We hear the horror stories of data leaks almost every day. Some require a sophisticated attack to gain shell access to the servers. Some happen over the web using the SQL injections in the web apps. As a result of this attack, your customer data can be dumped and personal data leaked.
Regarding database encryption, let’s face it. Most of the solutions provide a fake sense of security. Data is encrypted on the storage or disk level. In case, your website has an SQL injection, the bad actor will get your data in cleartext.
Here comes the Databunker solution. Databunker is an open-source, self-hosted, GDPR compliant, secure database for personal data or PII.
Instaed of storing your customer data in a regular database you can use Databunker.
Instead of talking with Databunker using SQL, your backend will have to call an API function to retrieve specific user details. Databunker does not have an API to enumerate all users. Databunker encrypts customer records and builds a secure search index for quick user lookup (i.e. using email, token, etc…).
Databunker is an open-source project. You can start palying with it right now. Pre-built Docker container available.
https://databunker.org/
I run privacy training for startup founders and architects. It is a free training.
Yuli Stremovsky is a world-class software and security architect. Founder of PrivacyBunker.io and DataBunker.org privacy products. Former Checkpoint, and RSA Security employee. An expert in marrying technological solutions with privacy.