<
Return to blog

The Craxel Breakthrough in NextGen, Zero Trust Security for Database Systems

CISA Director Jen Easterly identifies cybersecurity gap; Craxel's Black Forest™ dramatically reduces attack surface

By Craxel Founder and CEO David Enga

March 26, 2024

In early 2024, the Director of the U.S Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly, identified a serious vulnerability that simply doesn't have to exist anymore.

A joint CISA and FBI SecureByDesign Alert recommends that application developers use parameterized queries to avoid SQLInjection attacks. We agree 100%. But mistakes happen and security is never perfect. So at Craxel, our Black Forest™ Data Platform takes zero trust security to the next level, so that any mistakes at the application layer are further mitigated.

In Black Forest, every action taken by the database engine is on behalf of an end-user with a digitally signed identity. No common accounts or admin accounts. No default accounts to secure. Black Forest comes with no built-in accounts at all! No record gets returned to the application if the end-user identity does not have an access grant for the record's security label based on either the end-user attributes or identity.

Evaluation of a record's security label is decoupled from ‘where’ clause evaluation so that malicious SQL can't overcome security evaluation. Further, when using Craxel's patented high performance searchable encryption technology, applications can't decrypt a record unless they have authority to access the encryption key for its security label. We call this pervasive compartmentalization.

Black Forest is memory-safe and not just itself SecureByDesign, it facilitates applications being SecureByDesign. While perfection is not attainable, the attack surface can be dramatically reduced with this approach.

So many of today's databases were built so long ago in languages such as C that aren't memory safe and when the concepts of zero trust didn't exist. The big tech companies receive too much revenue today from their legacy databases to ever rebuild them. They likely don't even have the expertise anymore to do so. The U.S. government should lead the way in deploying the next generation of highly secure database technology.