Skip to content

Securing Data When Stationary

Securden is hosted as a bundle of two servers. An application layer working in tandem with a backend database. While the application layer handles the business logic, the database hosts all the information in an encrypted form.

Data encryption

All sensitive data stored in Securden is encrypted at the application level using AES 256 algorithm. This encrypted data cannot be used by anyone without the appropriate encryption key. Your data stays safe even in case of data spills.

Data segmentation for multi-tenancy

Since multiple clients connect to the central server for endpoint privilege management in the SaaS model, Securden works by allocating individual segments in the database for each customer and employs unique encryption key for each segment.

It can be considered as a model that uses a separate database for storing each customer’s data.

Amazon key management system

The unique keys used for encrypting the data are generated automatically and stored in Amazon KMS. The keys cannot be accessed by anyone outside the organization as AWS’s cloud HSM is used to secure these unique encryption keys at the time of encryption and decryption. The key is used to create a slot for the cryptographic operation and is completely stored and used in an unextractable form.

Design Highlights

  • AES-256 data encryption
  • Data segregated at the database level
  • Data integrity ensured through the use of CloudHSM