Matomo

Application level encryption solutions

🇺🇦 We stand with Ukraine, and we stand for Ukraine. We offer free assessment and mitigation services to improve Ukrainian companies security resilience.

Solution

Application level encryption solutions

Many security risks cannot be mitigated with encryption at-rest or TLS, and require encrypting the data inside the applications. Application level encryption (ALE) is relevant for software products that store or process sensitive data. ALE makes implementing regulatory compliance requirements easier, as sensitive data is processed as an encrypted blob until used.

Application level encryption can come in different forms, depending on the use case: client-side encryption, server-side encryption, end-to-end encryption (no secrets and keys are available for the intermediate servers), field level encryption (only certain fields are encrypted), and their combinations. The main concept is that data is encrypted inside the application, independent of data-in-motion and data-at-rest encryption.

Challenges that require
application level encryption

//

Zero trust infrastructures

//

Insiders risks

//

Defence in depth

//

Developer satisfaction and compliance

Modern application level encryption solutions

Data encryption proxy

Client-side encryption SDK

Encryption-as-a-service

Application level encryption software and services

Acra

Acra

Acra offers a field level and searchable database encryption which is easy-to-integrate in already-built infrastructures. Acra works with SQL and NoSQL databases. Acra gives transparent field level encryption proxy and encryption-as-an-API service.

Read more
Themis

Themis

As a high-level cross-platform cryptographic library for mobile, web, and server platforms, Themis helps to integrate application level encryption fast and easy. It solves 90% of typical data protection use cases that are common for most apps.

Read more
Searchable encrypted fields

Searchable encrypted fields

Searching over encrypted text is possible but limited, and it puts pressure on security (inference attacks), performance, storage, etc. While different searchable encryption schemes exist, only few of them are industrial-proven, like blind index based search in Acra and deterministic encryption search in MongoDB.

Read more
Custom application encryption schemes

Custom application encryption schemes

Application level encryption often works in combination with other data security controls: data masking, tokenisation, anonymisation, and segmentation – we suggest the most suitable data security methods and their combinations to achieve best security / performance results.

Read more
Security engineering

Security engineering

Encryption never comes alone. We will advise you on data migration, key management, designing application level encryption flow, implementing certain security features, assessing your product, verifying its security properties, and providing actionable advisory on improvements.

Read more
Security advisory

Security advisory

We offer security advisory to ensure your high level security goals are transformed into a clear roadmap. Our security managers and auditors assist with maintaining and formulating security procedures that bring pragmatic and compliance benefits.

Read more

Application level encryption
in use #

Application level encryption becomes a security boundary for data, shifting from "protect the data where it's stored" to "protect the data whenever it exists". Sensitive data fields are encrypted before stored in the database, and decrypted on read. Let's look at the example of the user model with and without field level encryption.

  • {
      "created_at": "2022-07-01T13:37:31.415926+00:00",
      "id": "a6fd0d25-3a7f-43df-b6d1-405994fd203a",
      "wallet_id": "db0f0466-d481-465b-9b9c-167c17be6ed4",
      "name_first": "Emmanuel",
      "name_last": "Goldstein",
      "name_middle": "Lillard",
      "name_prefix": "Mr",
      "ssn": "9246725420",
      "passport_number": "KI133771RE",
      "country_code": "UK",
      "email": "c3r34l_k1ll3r@cossacklabs.com"
    }
    
  • {
      "created_at": "2022-07-01T13:37:31.415926+00:00",
      "id": "a6fd0d25-3a7f-43df-b6d1-405994fd203a",
      "wallet_id": "db0f0466-d481-465b-9b9c-167c17be6ed4",
      "name_first": "<encrypted>",
      "name_last": "<encrypted>",
      "name_middle": "<encrypted>",
      "name_prefix": "<encrypted>",
      "ssn": "<encrypted>",
      "passport_number": "<encrypted>",
      "country_code": "UK",
      "email": "c3r34l_k1ll3r@cossacklabs.com"
    }
    

Additional relevant materials

Have a question? Get a human to answer it!

How we make a difference

Reduce business risks with consulting

Fast time to solution

Support of regulations and procedures

Flexible key management

Frequently Asked Questions

What’s the difference between application level encryption and network encryption?

Application level encryption vs database encryption?

What regulations require application level encryption?

For innovators, by innovators

We've started Cossack Labs to develop new tools and methods for protecting the data and enabling novel solutions to emerging problems — so that at the edge of your innovation, you’ve already got fitting tools handy.

Contact us

There are many ways we can help: with our products, bespoke solutions, and engineering services. Leave your contact information to connect with our team:

Contact us

Get whitepaper

Thank you!
We’ve received your request and will respond soon.