CASE STUDY

Protecting A Multi-tenant SaaS Application Against Data Breaches and Privacy Issues

Background

A tech company in the Information Technology (IT) services market would like to move from a product-based business model to a service-oriented model (SaaS). The company created a cloud native, multi-tenant service in which data flows from different customers, is pushed to the workloads which were moved from a monolith application to a microservices model, and using EKS and Fargate, data is stored on S3.

Each customer has its own tenant in the application and uses a front-end UI in order to access its data.

The Challenge:

The company was so focused on the transition from a monolith application to a cloud native application, that they did not address any security concerns. Some of their customers raised some challenges when they were asked to move to the SaaS application:

  • How can you make sure that your developer did not write bad code that takes our data and shares it with other tenants?
  • How can you ensure that if someone hacks another tenant or even the application itself, our data will not be exposed?
  • How can we make sure that your employees are not abusing the data?

This raised a major issue for the tech company as they did not want to rewrite the code they just finished developing – and their focus was on developing new features. Security was the least of their concerns.

As their business results were not as they expected, they were looking for a solution that would not require a heavy development investment, and that will solve the problems raised by their customers. During this time, another issue was raised: how can ensure compliance with privacy regulations like the GDPR or CCPA?

The Solution:

ARMO was able to answer all the concerns raised, including those relating to compliance with privacy regulations: without any code change, and with only minor, non-intrusive architectural changes.

ARMO was added to all the microservices that the customer uses, and the SaaS company defined an encryption key for each tenant. Using these encryption keys, ARMO’s agent encrypted each tenant’s data when it entered the SaaS service. Once a workload wanted to read the data, it obtained the agent associated with the workload, got the corresponding encryption key, and decrypted the data. This solution provides the following benefits:

  • There is no need to rewrite any microservice code
  • Encryption keys are secured while in use, using patented technology that is virtually unbreakable
  • Only ARMO’s agent (which is attached to the workload) is able to retrieve the data and encrypt/decrypt it
  • Data is encrypted with a strong encryption, and each tenant has a different key – which ensures that even if someone hacks another tenant and exposes all their data, it cannot decrypt the data
  • The workload is protected against malware. ARMO’s agent protects each workload it is attached to with advanced malware protection; it also protects the workload against file-less malware
  • As a bonus, the customer was able to define all the communication between the application microservices to be encrypted with an easy-to-define policy

Key Elements of the ARMO Solution

  1. The company attached ARMO’s micro-agent to its workload, thus ensuring that the workload is malware-protected and that the encryption keys that will be used are protected in memory using a mathematical, virtually unbreakable technique
  2. The customer assigns a key for each tenant; half of the key is in the ARMO SaaS management system, and the second half can go to each tenant (in case where the end customer behind the tenant wants to make sure that no one has the entire encryption key) – or can be stored in the ARMO SaaS management system
  3. When data arrives to the application, the application gateway authenticates the tenant, taking the appropriate encryption key and using it to encrypt the data
  4. When another workload in the application requires access to the data, it gets the keys based on the tenant ID; since it has read-only permission on the data, it will be able to read the data and pass it to another workload with a secure TLS connection

Architecture:

 


see more case studies