The security software-as-a-service (SaaS) can generate new data encryption keys every hour and includes a built-in kill switch. It supports data stored in Amazon Web Services’ (AWS) public cloud and Domo’s private data centers.
The company developed the technology in partnership with customers from highly regulated industries: a large investment bank, a healthcare company, and “one of the largest tech companies in Silicon Valley,” said Niall Browne, senior vice president of security and trust at Domo.
Browne said he repeatedly heard the same security request from customers: “You have my data, you manage my data, you manage my key. I want to be able to manage my own key.” Domo’s new software lets customers manage their own encryption keys, he added.
Bring Your Own Key
Domo BYOK assigns a unique key that can be rotated every hour. It also allows customers to remotely delete any residual data in memory. The product has three features that separate it from other BYOK solutions, Browne said.
First, its key management service creates keys based on a per time model. For example, a new key can be automatically generated every hour. Therefore, if any one key is compromised, an intruder will not have widespread data access.
“So in the period of a day, that’s 24 keys, or 8,760 keys in a year,” Browne said, adding that other encryption technologies typically rotate keys every year, or even every few years.
“In this old scenario, an intruder would have access to a year, or two, or three years of data,” he said. “But because the key is rotated every hour, in a scenario where data is compromised, you literally only have access to an hour’s worth of data. Continuously rotating encryption keys is very powerful because customers’ data is far more protected, and the risk scenario has been reduced exponentially.”
Second, Domo built a kill switch directly into the customer’s interface. This means if a security breach occurs, the customer doesn’t need to contact Domo to execute the kill switch. Two authorized administrators can execute the kill switch by logging into their instance separately, activating the kill switch, and rendering data in caches and indexes unusable. The data is dropped within seconds and the customer’s activity logs record the event.
Finally, Domo automatically logs and records all activity within a customer’s instance, giving admins the ability to see how their data is being accessed. If a customer chooses to revoke its encryption keys and execute the kill switch, this event is also logged so the organization has immediate confirmation that its data is no longer accessible.
Almost $700M in Funding
Domo founder and CEO Josh James previously co-founded and served as CEO of Omniture, a Web analytics startup acquired by Adobe for $1.8 billion in 2009.
Domo has raised $689.65 million to date, with its most recent Series D funding round in April bringing in $100 million, led by existing investor BlackRock.
Customers include large technology, healthcare, financial services, and credit card companies, Browne said, adding that the company is moving into the government agency space as well with its new BYOK service. “It certainly has a security benefit, but also tremendous basic privacy and legal benefits,” he said.