SOC 2 and CipherStash

CipherStash helps you meet your SOC 2 obligations by giving you identity-based access controls that keep your data encrypted even when in use.

How CipherStash helps with SOC 2

Meet requirements for SOC 2 compliance

Secure authentication mechanisms to production data stores

With CipherStash this can be scoped to individual records. You can demonstrate that only authorized users have access to particular pieces of data. (CC 6.1 - Unique production database authentication enforced)

Data is encrypted at rest

With CipherStash this means storing ciphertext in the database and not only relying on encryption of the underlying storage. (CC 6.1 - Data encryption utilized)

Privileged access to databases

CipherStash allows you to grant full admin access to a database for authorized users with a business need, such as DBAs or SRE teams, but still protect sensitive data with strong encryption. (CC 6.1 - Production database access restricted)

Confidence in data deletion

With CipherStash key-per-record you can have confidence that data access is prevented by deleting specific keys, or groups of keys. This works for physical and virtual storage media. (CC 6.5 - Asset disposal procedures utilized)

Log management for identifying security impact

CipherStash allows you to see not only what SQL queries were made, but also what fields were returned (or would have been returned in the event of a request being denied). This helps you understand what data has been accessed or prove that sensitive data has not been accessed. You can also use this visibility to understand which systems or humans are accessing which data. This is critical in helping you understand your operating model and improve your security posture (CC 7.2 - Log management utilized)

Accurate data access information during incidents

Having accurate information on data access during incident management helps you communicate internally and externally. Being able to show evidence of which data was accessed and by whom can simplify post issue reporting or other regulatory obligations. The granular encryption and detailed logging provided by CipherStash makes this easier. (CC 7.4 - Incident management procedures followed)

Start protecting your Postgres data

Get started by installing the NPM package, or get in touch to learn more.

 Try it yourselfGet in touch →