Field-level encryption with full query support: Antimatter's database proxy

by
Michael Andersen

Encrypting sensitive customer data at a field-level solves a huge range of problems for SaaS companies, from data loss prevention, to satisfying compliance requirements for financial data, to meeting customer demands for per-customer encryption.

But, as many security engineers have experienced firsthand, the roadmap to encryption is often long, complex, and painful.

SaaS code generally touches customer data in a vast number of locations throughout the codebase, and uses features of the underlying datastore (like performing a JOIN across two tables, or selecting data that matches certain criteria). Today, if you choose to encrypt sensitive customer data, you’ll need to search through the codebase to modify every line of code that touches this data, a long and arduous process. On top of that, the underlying logic will no longer work — you won’t be able to run many types of queries or JOINs that worked before the data was encrypted.

The Antimatter database proxy

Antimatter massively simplifies the encryption process, sliding between your app and the data plane with the simple insertion of a few lines of code. It also allows you to encrypt customer data at a field-level while preserving full query support, thanks to a sophisticated database proxy. With Antimatter, you can simply change your database connection settings to point to our proxy server instead of your database server — then run fast, unmodified queries on encrypted data.

Our proxy takes your unmodified query, transforms it into an appropriate query to the underlying database, and then further processes the data returned by this query to hand back a precise result.

Example database with sensitive financial data. Antimatter would encrypt all fields, but queries — even complex ones involving JOINs and aggregates — would return results as if operating on unencrypted data.

Let’s say you're a credit card processor and have an Antimatter-encrypted record of transactions for each customer. You want to display the places a given customer spends the most money for fraud detection and analytics. In SQL, this involves a SELECT, GROUP BY, ORDER BY, SUM, and potentially a JOIN. Normally with encrypted records you would have to load all transactions for this customer into the application, decrypt them, and then manually perform the summation, sorting, and joining. Using our proxy server, you can query as normal with no changes to syntax and receive the same result as you expect without encryption. If you’re curious about the mechanics, leave a comment — I’d be happy to share more.

Antimatter makes it staggeringly simple to give your customers unparalleled control of their data in your multi-tenant database. We realize this might sound impossible, or at least implausible, to engineers who have run into this problem before. But it’s real, it works — on every query, even the complex ones — and we would love to demo it for you.