Blogs

Avoiding data security breaches with FALKOR

Data stored without encryption is always at risk – as Microsoft’s recent database hack reveals. ByzGen’s CTO Terry Leonard explains how the core principles of FALKOR could help with this kind of security...
Terry Leonard
By
Terry Leonard
Read more

Data stored without encryption is always at risk. As IT security specialist Ami Luttwak from Security specialist company Wiz found out, when they discovered the vulnerability in the Microsoft Azure infrastructure that enabled them to access, modify and delete data of thousands of Azure customers. Described as ‘the worst cloud vulnerability you can imagine’, the security company found they could get access to any customer database that they wanted.

This vulnerability is proof that data stored in the cloud should be protected with end-to-end encryption at all times. When you combine that with the fact that the context of this warning is around cloud storage, then you have some real applicability to the core principles of our FALKOR platform development. FALKOR’s core principles ensure that data can be stored on the cloud with peace of mind – in a non-complex way.

The core principles of ByzGen’s FALKOR platform

Cloud first

FALKOR is a cloud first platform. Why? It can take advantage of cloud object storage and deployment services that create economies of scale for our clients, whilst increasing the control, visibility, and sharing capacity of data.

Multiple layers of encryption and valid read (decryption) processing

The usage of cloud object storage, and the type of datasets involved in our use cases, make encryption and decryption processes major principles in the development of the platform.

Our solution uses a combination of symmetric, asymmetric, and threshold encryption in order to protect and maintain the integrity of data when it’s written to, and read from the platform.

Our permission data structures that are validated and stored on the blockchain also play a part in this processing. This provides a layer for data to be transacted through, before it's moved to and from the cloud storage.

How cloud storage and multiple layers of encryption could operate within a blockchain based platform

Both cloud storage and the encryption / decryption processes can operate and integrate to the blockchain as part of the overall platform capability.

This is important as the blockchain transacts and stores a validated state and history of the data, whilst the data can be put through the encryption and stored in cloud storage.

The validated state held by the blockchain ensures the integrity of the data, tracks the versions and links between data, the permissions around the data, and enforces policies on whether the data can be written to, or read from the platform before any other encryption / decryption or cloud storage is called on. So, the combination of these components can prevent the kind of risks raised by this article about Microsoft Azure.  

The three main actions that the security experts at Wiz were able to achieve were to access, modify and delete data. But the combination of the platform principles we mention above, would have helped to prevent this.

How FALKOR could help prevent the risks raised in this article

Data cannot be accessed or decrypted from cloud storage unless its verified that the validated state of permissions held on the blockchain around the data ‘check out’. The data itself is encrypted before it’s stored, and the platform won't begin any decryption processing until there is a valid read request.

Modifications of data can’t happen unless there’s a valid update request made to the platform. The user making the request will need to exist as a “writer” within the validated state of permissions on the blockchain. Each update to data will be tracked as a new transaction on the blockchain, and therefore form part of the immutable history of that data.

  • Modifications of data can’t happen unless there’s a valid update request made to the platform. The user making the request will need to exist as a “writer” within the validated state of permissions on the blockchain. Each update to data will be tracked as a new transaction on the blockchain, and therefore form part of the immutable history of that data.
  • Deletion is not a user level action that’s possible within the platform. All history of data interactions are stored immutability on the blockchain, and data is always updated with versions tracked – as opposed to being deleted. The only process in which data is deleted from the cloud storage is in a regulatory context, whereby the data itself may need to be deleted (e.g. under GDPR). But what the platform ensures through its blockchain transactions is that there’s an immutable history of all interactions, even if the data itself is deleted.

If a secure DLT solution like FALKOR is something you’ve been exploring for your business, do get in contact with us below. We’re always happy to chat.

Contact us to arrange a chat

Find out more

We’ve helped our clients overcome critical business challenges that permeate every level of their operations. Contact us today to find out how our Blockchain solution helps reduce risk and improve efficiency in your data management system.
Contact us