skip to: Page Content | Links on this page | Site navigation | Footer (site information)
Call Now 1-866-328-1471
Enjoy the Benefits of SaaS without the Data Security or Regulatory Concerns

The Technology behind Virtual Private SaaS

Introduction to Virtual Private SaaS

...safe harbor provisions in laws and regulations treat lost encrypted data as not lost at all.
–Cloud Security Alliance, December 2009

 

Virtual Private SaaS (VPS) represents a revolutionary concept in SaaS application data security, whereby all sensitive SaaS application data is transparently encrypted before it is transmitted to the SaaS provider for storage and processing. Encrypted data returning to the end user within the SaaS application's responses is decrypted such that end users remain completely unaware of this process. The data is completely unreadable (and therefore meaningless) when stored and processed by the SaaS provider's servers, rendering data breaches, database theft and identity theft harmless. Regulatory compliance is ensured, as no decipherable sensitive data is stored outside the enterprise.

Unique Encryption Methods

Although employing encryption to ensure the confidentiality of sensitive data is not new, the unique aspect of this innovative solution is that even while sensitive company data is undecipherable when stored in the SaaS provider's database, application functionality is retained, including searching, sorting, report generation and field validation. This is made possible by employing unique encryption methods, based on NIST-standard encryption algorithms (such as AES), which allow the encrypted data to retain the characteristics necessary to allow the application to sort, search and validate data fields even while the data remains encrypted. Thus, no modification of the SaaS application code is required by this approach.

Reverse Proxy

This approach is made possible through the implementation of a reverse proxy which is installed between the end user's browser and the SaaS application server, either as an appliance on the enterprise LAN/WAN or as a cloud-based service. This proxy screens all communications between end user client agents and the SaaS application server and encrypts/decrypts the sensitive data elements as necessary. This ensures that all sensitive data being transmitted to the SaaS application server is encrypted and that all data returning to the end user is decrypted and fully readable. Likewise, search operations are modified by the proxy to ensure that the encrypted forms of stored data are found by the application.

Encryption Keys are Controlled by the Customer

Unlike standard database encryption, where the operator of the database controls the encryption keys, in this solution, the enterprise customer has sole control over the encryption keys. This eliminates the possibility of a SaaS provider employee or outside hacker gaining access to the decrypted contents of the data stored at the SaaS application provider.

The result of this novel approach is that enterprises may enjoy the cost and operational benefits of using the cloud, while completely eliminating data security and regulatory concerns, since all the sensitive data elements are encrypted when stored and processed by the application, and control of the encryption keys rests solely with the enterprise.

Learn More about the Technology behind VPS