13 Sep 2021
How to keep your data encrypted and still be able to securely search over it, without constraining the app architecture? In data security, we say “you should try searchable encryption!” Let’s shine a new light on it here! Here’s an example. You store valuable encrypted data (like PII and fin data) in a database. Some app backend interacts with a da...
23 Aug 2021
Check this list while planning a new business and putting your fintech app in the cloud. By noting these arguments you can avoid risky misconceptions of trusting too much responsibility to cloud providers and cloud environments. From our experience at Cossack Labs, we know that such an approach saves data, funds, and reputation. First, start with r...
02 Aug 2021
Lots of recently introduced regulations require audit logging as one of the measures for data protection in fintech. We know from practice that cryptographically signed audit logging can be a secure and pragmatic way to cover this point. Let's cut through complexity. Audit logs, or audit trails, capture evidence about any activity in your software...
19 Jul 2021
Facing a blend of old and new regulations, fintech companies, neobanks, and banks-as-a-service use application-level encryption (ALE) to encrypt transaction data, PII, and data sensitive with payments and accounts context. What Pro’s and Con’s application-level encryption has compared to the traditional database data-at-rest encryption? First, nowa...