Data security
Get zero-trust architecture and security by design
Vault provides features that let you use personal information while inherently reducing its exposure and risk. Unlike a database, that is typically optimized for data accessibility, Vault is designed to limit access and ensure data is not leaked. It tackles many security threats that have not been fully addressed before, such as SQL injections and broken object level authorization (BOLA) unauthorized access attacks. Therefore, it enables security by design and a zero-trust architecture.
These features include:
- Tokenization - to retrieve a non-sensitive token that references data within Vault.
- Transformations - to provide reduced-exposure views of the data within Vault.
- Property encryption - to encrypt the values of sensitive properties at rest, in addition to the built-in encryption of Vault data in motion.
- Identity and access management - to provide:
- Access control – to control user access to the API URLs.
- Policy management – to control user access to data.
- Advanced data and access controls – to restrict the operations and data available to clients, including tenancy isolation .
- Anti-tampering – to detect attempts to modify the configuration of the database directly and, optionally, lock data access after an attempt is detected.
You can also find details in this section on how secrets are handled in Piiano Vault.