Security "Bits"

How Bitglass Provides Searchable, Sortable Encryption for Cloud Apps

By Bitglass | July 21, 2015 at 2:27 PM

Video Transcript

Welcome to this edition of Glass Class. My name is Anoop, and I'll be talking about how Bitglass provides searchable strong encryption in cloud applications like Salesforce. Companies like cloud applications like Salesforce because they provide a familiar interface for users, but they do not want to compromise their sensitive data.

Typically, they look for strong encryption in the cloud, and they want to make sure that they have control of the keys that are being used to encrypt the application in the cloud. They don't want to lose any functionality provided by the cloud application. Let's walk through a simple example to see how Bitglass puts all these pieces together.

User tries to login to Salesforce. Salesforce is pre-configured to point to Bitglass as the identity provider. The user is then redirected to Bitglass for authorization. Bitglass finds that the user is authorized and then becomes a proxy for all transactions that occur between the user and Salesforce. Now any data that goes between user and Salesforce is processed by Bitglass on the way.

Let's imagine the user tries to upload some sensitive data, which typically consists of a set of words. When Bitglass receives this data it's going to encrypt it using strong encryption algorithm, and load some bulk encrypted data. Let's call it CI for this DI. Now Salesforce has been secured because Salesforce only contains strongly encrypted data, but what happened as a result is that we lost search. Because if encryption is done right, then every piece of data that goes into Salesforce should map to a unique code word.

How do we restore search? We restore search by creating a search index during the encryption phase. Typically what that would do is for every word that you see in this document or packet of data, you would keep track of all the code words that contain that word. Now when the user tries to search for some terms and issues a search where there are some words in the search, then Bitglass can look up the code words for those words and fetch that data from Salesforce, decrypt the data, and send it back to the user.

Now you have restored searchability and you get back all your functions such as search and sort that you need in order to restore a Salesforce functionality. Thanks for your attention. I look forward to seeing you in a another edition of Glass Class. Thank you.



see all