Sleep tight, your data is secure, part 3 – Data Storage Security

To make Invoicebus a place where its customers would feel safe and sound, we’ve built a little fortress around its data. We reveal a tiny, but interesting part of its architecture.

Data Storage Security

In our case, data storage security refers to the way of keeping and managing customer’s data within the database: invoices, quotes, clients, company details etc.

These kinds of sensitive information are kept in a form that is encrypted by the Advanced Encryption Standard (AES) – first open symmetric-key cipher approved by the National Security Agency (NSA) and used by the US federal government for storing secret information.

The human way of showing how this thing works is by the picture below:

Invoicebus AES Data enctiption-decription

We use the words lock, unlock as a way to visualize the meaning of encryption, decryption process of the powerful AES algorithm respectively.

The security key is kept encrypted (with RSA algorithm) in a separate, isolated place (on a different server protected by other security mechanisms and firewalls). Every time when AES needs to lock/unlock data, it requires the decrypted form of his key.

Hypothetically spoken, if security breach happens to the database server, the attacker would not be able to retrieve any meaningful data without this key, unless he has Dan Brown’s TRANSLATR at home.

Other aspects of Data Storage Security

Backups and redundancy are closely related to the Data Storage Security, but will be covered in the upcoming part 5 – Hosting Server Security.
Part 4 and 5 of this security talk series will be continued after the Invoicebus launch.

Invoicebus Team

Invoicebus Team

We're a team comprised of a few die-hard code freaks, lovers of beautiful design, stewards of simplicity, and passionately dedicated to the user experience. Invoicebus is a great vehicle to express what we do best. Click here to learn more on our business philosophy and how we actually do it.
Invoicebus Team

Latest posts by Invoicebus Team (see all)

No Comments

  1. […] for their job function, and block any ability to install software. Also, a good practice is to encrypt the data in the database, so even if breached the data can’t be read without the encryption […]