The Challenge
Up until recently, customers hoping to book a luxury charter with Captain Andy’s had to go through a manual booking and check-in process. They would call in or visit the Captain Andy’s website to book their reservation, and upon arrival, check in with someone at the front desk to fill out paperwork and sign waivers.
Wanting to modernize the experience and make self-service options available to customers, Captain Andy’s decided to digitize the booking and check-in process. Their goal was to build a system that would give customers a simple, easy-to-use, all-digital experience. Customers would use their phones to scan a QR code to check in, sign forms and show their boarding bass to board their boat. They knew, however, that meant digitally storing sensitive passenger information and signatures.
Captain Andy’s deeply values the trust customers place in them. Wanting to protect their customers’ privacy and realizing that most at-rest, storage-native encryption solutions aren’t effective against modern threats, they sought out alternative approaches.
Why Amazon’s native S3 encryption wasn’t enough
The reservation management system Captain Andy’s was building would ultimately rely on Amazon Web Services (AWS) for document storage. While basic security controls could be used to ensure the S3 buckets (where the documents reside) aren’t publicly accessible and the files were encrypted in storage, the documents wouldn’t be safe from an insider threat with authorized credentials or an attacker who compromised AWS admin credentials.
This is a common design flaw in most data at-rest encryption solutions — they decrypt data for authorized users and admins, but can’t tell the difference between a legitimate admin and an unauthorized admin. So, if someone — good or nefarious — has your AWS admin credentials, S3 will serve them all your sensitive data, including customers’ personally identifiable information (PII). in the clear. Attackers know this, so they seek out and steal authorized credentials to access those systems.
In Captain Andy’s case, the business management, technical support, software, and infrastructure development teams needed access to the S3 repository to troubleshoot issues. While many needed access to this repository to do their jobs, it created more credentialed users that could become compromised. This could cause problems for Captain Andy’s should a disgruntled employee with elevated privileges try to steal and publish customer data or should an employee fall victim to a phishing scam by an advanced attacker. The same would be true if one of their third-party apps got compromised and a threat actor worked their way into S3.
In any of these instances, not only would customer information get leaked, but Captain Andy’s would be forced to disclose the breach, which could be a devastating business event.
So, Captain Andy’s software development team began to research alternative approaches and zeroed in on application-level encryption solutions, which would enable them to encrypt the sensitive data and documents before they leave the application and are sent to S3 for storage. This would result in the storage layer being unable to decrypt the data and instead only seeing ciphertext.
Outsourcing encryption to those who know it best
Like most experienced software development teams, the team working on Captain Andy’s application wanted to avoid building their own encryption solution. Encryption involves a lot of complexity that needs to be implemented properly. The developers considered leveraging open-source encryption libraries, but found numerous shortcomings: no integrated key management, some were clunky, they weren’t actively maintained, and none offered service-level guarantees or support. Plus, choosing the right encryption algorithm and key management practices in the first place can be a challenge for developers who aren’t cryptography experts, as was evidenced when A02:2021-Cryptographic Failures was named the second most common web application vulnerability.
Because Captain Andy’s appreciated the expertise required to implement cryptography correctly, they set out to find a solution that would remove the guesswork and free up developers to focus on what they do best — building applications. In the case of Captain Andy’s, they turned to Ubiq’s encryption-as-code SaaS platform.
The Solution
Ubiq’s platform enables developers to build application-level encryption quickly and safely into their applications. With a few lines of code, the developers were able to use APIs that leverage industry-standard encryption and key management to secure customer data in minutes — and it didn’t require any prior encryption expertise.
Now, the teams at Captain Andy’s can still access the S3 repository but can’t see any of the information in the customer documents because they’re encrypted at the application level. So even those with elevated access can’t see sensitive information.
Not only can Captain Andy’s rest assured that attackers with stolen credentials, or insider threats with authorized credentials only ever see ciphertext, but they didn’t need to waste weeks of developer cycles to find and design the right implementation approach. By using Ubiq, the developers were able to complete weeks of encryption work in roughly half a day. And the encryption itself is stronger and safer.
Captain Andy’s is now able to offer customers a more convenient self-service booking and check-in process, and drastically reduce the risk of data theft in the event of a security breach.
“We performed a 3rd party security assessment in environments with and without Ubiq, and it became abundantly clear that our threat model improved drastically in environments where Ubiq’s client-side application-layer encryption had been implemented.”
Lisa Fleming, Product Lead