Customer. io is an information firm. We live and also take a breath information throughout the day, everyday. As well as we understand that all our consumers are, at the end of the day, information business too– whatever market or kind of organization, information goes to the core of just how business are successful. That’s why guaranteeing the safety and security of all the information we manage is a fundamental concept of just how we construct and also run. Our file encryption approach is established on the very same reputable ideal techniques utilized among today’s significant cloud storage space suppliers.
What is information file encryption and also why does it matter?
In a nutshell, information file encryption describes the procedure of inscribing info by transforming that info, called plaintext, right into what’s referred to as ciphertext. This coded ciphertext is unreadable till a licensed event understands it, typically with an electronic trick. Whenever information is sent or saved, effective file encryption makes certain nobody can swipe your info.
Some individuals count on developing a solitary file encryption trick to secure every item of information saved in their system. This is a poor approach. Why? Due to the fact that if that trick is taken, all of a sudden the burglar has accessibility to all the information for all your consumers.
Others count on a technique in which every client’s information obtains its very own trick. This is a somewhat far better strategy, as the taken trick just threatens that client’s information. Yet the issue is if one trick is endangered, others might additionally go to danger. As well as, certainly, any type of violation suggests you require to re-encrypt all the client’s information, which can be pricey and also lengthy.
Adding a 3rd layer of defense is truly the gold requirement, which is what drives our strategy.
Customer.io’s information file encryption strategy
When we started building Data Pipelines, we wanted to relied-upon ideal techniques and also market criteria for information file encryption utilized by all the leading cloud suppliers. That’s what functions as the standard for our strategy. We make use of 3 various sorts of secrets to secure information:
- Data file encryption trick (DEK) : Made use of to encrypt/decrypt data
- Key file encryption trick (KEK) : Made use of to encrypt/decrypt DEKs and also various other KEKs
- Root key: Made use of to encrypt/decrypt KEKs
Here’s just how those secrets interact at Customer.io. Each client’s information is secured with a KEK distinct to that client. After that, the client’s information is separated right into private pieces of information; each of those items of information is secured with a distinct DEK, which is itself secured with the client’s KEK. Twisted around all of it is an origin trick that secures all the KEKs.
Let’s go through an example to see just how the file encryption approach operates in technique.
Customer.io’s file encryption: an example
Imagine that each item of information is a pearl, and also those pearls are saved in a safe with 2 areas. If a person wishes to reach among those pearls, right here’s what they’re up versus.
The door to the safe itself has a digital keypad lock. To get in the safe, you require to recognize the code to open up that lock. That lock code is the root key.
Let’s claim you recognize the code to the digital lock, so you can go into the safe. With the lax approach referenced previously, entrance right here would certainly award you with a gigantic heap of glittering pearls. Yet with Customer.io’s approach, you’ll locate on your own inside the very first of the safe’s 2 areas. No pearls anywhere. Rather, the space contains safes, each with a distinct mix lock. The private mixes are the various key file encryption secrets (KEKs) .
Currently picture you recognize the mix to among the safes, and also you open it. Do you obtain your hands on a pearl? No! What you really locate is a little gold trick– a data file encryption trick (DEK) . So you head right into the safe’s 2nd space with your type in hand.
Currently you’re welcomed by a space loaded with a number of tiny lockboxes. Yet which lockbox does the gold trick benefit?
Trial and also mistake is most likely to obtain you no place. If you take place to recognize the precise lockbox that chooses your gold trick, currently you can utilize it to open up the appropriate lockbox and also obtain a solitary pearl: the item of information.
Even keeping that pearl in hand, you’re a lengthy means from collecting adequate pearls to amount to anything. That would certainly need recognizing the mixes to much more little safes, plus recognizing which details lockboxes the secrets you locate come from.
If you’re licensed to accessibility information, you’ll have the info required to open up the 3 sorts of locks and recognize specifically which secrets open which lockboxes. Simple. Yet if you’re not licensed, you’ll locate it unbelievably challenging to obtain ahold of also one pearl.
Powerful safety and security improved ideal practices
Your information is your prize; you require to recognize that it’s constantly safe. That’s why we based our file encryption version on reputable market ideal techniques. As well as it’s why we remain to improve this structure to reinforce file encryption throughout the whole Customer.io system. So anytime we’re keeping your information in the cloud or managing your secret info, you can rely on that it’s secured tight.
Want to get more information concerning our file encryption version and also strategy to safety and security? We would certainly invite the opportunity to reveal you even more information throughout a personalized demo.