eperi Encryption Gateway
eperi provides an encryption gateway for data stored in the cloud, based on a unique flexible approach based on templates that specify which data should be encrypted and how. Combined with built-in indexing capabilities, the product enables fully transparent and infinitely extensible end-to-end cloud data encryption with out-of-the-box support for popular SaaS applications.
eperi GmbH is a privately-held security software vendor headquartered in Darmstadt, Germany. Founded in 2003, the company has over 14 years of experience in security consulting, implementing custom projects and designing security frameworks for large enterprise customers in Germany and other European countries. A deep background in encryption and key management, significant customer experience, and a decade of collaboration with the German Federal Office for Information Security (BSI) have culminated in eperi’s unique and innovative universal encryption gateway technology, which provides transparent data encryption for databases, file stores, web applications, and cloud services via configurable templates. Currently, eperi serves over 100 enterprise customers and government agencies and is actively expanding to new geographical markets.
As organizations continue to expand their adoption of cloud services for obvious business reasons like improved flexibility and scalability, reduced time to market, and cost savings, protecting their sensitive data across a large number of SaaS platforms is becoming increasingly complicated. For heavily regulated industries, security and data protection have been the largest barriers to cloud adoption for years, but with the upcoming General Data Protection Regulation’s significantly tightened compliance controls and massive penalties for violations, protecting sensitive data in the cloud is becoming mandatory for every organization.
Although most SaaS vendors provide their own encryption capabilities, they are not focusing on protecting their customer’s data from unauthorized access – that is still the responsibility of the data controller, that is, the customer themselves. Only end-to-end encryption or tokenization where sensitive data never even leaves the premises without pseudonimization can guarantee that it won’t be compromised even in the case of a data breach or as a result of malicious insider activities. This approach also greatly reduces the GDPR compliance scope and guarantees that full sovereignty control of the sensitive data remains in the hands of the data controller.
A number of cloud data encryption solutions are currently available on the market, however only a handful of them are fully implementing the Privacy by Design principle mandated by the GDPR by ensuring that only the customer has control over the encryption keys. And, even among those, out of the box support for SaaS services is usually limited to a few popular applications based on product-specific APIs. Another major drawback of conventional end-to-end encryption solutions is that they may limit or completely break important functionality of the host application: since the SaaS service no longer has access to unencrypted data, functions like searching, filtering, analyzing and reporting can be significantly limited. While homomorphic encryption methods, which in theory should allow such operations directly on encrypted information, remain largely an area of academic research, compromises must be made by utilizing weakened encryption or leaving parts of the data unprotected.
eperi’s answer to these challenges is a fully transparent encryption gateway technology, which not only comes with support for over 30 popular SaaS applications, but can be extended to support any web application or cloud service with custom templates that can be developed by partners or even customers themselves. Since the eperi Gateway maintains an index of all the data passing through it, it can take over the searching and sorting operations transparently for both SaaS applications and their users, thus retaining full SaaS application experience combined with end-to-end encryption.