Solution Brief: Secure Data as a Service (SDaaS)
Many of today’s cloud deployments are focused on creating real-time analytical capabilities based only on data retained for periods of one or two years before it is archived or stored elsewhere. The need to archive data is often driven by system performance, analytical platform costs, etc. BOHH’s Secure Data as a Service (SDaaS) enables both current and historic data to be securely accessed and leveraged, so that the value/insight within all of a company’s data assets can be used to drive better informed decision-making and/or to drive greater competitive advantage.
The global markets include both enterprise customers and vendors who are focused on increasing their Cloud deployments or revenues; however, enterprise accounts and government departments still have realistic concerns over data security. BOHH Labs’ data privacy philosophy is to provide fast and secure access to data without any impact to user experience.
Traditionally, on premise data center deployments offer the security controls that meet both corporate and regulatory governance. However, the Cloud and demand for Cloud deployments challenge enterprises on how to best maximize IT operational budgets in order to protect innovation budgets and maximize the ability to implement strategic change. In addition, enterprises must comply with global regulations such as the General Data Protection Regulation (GDPR) that goes into effect on May 25, 2018 and is applicable to all global companies who store European customer data. Under this new regulation, data breaches will have significantly higher financial fines than those in place today, as well as protocols on breach notifications. Data breach fines will be a minimum fine of €20M or 4% of global revenues, which will impact financial performance, executive roles, and if severe, business continuity or existence. An example of the potential impact GDPR can have on major companies is Facebook’s recent scandal with Cambridge Analytica gaining unauthorized access to millions of users’ personal information. The company has lost almost $100 billion in market value and may face huge fines from the pending federal inquiry into the data exploitation scandal.
Cloud vendors and software companies are offering license models that allow on premise licenses to be used (often at no additional cost) on their Cloud platform or approved third-party platforms; however, adoption is lower than expected. New companies and startups are structured to benefit from Cloud services, whereas mature/legacy enterprises face more challenges to gain the operational and cost advantages of the Cloud and integrating deployments to their infrastructures already in place. Today the market offers: Infrastructure as a Service (Iaas), Platform as a Service (PaaS), and Storage as a Service (SaaS). These capabilities enable companies/enterprise customers to have greater infrastructure and development control with operational cost savings. However, these do not provide data privacy and secure access to retained data which enterprise accounts need.
It’s time to move from a phase of discovery and understanding what data is available and what it is worth to one of insights and action. “First movers” are already making the shift and using data analytics to help drive decision-making. But, as digital ecosystems expand, so does the importance of establishing strong levels of digital trust. Strong risk management and data integrity systems can help companies avoid breaches and better manage disruption to operations. BOHH creates a new market with a Bring Your Own Data/Storage capability.
Under GDPR, the burden of compliance does not just lie with the customer but also the Cloud service provider. This means any company using a third-party Cloud service provider to either run Cloud-based applications, store, collect or access customer information, will rely on its service provider in achieving GDPR compliance.
Services Available Today
Cloud Computing – SaaS is a business model in which a large company rents space in their storage infrastructure to a smaller company or individual. In the enterprise, SaaS vendors are targeting secondary storage applications by promoting SaaS as a convenient way to manage backups and archive data. The key advantage to SaaS for enterprises is cost savings – in personnel, in hardware and in physical storage space.
What is missing is secure storage of real-time (not back-up) data, which is being increasingly requested and continually accessed by enterprise users.
Ground breaking BOHH’s Secure Data as a Service (SDaaS)
BOHH Labs is introducing a new, unique capability to the enterprise Cloud market, Secure Data as a Service, which offers databases or specific file security that businesses desperately need. This enables on premise deployments to actively prioritize applications, databases or infrastructure to a lower cost, and secure cloud deployment without impacting user access. Companies can choose which data to store with full knowledge of data confidentiality/ sensitivity – Bring your own Data/ Storage.
