Matomo

Acra – database security suite

🇺🇦 We stand with Ukraine, and we stand for Ukraine. We offer free assessment and mitigation services to improve Ukrainian companies security resilience.

Protect sensitive data in databases and distributed applications

Acra

Protect sensitive data in databases and distributed applications

Encrypt, tokenise, and mask sensitive data, authorise and filter SQL requests in databases, between and within applications.

Fast field level encryption that works with your stack.

Data security solution that scales and adapts with your data flow

Acra blends well with your application as SQL encryption proxy, encryption-as-a-service API, API proxy, or in-app SDK. Wherever your data is, Acra is designed to be nearby, enforcing appropriate security controls on your sensitive assets.

  • tab 0 icon 1 tab 0 icon 2
    Transparent database encryption for SQL

    Transparent database encryption for SQL

    SQL Proxy sits before SQL database and encrypts/decrypts data. This design allows Acra to provide visibility to all sensitive data operations, and enforce appropriate security controls.

    Orchestrated suite of security controls

    Orchestrated suite of security controls

    Encryption, searchable encryption, data masking, tokenization, request authZ, component authN enforcement, SQL firewall, data leakage detection, audit logging service and security events automation in one suite.

    The least intrusive integration

    The least intrusive integration

    Best for introducing all of Acra’s security functions into architecture in the least intrusive way. Requires certain design decisions for scaling efficiently.

  • tab 1 icon 1 tab 1 icon 2
    Application-level encryption as API

    Application-level encryption as API

    API Service that exposes relevant Acra’s features as REST / gRPC API. Integrate API service into the same infrastructure / cloud, or move it into a protected environment. Client-side apps don’t have access to cryptographic keys.

    Security controls at API request distance

    Security controls at API request distance

    Encryption, searchable encryption, tokenization, audit logging service and security events automation at one API call distance.

    Easy to scale

    Easy to scale

    Best for running encryption/decryption at scale in stateless architectures. Requires simple application modification.

  • tab 2 icon 1 tab 2 icon 2
    Client-side encryption & decryption

    Client-side encryption & decryption

    Two client-side SDKs for encryption and decryption inside the application. Combine SDKs with SQL Proxy and API service to compartmentalize the data flow.

    Build end-to-end encryption data flows

    Build end-to-end encryption data flows

    How to build end-to-end encryption? Encrypt sensitive data locally, transmit securely to the trusted environment, decrypt locally. Combine SDKs with SQL Proxy and API service to build "partially" encrypted data flows.

    Collect data encrypted

    Collect data encrypted

    Best for collecting sensitive data outside the controlled perimeter and then transmitting it. Helps to manage load and architecture complexity efficiently.

  • tab 3 icon 1 tab 3 icon 2
    Protect any datastore

    Protect any datastore

    Embedded SDK that connects to a standalone API service to perform encryption/decryption and execute policies.

    Orchestrated suite of security controls

    Orchestrated suite of security controls

    All Acra data security features, orchestrated by control plane with policy, configuration and key management.

    Centralised security policy

    Centralised security policy

    Best for large heterogeneous infrastructures with multiple datastores.

We help the leaders to build secure systems at scale

Typical usage scenarios #

Acra can be used in many ways, yet there are several typical distinct security challenges our customers and open-source adopters choose Acra for.

Database encryption

Database encryption

Acra SQL Proxy acts like a regular SQL database, while running all the necessary security operations under the hood. Data encryption is transparent for the application.

Application level encryption

Application level encryption

Acra supports client-side or Acra-side encryption. Each data record is encrypted using unique encryption keys ("field level encryption"). You get to choose which records to encrypt.

Low-footprint security upgrade

Low-footprint security upgrade

Fast cryptography, easy deployment, quick integration and configuration, flexible customisations.
Once integrated, Acra just works.

Data security in the cloud

Data security in the cloud

Compromise of your app or cloud account won’t lead to data leakage. Sensitive data is encrypted so gaining access to the database credentials and connecting to it yields no results.

Sensitive data vault

Sensitive data vault

Acra is equipped with tools to detect data leaks, unauthorised access, and abnormal access patterns using techniques like request analysis, honey tokens, verifiable audit logs, etc.

Usable protected data

Usable protected data

Encryption, searchable encryption, masking, tokenization – use different protection methods that work best for your system’s dataflow.

More than data at rest encryption, more than TLS #

Role-based access
control (RBAC)

Database privilege abuse
  • • Violation of least-privilege (POLP)
  • • Stolen credentials

Data access restricted based on user role. Effective when configured properly and credentials are stored securely.

