If your question isn't covered below, please get in touch and we'll do our best to help you out.
What threats does EnquoDB mitigate?
EnquoDB is designed to protect against any situation where an attacker can read stored data, without using the frontend application. Examples of methods attackers use include:
- SQL injection;
- Stolen/guessed credentials to the database;
- Accidentally leaving a database server accessible to the internet or insecure network;
- Compromising data from a developer's machine, when they're working with a dump of production;
- Stolen database backup, or accessible SQL dump.
In other words, many of the most common ways that attackers get access to sensitive data.
What threats does EnquoDB not mitigate?
That is an excellent question. Knowing what a security system won't help you with is just as important as knowing what it will do.
EnquoDB can't help in the situation where an attacker is able to convince a frontend application to give them data they shouldn't have. So, for example, if an attacker can obtain a site admin's credentials, then EnquoDB can't stop the attacker from reading data that an admin would be able to read.
Also, EnquoDB can't protect against data loss if the encryption keys themselves are compromised. For this reason, we strongly encourage the use of a HSM or cloud-based key management service to protect the keys used to encrypt and decrypt EnquoDB-protected data. This prevents an attacker from being able to obtain the keys, because they're never available!
How does EnquoDB work?
- Your application encrypts your data with keys that only it has, in a manner which allows it to be queried but not read;
- The encrypted data is stored in the database;
- When a query is made to the database, a small extension does the work of executing the query without being able to read the data itself;
- The encrypted data is returned as the query results;
- Your application decrypts the data, and uses the decrypted value as per normal.
If you're interested in the cryptographic nitty-gritty, this "How It Works" page should whet your appetite.
What is the Licence for EnquoDB?
All of the components of EnquoDB are open source, and available from The Enquo Project.
EnquoDB is an associated company that provides managed database services, support, training, and custom development services.
I'd like to resell your service, do you provide a white-label option?
We don't offer "unbranded" services. If you are a developer or digital agency that would like to refer your clients to us, please get in touch to discuss our affiliate program.
I still have questions...
No FAQ can be completely comprehensive, so if you have any more questions, please get in touch and we'll be happy to answer any remaining questions.