Matomo

Modern data security solutions | Cossack Labs

🇺🇦 We stand with Ukraine, and we stand for Ukraine. We offer free assessment and mitigation services to improve Ukrainian companies security resilience.

Cossack Labs
search
Solution

Modern data security solutions

The default state of sensitive data should always be "encrypted unless it is part of an active computation" (Ten Commandments of Software by the US Department of Defense). In 2022, enabling the “data at rest encryption” checkbox and using TLS are not enough to call it “a data security system”.

Modern data security layer allows to keep data encrypted but searchable, anonymized for BI teams, and available for authorized users. We have been building various data security solutions since 2014 to keep data highly usable, software products fast and efficient, and business flows uninterrupted.

Typical challenges with data security

//

Developers are not crypto engineers

For many developers, cryptography is terra incognita: trial and error approach leads to improper cryptographic choices, using low entropy secrets, storing keys poorly, or even home-brewing their own crypto.

//

Key management is hard

Key management flow is more than "how to generate keys and where to store them". It depends on tech stack, product UX, key rotation, revocation and incident response policies, regulations and compliance.

//

Compliance is vague

There is a growing gap between the general compliance demands — which cannot be implemented by a standardised checklist — and the practical implementation efforts. Crypto export regulations and compliance demands are quite far from the capabilities of modern crypto.

//

Attackers are not a myth

Cryptographic Failures is #2 of OWASP Top10 2021. Practical and exploited crypto-related bugs are everywhere: padding oracle, DROWN, CRIME, Lucky Thirteen, ROCA, and many more.

Modern data security solutions

Novel methods to make crypto more usable

Approaches like searchable encryption (encryption that allows searching for data without decrypting it), format preserving encryption, homomorphic computations, zero-knowledge proofs, PQC, and so on.

See Acra

Anonymisation and tokenisation

Encryption, anonymisation, and tokenisation can work together for better flexibility and security of data processing. Privileged applications receive data in plaintext, while non-privileged ones receive pseudonyms.

See Acra

Application level encryption

ALE with deep data-flow integration becomes a new standard. Client-side (like in MongoDB) or server-side (like in Acra) encryption allows to encrypt sensitive data fields before storing them in the database.

See Acra

Our offerings

// Data security software

Acra

A DATABASE SECURITY SUITE
Acra makes field level encryption and searchable encryption easily integrated into existing infrastructures. Acra allows encrypting database fields “on the fly” without changing code, while Acra’s Data firewall and Anomalies Detection protect against suspicious activity.
Read more

Themis

A CROSS PLATFORM CRYPTO LIBRARY
As a high-level cross-platform cryptographic library for mobile, web, and server platforms, Themis helps to integrate application level encryption fast and easy. It solves 90% of typical data protection use cases that are common for most apps.
Read more

Hermes

END-TO-END SECURE DATA STORAGE
A security framework for end-to-end encrypted data flow. Hermes provides cryptographically protected data processing and data collaborating without the need to re-encrypt an excessive amount of data.
Read more

To be announced

There’s something we’re preparing to address new data security challenges – Please stay tuned for further announcements.
Check available products

// Custom design and implementation

Custom data security engines

Data security is not just encryption: masking, tokenisation, anonymisation, compartmentalisation and segmentation – we suggest the most suitable security engineering techniques aimed at protecting different types of data.
Read more

Multi-layered protections

Cryptography doesn't work alone. Typically, implementing data security requires integration with other security controls: cross-services authentication, API hardening, PKI, access control, audit logging, effective backups.
Read more

Searchable encryption

Apart from searchable encryption in Acra, we’ve dealt with various searchable encryption schemes from blind indices and bloom filters to homomorphic encryption.
Read more

// Consulting

Auditing and reviewing

We do security audits and review designs of existing implementations to give you a picture of how your application protects sensitive data, APIs, performs authentication, attest devices, etc.
Read more

SSDLC

We help teams set up and improve the SSDLC for application development. We assist in prioritising and implementing security features, suggest automated tools and follow the latest security guidelines and regulations.
Read more

Product security strategy

It's tricky to correlate security matters to your product growth plan when you're aspiring for a business. Good security strategy mitigates cybersecurity risks without compromising on the usability and flexibility of your solutions.
Read more

Relevant customer story

Protecting telemetry data of power grids
Protecting telemetry data of power grids Critical infrastructure

Industrial

Protecting telemetry data of power grids

Protecting data signals transmitted over the air between power distribution stations and central dispatch system.

Read story

Have a question? Get a human to answer it!

How we make a difference

Extensive experience and expertise

As a cryptographic R&D team, we're engaged in building custom data security controls in various contexts. We've gained extensive expertise in learning practical threat models and failure scenarios and mitigating them with sound security controls.

Security for unique cases

We build data security layers for complicated use cases: encrypted CRDT-based data collaboration, multi-device & multi-user synchronisation, DRM-like protections for TensorFlow ML models, UX-friendly security for apps that work on millions of devices.

Transparent to you, transparent to users

We build security measures to mitigate core threats of your product, without causing a headache of your developers, without delaying releases' schedule or ruining UX for your users.

Built to last

Our work is based on maintainability, backwards compatibility, and support. Your encrypted data will never be lost because of the outdated npm package.

For innovators, by innovators

We've started Cossack Labs to develop new tools and methods for protecting the data and enabling novel solutions to emerging problems — so that at the edge of your innovation, you’ve already got fitting tools handy.

Contact us

There are many ways we can help: with our products, bespoke solutions, and engineering services. Leave your contact information to connect with our team:

Relevant blogposts

Defense in depth security strategy based on data encryption

Defense in depth security strategy based on data encryption

Defence in depth approach to building secure apps explained with the help of Acra encryption suite.

Acra 0.90.0: application level encryption and searchable encryption for any SQL and NoSQL databases

Acra 0.90.0: application level encryption and searchable encryption for any SQL and NoSQL databases

Acra Community Edition 0.90.0 – database security suite for SQL and NoSQL databases, which comes with application level encryption, searchable encryption, and encryption-as-a-service API available for any developer.

Audit logs security: cryptographically signed tamper-proof logs

Audit logs security: cryptographically signed tamper-proof logs

Why crypto signed audit logs are essential for security software and how we’ve built-in secure audit logging in Acra for defense in-depth.

Contact us

Get whitepaper

Thank you!
We’ve received your request and will respond soon.