The RSA Conference 2024 will kick off on May 6. Known as the “Oscars of Cybersecurity,” the RSAC Innovation Sandbox has become a benchmark for innovation in the cybersecurity industry.
Today let’s focus on new hotspots in network security and gain insights into new trends in security development by delving into Antimatter.
Antimatter is a data security company dedicated to providing encryption infrastructure for SaaS service providers, offering encryption capabilities for data in store and transit, as well as access control, logging, and privacy protection during data usage. The company’s vision is “to give everyone control over their own data no matter it is.”
Antimatter was established in 2021 and is headquartered in San Francisco, USA. The co-founders are Andrew Krioukov (CEO), Michael Andersen (CTO), and Beau Trincia (VP of Design). Krioukov and Andersen both earned their Ph.D. from the RISELab at UC Berkeley. Krioukov was the founder and CEO of Comfy, a workplace management service company, which was later acquired by Siemens; Andersen is the team’s cryptography expert; Trincia was also a founding member of Comfy and served as a design lead at the renowned design firm IDEO for seven years.
On March 31, 2022, Antimatter secured a $12 million Series A funding round, led by the investment firm New Enterprise Associates, with participation from General Catalyst and UNION Labs.
With the continuous development of cloud computing technology and the widespread adoption of cloud services, the SaaS model has become the choice for an increasing number of businesses and individuals. However, as the number of SaaS applications grows and user bases expand, the security requirements for SaaS service providers are also increasing. In this model, users may entrust a large amount of sensitive and personal data to SaaS service providers for processing and storage, which increases the risk of data being illegally accessed or leaked. According to the State of SaaS Security: 2023 Survey Report released by the CSA, 58% of SaaS companies have experienced data breaches, and 41% have experienced data leaks.
Additionally, the need for legal and regulatory compliance in data storage and processing has become an issue that SaaS service providers must face. To meet the legal and regulatory requirements of certain regions, SaaS service providers may need to isolate some users’ data from other users’ data or store some users’ data in specific locations. These security requirements significantly increase the workload of the development and security teams of SaaS service providers.
Founder Krioukov stated that the most common demands they encountered before founding Antimatter were as follows:
Therefore, in today’s cloud-centric environment where user data is growing exponentially, how SaaS service providers can ensure the security of user data and meet legal and regulatory requirements has become a critical issue.
What Components Does Antimatter Have?
Antimatter offers a comprehensive and powerful data management tool with the design philosophy that no matter where the data is stored or which system is used, users can manage their data with a unified decentralized data control plane. This data control plane consists of the following three parts:
Antimatter uses “Domains” as the basic unit of an account. Typically, users can log in to their domain through a browser to use the management services, creating one or more data capsules. Most API calls are made within a domain and require authentication based on the identity configured within the domain. A capsule is always associated with a domain, and the read/write policies for the data within the capsule need to be configured within the domain.
Antimatter refers to the rich data management capabilities within a domain as “Data Control,” which includes the following main features:
From the above introduction, it is clear that the core of Antimatter lies in providing the Capsule, a special object structure that encapsulates user data to facilitate encryption, access control, and other capabilities. The main feature of Antimatter during the data encapsulation process, when interacting with the capsule for data writing and reading, is the addition of rich data processing capabilities.
When a user writes data to a capsule, they can add data processing hooks, one of which is particularly representative: using a large language model to extract personal identity information from the data and perform tagging processing. When reading data, Antimatter can display only part of the content based on access control policies and tagging information, anonymizing unauthorized content. The effect of personal identity information data processing is shown in Figure 4, but Antimatter can do more than that. For the same data with two different access permissions, Antimatter can display different subsets of this data, such as only displaying the name and credit card number for permission A, and the name and password for permission B. In model training scenarios, if different contents of the same data are to be used to train different models, this mechanism can greatly enhance data privacy.
In addition, Antimatter claims to have invested a lot of effort in designing its unique encryption and key management scheme. As mentioned in section 3.2, Antimatter uses a three-tier key scheme, allowing users to hold and manage their own Root Encryption Key (REK), meeting the needs for Bring Your Own Key (BYOK). Founder Andersen proposed that they use the enclave environment provided by confidential computing technology to store the Key Encryption Key (KEK), so neither the SaaS service provider nor Antimatter can see the KEK, reducing the risk of key exposure.
Under this key management architecture, an attacker would need to simultaneously steal the REK from the data owner, the encrypted KEK from Antimatter, and the corresponding ciphertext of the KEK from the data storage location to achieve data theft. This architecture reduces the attack surface and increases the difficulty for attackers.
With the growth of cloud-based business needs, the amount of user data hosted by SaaS service providers also increases, and the data security issues that arise are becoming a significant challenge for these providers. Protection measures are required during the storage, transmission, and use of data in the cloud to prevent the leakage of sensitive information. What Antimatter does is not just simple data security protection; its main purpose is to provide SaaS service providers with a simple, unified, and fast data security management infrastructure. SaaS service providers no longer need to access all user data in plaintext; users can decide which parts of their data can be accessed by which visitors. This will greatly reduce the workload of SaaS service providers in the data security aspect and lower their service costs.
Currently, Antimatter has had successful cases, providing a data security solution for Ironclad, a top U.S. contract management software developer, allowing Ironclad’s users to easily configure BYOK and manage their own data capabilities through a simple interface. It is believed that with the continuous improvement of Antimatter, it will become the choice for data security for more and more SaaS companies.
More RSAC 2024 Innovation Sandbox Finalist Introduction:
RSAC 2024 Innovation Sandbox | Bedrock Security: A Seamless and Efficient Data Security Solution
The post RSAC 2024 Innovation Sandbox | Antimatter: A Comprehensive Data Security Management Tool appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..
*** This is a Security Bloggers Network syndicated blog from NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. authored by NSFOCUS. Read the original post at: https://nsfocusglobal.com/rsac-2024-innovation-sandbox-antimatter-a-comprehensive-data-security-management-tool/