While the market has various related offerings: public Cloud, IaaS, PaaS, etc., secure data storage is not available. BOHH offers Secure Data as a Service which delivers:
- Low latency – Zero Downtime by implementing SDaaS alongside existing infrastructure and applications which reduces time to market
- High Performance – Ultra Secure
Example use cases
- Historic contract or transaction record: A new salesperson has joined a company and a long-standing customer’s data over 24-months has been stored, but the salesperson is unable to access historic sales records, contacts, contract term etc. A customer is querying one of their contractual terms on an order placed over three years ago, which needs answering quickly before it is escalated to management as a customer complaint. BOHH’s SDaaS allows the salesperson to securely access legacy data (contract and details on an order placed over three years ago) to quickly respond to the customer to resolve their query.
- Historic component data: A manufacturing company has access to real-time analytics on existing parts; however, a long-standing component has a reported issue that is believed to have occurred previously. As data over three years old has been stored offline to reduce operational costs, the quality assurance team is unable to validate if the issue is new or has re-occurred. BOHH’s SDaaS allows the manufacturer to access legacy data and verify if the component issue (using part number, performance statistics etc.) has happened before. If so, they can compare historic data to identify a trend or solution.
- Supplier query requires data from recently acquired company: A supplier with a long-standing relationship with a global manufacturer acquired another component manufacturer over three years ago to enhance its product range. As part of the manufacturer’s annual mandatory inspection process, the supplier has been asked to supply inspection data for the last five years. The acquired company data has been retained separately and is not accessible. BOHH’s SDaaS enables the users secure access to this data to help complete the inspection process by the inspection deadline.
The changing market
The global software vendor market is challenging, and traditional database companies, i.e. Oracle, SAP, IBM etc., are focused on their Cloud strategies with varying degrees of success. New Cloud or X as a Service (subscription) vendors are winning new business entrants, but not enabling global enterprises – Financial Services, Telecommunications, and Government etc. to fulfil their Cloud Migration objectives, due to a lack of secure data storage without impacting user access.
Traditional database vendors and their Cloud focus
The growth of Open Source platforms centered on Hadoop distributions, Cloudera, Hortonworks, MapR etc., has helped enterprises to move into Cloud data analytics, but performance and security are prohibitors. Low cost hardware is not the most cost-effective way to manage and provide data access to users.
Summary of distributed file system and object storage vendors
Database-as-a-service (DBaaS) has become critical for organizations to support new and growing data management requirements. These platforms provide faster provisioning, unlimited elastic scale, and continuous availability to drive innovation and growth. Analyst firm Forrester identified the 13 most significant DBaaS vendors — Amazon Web Services (AWS), CenturyLink, Citus Data, ClearDB, EnterpriseDB, Google, IBM, Microsoft, MongoDB, Oracle, Rackspace, Redis Labs, and SAP — and researched, analyzed, and scored them against 30 criteria.
Nevertheless, the above vendors are struggling to provide secure storage, which is essential for regulated and federal governments. BOHH Labs is uniquely positioned to open and create a new market revenue opportunity.
Typical pricing model for Cloud storage:
- Data storage: charged by Terabyte stored monthly
- Network usage: charged for accessing and moving data
- Operations usage: charged per analytics query
- Retrieval and early deletion fees: applicable only for data stored in offline storage
Why is Secure Data as a Service needed?
Cloud adoption is not increasing as quickly as vendors and enterprise customers would like. New market entrants create agile businesses that are catered for by today’s Cloud vendors; however, mature enterprise/federal accounts are struggling to gain the financial benefits (economies of scale) available via Cloud, as they need to maintain existing data center security protocols.
If you could secure all your databases with a proven encrypted, secure platform, while providing your users with real-time data access, why wouldn’t you move to Secure Data as a Service?
Use case example: A global financial company is unable to move its client data into the Cloud over security concerns. The financial challenge of the business is looking for significant operational IT savings and the closure of many regional data centers. With BOHH’s data privacy approach, specific customer-related tables or files can be masked/encrypted in BOHH’s Secure Data as a Service platform with knowledge that the customer data, such as PCI, can only be access by approved users. Migrating data using BOHH’s secure data service enables the enterprise to meet its security requirements and safely embark on a Cloud strategy, which will reduce business operational costs.
Why Secure Data as a Service?
