CipherStash - BNDRY Customer Story
"CipherStash made it easy to protect sensitive data without slowing down development. Their encryption-in-use approach helped us meet strict customer security requirements and compliance checks effortlessly. The team was incredibly responsive and great to work with throughout the entire process." — Tim, CTO of BNDRY
About BNDRY
BNDRY is the flagship product of Identitii, a publicly-traded, Australian technology company helping organisations embed risk and compliance capability into their products and services, with a particular focus on preventing financial crime.
In the tightly-regulated finance sector, privacy expectations are high and rising. CipherStash Proxy is part of the core proof that BNDRY protects sensitive customer data.
BNDRY's requirements
Protect JSONB data for Smart Forms
BNDRY's Smart Forms feature gives customers the ability to design their own forms for streamlining due diligence processes. The form definitions and the form responses are stored in JSONB format.
CipherStash Proxy supports encrypted JSONB, so BNDRY can give their customers confidence that any sensitive data they collect via BNDRY forms will be protected. Because data encrypted with Proxy is also searchable, BNDRY can offer searchable form responses to their customers, knowing that the data can be searched without decryption.
Protect customer data
BNDRY's platform enables risk teams to view sensitive customer data and decrypt this only for authorized users. With CipherStash Proxy BNDRY customers can have confidence that, even in the decrypted view, those events are logged in Proxy because the data is only decrypted by the platform (and always stored in the database fully encrypted, not just at rest).
Audit logs for compliance
CipherStash Proxy captures detailed logs of all data access, including who accessed the data, what data was accessed (fields or records), when the access occurred, and how the access was made.
Proxy's auditable trails of sensitive data access means that BNDRY can satisfy all their customers' GRC (governance, risk, and compliance) requirements, including frameworks like HIPAA, ISO27001, SOC 2, PCI-DSS, and GDPR.
Choosing CipherStash
In looking for a solution that met their requirements, BNDRY previously trialled HashiCorp Vault. It didn't give them the straightforward, end-to-end data protection they needed — CipherStash Proxy fills that gap with fully searchable encryption in use.
As BNDRY grows their own product offering, Proxy also gives them the flexibility to offer the option of self-hosting BNDRY to customers.
Proxy's low-friction procurement made the decision easy — CipherStash has SOC 2 Type 2 certification, a publicly-accessible trust centre, and a base-plus-usage pricing model that scales with BNDRY.
Implementing CipherStash
BNDRY has a strongly devops-focused team, using infrastructure as code with a fully composable architecture. The implementation model for CipherStash Proxy is a perfect fit for them as they can deploy Proxy as a service in their Kubernetes cluster.
BNDRY uses PostgreSQL with row level security (RLS) access control, a Go backend, and Vue.js frontend. As a cloud-native solution, everything is deployed via Kubernetes on Amazon EKS.
The BNDRY team was able to validate that CipherStash could support their use case by using our Protect module for Go. They were keen to move to our transparent Proxy solution, with no changes required to the BNDRY app.
BNDRY first deployed CipherStash Proxy without encryption during testing, so they could validate the solution. From then they encrypted database columns incrementally to continue to build confidence before progressing to full implementation.
Start protecting your data
Get started by creating a free account and choosing your integration path, or get in touch to learn more.