieval Augmented Generation Systems. Get Started.
NEW! Download Gartner® Report: How to Improve and Optimize Retrieval Augmented Generation Systems. Get Started.
NEW! Download Gartner® Report: How to Improve and Optimize Retrieval Augmented Generation Systems. Get Started.
Protect Your Data — and Your Reputation — on Elasticsearch
Protect Your Data — and Your Reputation — on Elasticsearch
Protect Your Data — and Your Reputation — on Elasticsearch
June 21, 2018
June 21, 2018
June 21, 2018
Take a prevention-first approach with end-to-end encryption.
Take a prevention-first approach with end-to-end encryption.
Take a prevention-first approach with end-to-end encryption.
Elasticsearch is a fast, open source search and analytics engine for structured and unstructured data. It’s a great way to store and search large volumes of Personally Identifiable Information (PII). But the headlines are disturbing.
Elasticsearch is a fast, open source search and analytics engine for structured and unstructured data. It’s a great way to store and search large volumes of Personally Identifiable Information (PII). But the headlines are disturbing.
Elasticsearch is a fast, open source search and analytics engine for structured and unstructured data. It’s a great way to store and search large volumes of Personally Identifiable Information (PII). But the headlines are disturbing.
A few days later, security researchers discovered more than 4TB of data that seems to have come from two US-based data enrichment companies on an open Elasticsearch server. It appears the leaky Elasticsearch database was not password protected. Oh, the irony.
A few days later, security researchers discovered more than 4TB of data that seems to have come from two US-based data enrichment companies on an open Elasticsearch server. It appears the leaky Elasticsearch database was not password protected. Oh, the irony.
A few days later, security researchers discovered more than 4TB of data that seems to have come from two US-based data enrichment companies on an open Elasticsearch server. It appears the leaky Elasticsearch database was not password protected. Oh, the irony.
Elasticsearch Security
Elasticsearch Security
Elasticsearch Security
Elasticsearch offers encryption at rest (on disk) and in transit (between servers). So why are these data breaches so common?
Elasticsearch offers encryption at rest (on disk) and in transit (between servers). So why are these data breaches so common?
Elasticsearch offers encryption at rest (on disk) and in transit (between servers). So why are these data breaches so common?
There are a couple of reasons:
There are a couple of reasons:
There are a couple of reasons:
#1 Elasticsearch does not allow you to search data while it’s encrypted. “In order to search the data, you have to decrypt it — even if just temporarily,” explains Timo Selvaraj, co-founder and VP of product management at SearchBlox. “This, of course, compromises security.”
#1 Elasticsearch does not allow you to search data while it’s encrypted. “In order to search the data, you have to decrypt it — even if just temporarily,” explains Timo Selvaraj, co-founder and VP of product management at SearchBlox. “This, of course, compromises security.”
#1 Elasticsearch does not allow you to search data while it’s encrypted. “In order to search the data, you have to decrypt it — even if just temporarily,” explains Timo Selvaraj, co-founder and VP of product management at SearchBlox. “This, of course, compromises security.”
#2 Unprotected apps running on top of your Elasticsearch clusters pose security risks. “Take Kibana, for instance,” explains Selvaraj. “Kibana is an open source analytics and visualization platform. It’s browser based and fetches data from your Elasticsearch databases so you can do advanced analysis on the data, and then present it visually with charts, tables and maps.” Although admins can securely configure Kibana, he explains, many don’t do it properly and there isn’t sufficient security baked in.
#2 Unprotected apps running on top of your Elasticsearch clusters pose security risks. “Take Kibana, for instance,” explains Selvaraj. “Kibana is an open source analytics and visualization platform. It’s browser based and fetches data from your Elasticsearch databases so you can do advanced analysis on the data, and then present it visually with charts, tables and maps.” Although admins can securely configure Kibana, he explains, many don’t do it properly and there isn’t sufficient security baked in.
#2 Unprotected apps running on top of your Elasticsearch clusters pose security risks. “Take Kibana, for instance,” explains Selvaraj. “Kibana is an open source analytics and visualization platform. It’s browser based and fetches data from your Elasticsearch databases so you can do advanced analysis on the data, and then present it visually with charts, tables and maps.” Although admins can securely configure Kibana, he explains, many don’t do it properly and there isn’t sufficient security baked in.
A Prevention-First Approach
A Prevention-First Approach
A Prevention-First Approach
Enterprise infrastructure consists of tens of thousands of cloud resources. Each one creates opportunities for leakage. All it takes is one improperly secured Elasticsearch endpoint (port 9200) to expose millions of records of PII. So modifying the security of a single Elasticsearch server — even for a legitimate reason, even just for a moment — is unacceptable.
Enterprise infrastructure consists of tens of thousands of cloud resources. Each one creates opportunities for leakage. All it takes is one improperly secured Elasticsearch endpoint (port 9200) to expose millions of records of PII. So modifying the security of a single Elasticsearch server — even for a legitimate reason, even just for a moment — is unacceptable.
Enterprise infrastructure consists of tens of thousands of cloud resources. Each one creates opportunities for leakage. All it takes is one improperly secured Elasticsearch endpoint (port 9200) to expose millions of records of PII. So modifying the security of a single Elasticsearch server — even for a legitimate reason, even just for a moment — is unacceptable.
Keyword search simply matches what a user types into a search bar with the data in a document. While that was revolutionary in 1994, here’s what distinguishes cognitive search today.
Keyword search simply matches what a user types into a search bar with the data in a document. While that was revolutionary in 1994, here’s what distinguishes cognitive search today.