- Secure data storage charged for on a consumption model – Provide data and pay for its storage based on volume or data retention period
- All data ownership stays with the company
- BOHH offers unique storage and encryption capabilities
- Secure Data as a Service is an agnostic platform that can integrate with other corporate applications/assets that may reside on your existing Cloud vendor of choice
- Users will retain real-time access to data
- Improve operational efficiency
- Accelerate your Cloud strategy with confidence and knowledge that all data, irrespective of sensitivity, is secure
- Enhance corporate access to information and assets
- Data access can be requested via various options: a keyboard, text-and-type from any device, and verbally with voice commands. This supports all users with a new and quick approach to securely access data based on their preferences, especially the younger generation workforce accustomed to verbally asking for information or interacting with mobile apps.
- Store and search using Natural Language Processing (NLP) – we all live in a world where we want quicker and easier access to enterprise data. Why type for information when you can ask for it? But how do we know where to search for the data and will we find the information we need?
How easy is BOHH to use?
BOHH’s NLP uses any web browser, so we can easily integrate and deploy with existing databases and applications. Additionally, our NLP uses context and key words to understand the question that is being asked, and it also initiates parallel searches across enterprise data stores (databases, email, MS SharePoint etc.) and applications to respond to the request with the right information.
How quickly can BOHH Secure Data as a Service be deployed?
Our secure platform is agnostic and enterprise performant, after the initial integration and ingestion of your data, users will not be aware of where the data resides, but will have confidence that it is secure.
How secure is BOHH’s Secure Data as a Service?
Our Secure Data as a Service is built on our security application gateway that prevents intruders from accessing unauthorized information by validating access at each stage of the journey. Our process separates out every request from the requestor, and then using a combination of patented security IP of unique key store-less end-to-end encryption, Artificial Intelligence (AI) technology, Natural Language Processing (NLP), and In-Memory Distributed Block Ledger technology, the request gets checked at all points of vulnerability: the request, processing and backend data stores. This means every data request must be validated at each of these three points before moving forward, and data only interacts with the BOHH secure server, removing direct access to the backend system so anyone coming on to the system is not able to hack their way through. All data at rest or in transit is encrypted. There is no compromise to existing applications or enterprise security deploying the BOHH service.
What BOHH’s Secure Data as a Service provides
- Maintains database structure integrity
- Maintains database search and SQL access
- Current databases can be secured and made ‘Cloud-Ready’ without exporting the entire dataset
- Connects to multiple, disparate databases and can produce a single result set
- User Applications
- No application impact – the database architecture doesn’t change, so the app is not affected
- User access
- User authentication – database and app access uniquely manages the user authentication
- Root or admin can’t access encrypted data, eliminating internal data compromise
- Data encryption
- BOHH’s server can encrypt one field or the entire database
- The encrypted field/fields are never stored unencrypted
- No key store – dynamically generated keys are based on several factors shared across the ecosystem.
- No data access or flow interruption, maintaining speed and usability
Why BOHH Labs’ unique capabilities supports Secure Data as a Service?
- Acts as the ‘middleware’ between databases and users/applications, providing the highest level of encryption for one field or the entire database
- Maintains current database structures with zero reconfiguration of current databases or existing user applications
- All sensitive data is removed from the current database
- No unencrypted sensitive data is held in the BOHH server or current database
- Database owners can have field-level access control of their data
- SQL support is maintained
- Search support is maintained, without having key stores or plain text data
- No updating of existing applications is required
- There is no ‘admin/root’ access to sensitive data
- Determine what access privileges are granted and how to enable data migration
- Database service requires less memory and processing power, less management of resources for the database itself, and controls field level access of data down to an individual or device level
Is the solution scalable?
Our solution is designed for enterprise usage and can be scaled linearly.
About BOHH Labs
We are a San Francisco-based startup that delivers unmatched security for all user access, applications, and data. Our Secure Application Gateway enables simple access to complex data securely without compromising business performance, speed, or customer accessibility. Built on a patented security IP of unique keyless encryption, Artificial Intelligence technology, Natural Language Processing, and In-Memory Distributed Blockchain Ledger, we empower organizations to securely accelerate innovative enterprise applications and cloud services, while preventing intrusion to the enterprise system.