Network snooping, MitM
  • • Packet sniffing
  • • IP/DNS spoofing

Not addressed by this security feature

Data theft
  • • Physical access to database host
  • • Database file exposed

Not addressed by this security feature

Access to database
  • • Memory dump analysis / scraping
  • • Privileged access to database host

Not addressed by this security feature

TLS encryption

Database privilege abuse
  • • Violation of least-privilege (POLP)
  • • Stolen credentials

Not addressed by this security feature

Network snooping, MitM
  • • Packet sniffing
  • • IP/DNS spoofing

Data is encrypted for transport over a trusted network connection. Effective when TLS best practices are followed.

Data theft
  • • Physical access to database host
  • • Database file exposed

Not addressed by this security feature

Access to database
  • • Memory dump analysis / scraping
  • • Privileged access to database host

Not addressed by this security feature

FS / DB at rest
encryption or TDE

Database privilege abuse
  • • Violation of least-privilege (POLP)
  • • Stolen credentials

Not addressed by this security feature

Network snooping, MitM
  • • Packet sniffing
  • • IP/DNS spoofing

Not addressed by this security feature

Data theft
  • • Physical access to database host
  • • Database file exposed

Encrypted data on disk remains encrypted unless an attacker has access to the encryption key(s).

Access to database
  • • Memory dump analysis / scraping
  • • Privileged access to database host

In some cases if configured correctly

Acra field
level encryption

Sensitive data is encrypted on a field level.


Data stays encrypted at all times on the database host and in network transit.


The database host doesn't have access to the decryption keys or ways to decrypt data.


Even in case of leakage, all data is encrypted.


Security responsibility is shifted to Acra and key storage.

Evaluate Acra, your way.

Choose your comfortable pace: look at the code and tinker with pre-built example projects, or request a demo session with our sales engineering team.

Once integrated, Acra just works #

Industries and applications

  • Fintech, banking, and neobanks
  • Transaction processing systems
  • Critical infrastructure / CNI
  • SaaS platforms
  • Documents exchange (VDR)
  • Healthcare records exchange (EHR)
  • Industry enterprises, SCADA / ICS
  • Logistics & delivery services
  • Any apps that operate on sensitive or personal data

Benefits

  • Works with modern stack: databases, clouds, frameworks, drivers
  • Works in multiple environments
  • Pay only for set of features you use
  • Fast time to solution, streamlined operations
  • Scale and activate modules as your business grows
  • Less burden for developers and ops
  • More security risks addressed with precision and flexibility

Regulations

  • GDPR
  • PCI DSS
  • PSD2
  • FISMA
  • FFIEC
  • DPB
  • DPA encryption requirements
  • CCPA
  • HIPAA / HITECH Act
  • And others

See what's inside

Plug various Acra components where necessary or use Acra’s proxies as choke points, Acra will provide unified set of data security controls you can use across your application whenever sensitive data needs protection.

  • Read more
    Read more
    Read more
    Read more
  • Read more
    Read more
    Read more
    Read more
  • Read more
    Read more
    Read more
  • Read more
    Read more
  • Read more
    Read more
  • Read more
    Read more
    Read more
    Read more

Licensing and Pricing #

Acra Community Edition

Cryptographic data protection suite with all core security features. Best for prototyping and small-scale projects.

  • Encryption and masking
  • SQL request firewall
  • Basic intrusion detection
  • Single configuration policy
FREE

Apache 2 license, free forever for non-profit and business use.

Download Acra CEDownload Acra CE

Acra CE services

Build incrementally on open-source solution with direct assistance of its authors.

  • Assistance with deployment
  • Custom CE-based solutions
  • Custom support agreements
  • Dev team training

Pricing depends on included services and varies on a case-by-case basis. Talk to us to learn more.

See the full feature comparison table

Acra Enterprise Edition

Full spectrum of premium features for large-scale and enterprise deployments.

  • All Acra features and controls
  • Various support tiers
  • DevOps / SRE tooling
  • Policy management

Pricing depends on number of deployments and features requested. Talk to us to learn more.

Contact us

Get your Acra up and running fast with the help of engineers who built it!

Ready to start or need more information? Let’s discuss how Acra can solve your data security risks with our assistance in defining goals, integration, configuration, and deployment.

Contact us

Would you like to know more?
Leave your contacts, and our team contacts you shortly to answer questions and address concerns.

Get whitepaper

Thank you!
We’ve received your request and will respond soon.