Keyword search simply matches what a user types into a search bar with the data in a document. While that was revolutionary in 1994, here’s what distinguishes cognitive search today.
That’s why you have to take a prevention-first approach,” explains Selvaraj. “That’s why we created a novel solution for searching encrypted PII stored in Elasticsearch.”
That’s why you have to take a prevention-first approach,” explains Selvaraj. “That’s why we created a novel solution for searching encrypted PII stored in Elasticsearch.”
That’s why you have to take a prevention-first approach,” explains Selvaraj. “That’s why we created a novel solution for searching encrypted PII stored in Elasticsearch.”
"
"
"
SearchBlox Enterprise Search’s Data Privacy Module
SearchBlox Enterprise Search’s Data Privacy Module
SearchBlox Enterprise Search’s Data Privacy Module
SearchBlox Enterprise Search offers a Data Privacy Module that allows you to search data while it’s still protected with AES-256 encryption. Every user can search the data, but only privileged users can see the decrypted PII information.
SearchBlox Enterprise Search offers a Data Privacy Module that allows you to search data while it’s still protected with AES-256 encryption. Every user can search the data, but only privileged users can see the decrypted PII information.
SearchBlox Enterprise Search offers a Data Privacy Module that allows you to search data while it’s still protected with AES-256 encryption. Every user can search the data, but only privileged users can see the decrypted PII information.
If an unauthorized user somehow gains access to the server, they’ll only see encrypted data — data they can’t do anything with.
If an unauthorized user somehow gains access to the server, they’ll only see encrypted data — data they can’t do anything with.
If an unauthorized user somehow gains access to the server, they’ll only see encrypted data — data they can’t do anything with.
Data Before Encryption
{
credit_card : "1234123412341234”,
ssn : “123-45-1234",
date_of_birth : "10-10-1950",
address : "123, Hot Springs Lane, Newcity, AA 12345”,
name : "John Doe"
}
Data Before Encryption
{
credit_card : "1234123412341234”,
ssn : “123-45-1234",
date_of_birth : "10-10-1950",
address : "123, Hot Springs Lane, Newcity, AA 12345”,
name : "John Doe"
}
Data After Encryption
{
deid_credit_card : “aksjdhf12akjshepiu23nda2134n2,m3en2;kj3sh1k2m3neskj2n3eskjn123esdsm,cfn;2oie4r”,
deid_ssn : “sdkjfn,m3en2;kj3sh1k2m3neskj2n3eskjn123esdsm,cfn;2oir”",
deid_date_of_birth : “askjdfn;wkejyrx;ak dns;kj2swejflwkfnlwrknfewlrr",
address : "123, Hot Springs Lane, Newcity, AA 12345”,
name : "John Doe"
}
Data After Encryption
{
deid_credit_card : “aksjdhf12akjshepiu23nda2134n2,m3en2;kj3sh1k2m3neskj2n3eskjn123esdsm,cfn;2oie4r”,
deid_ssn : “sdkjfn,m3en2;kj3sh1k2m3neskj2n3eskjn123esdsm,cfn;2oir”",
deid_date_of_birth : “askjdfn;wkejyrx;ak dns;kj2swejflwkfnlwrknfewlrr",
address : "123, Hot Springs Lane, Newcity, AA 12345”,
name : "John Doe"
}
The PII on the left will look like the data on the right to an unauthorized user.
The PII on the top will look like the data on the bottom to an unauthorized user.
This kind of functionality,” Selvaraj explains, “is extremely important to our government, healthcare and financial services clients.” SearchBlox Enterprise Search offers this capability out-of-the-box, so you can rest assured that you’ve got an end-to-end solution that enables you to leverage the power of Elasticsearch without compromising your customers’ data.
This kind of functionality,” Selvaraj explains, “is extremely important to our government, healthcare and financial services clients.” SearchBlox Enterprise Search offers this capability out-of-the-box, so you can rest assured that you’ve got an end-to-end solution that enables you to leverage the power of Elasticsearch without compromising your customers’ data.
This kind of functionality,” Selvaraj explains, “is extremely important to our government, healthcare and financial services clients.” SearchBlox Enterprise Search offers this capability out-of-the-box, so you can rest assured that you’ve got an end-to-end solution that enables you to leverage the power of Elasticsearch without compromising your customers’ data.
"
"
"
Stay out of the headlines with SearchBlox Enterprise Search.
Stay out of the headlines with SearchBlox Enterprise Search.
Stay out of the headlines with SearchBlox Enterprise Search.
Enhance your users’ digital experience.
We build AI-driven software to help organizations leverage their unstructured and structured data for operational success.
4870 Sadler Road, Suite 300, Glen Allen, VA 23060 sales@searchblox.com | (866) 933-3626
Still learning about AI? See our comprehensive Enterprise Search RAG 101 and ChatBot 101 guides.
©2024 SearchBlox Software, Inc. All rights reserved.
Enhance your users’ digital experience.
We build AI-driven software to help organizations leverage their unstructured and structured data for operational success.
4870 Sadler Road, Suite 300, Glen Allen, VA 23060 sales@searchblox.com | (866) 933-3626
Still learning about AI? See our comprehensive Enterprise Search RAG 101 and ChatBot 101 guides.
©2024 SearchBlox Software, Inc. All rights reserved.
Enhance your users’ digital experience.
We build AI-driven software to help organizations leverage their unstructured and structured data for operational success.
4870 Sadler Road, Suite 300, Glen Allen, VA 23060 sales@searchblox.com | (866) 933-3626
Still learning about AI? See our comprehensive Enterprise Search RAG 101 and ChatBot 101 guides.
©2024 SearchBlox Software, Inc. All rights reserved.