Protect your pearls: Customer.io’s data encryption strategy
Customer.io is a data company. We live and breathe data all day, every day. And we know that all our customers are, at the end of the day, data companies as well — no matter what industry or type of business, data is at the core of how companies succeed. That’s why ensuring the security of all the data we handle is a foundational principle of how we build and operate. Our encryption strategy is founded on the same well-established best practices used by all of today’s major cloud storage providers.
What is data encryption and why does it matter?
In a nutshell, data encryption refers to the process of encoding information by converting that information, called plaintext, into what’s known as ciphertext. This coded ciphertext is unreadable until an authorized party deciphers it, usually with a digital key. Any time data is transmitted or stored, powerful encryption ensures no one can steal your information.
Some people rely on creating a single encryption key to encrypt every piece of data stored in their system. This is a bad strategy. Why? Because if that one key is stolen, suddenly the thief has access to all the data for all your customers.
Others rely on a strategy in which every customer’s data gets its own key. This is a slightly better approach, as the stolen key only jeopardizes that one customer’s data. But the problem is if one key is compromised, others may also be at risk. And, of course, any breach means you need to re-encrypt all the customer’s data, which can be expensive and time-consuming.
Adding a third layer of protection is really the gold standard, which is what drives our approach.
Customer.io’s data encryption strategy
When we began building Data Pipelines, we looked to relied-upon best practices and industry standards for data encryption used by all the leading cloud providers. That’s what serves as the baseline for our approach. We use three different types of keys to encrypt data:
- Data encryption key (DEK): Used to encrypt/decrypt data
- Key encryption key (KEK): Used to encrypt/decrypt DEKs and other KEKs
- Root key: Used to encrypt/decrypt KEKs
Here’s how those keys work together at Customer.io. Each customer’s data is encrypted with a KEK unique to that customer. Then, the customer’s data is broken up into individual fragments of data; each of those pieces of data is encrypted with a unique DEK, which is itself encrypted with the customer’s KEK. Wrapped around all of it is a root key that encrypts all the KEKs.
Let’s walk through an analogy to see how the encryption strategy works in practice.
Customer.io’s encryption: an analogy
Imagine that each piece of data is a pearl, and those pearls are stored in a vault with two rooms. If someone wants to get to one of those pearls, here’s what they’re up against.
The door to the vault itself has an electronic keypad lock. To get inside the vault, you need to know the code to open that lock. That lock code is the root key.
Let’s say you know the code to the electronic lock, so you can enter the vault. With the lax strategy referenced earlier, entry here would reward you with a giant pile of shimmering pearls. But with Customer.io’s strategy, you’ll find yourself inside the first of the vault’s two rooms. No pearls anywhere. Instead, the room is full of safes, each with a unique combination lock. The individual combinations are the different key encryption keys (KEKs).
Now imagine you know the combination to one of the safes, and you open it. Do you get your hands on a pearl? No! What you actually find is a little golden key — a data encryption key (DEK). So you head into the vault’s second room with your key in hand.
Now you’re greeted by a room filled with a bunch of small lockboxes. But which lockbox does the golden key work for?
Trial and error is likely to get you nowhere. If you happen to know the exact lockbox that goes with your golden key, now you can use it to open the correct lockbox and retrieve a single pearl: the piece of data.
Even with that pearl in hand, you’re a long way from gathering enough pearls to add up to anything. That would require knowing the combinations to many more little safes, plus knowing which specific lockboxes the keys you find belong to.
If you’re authorized to access data, you’ll have the information necessary to open the three types of locks and know exactly which keys open which lockboxes. Simple. But if you’re not authorized, you’ll find it incredibly difficult to get ahold of even one pearl.
Formidable security built on best practices
Your data is your treasure; you need to know that it’s always secure. That’s why we based our encryption model on well-established industry best practices. And it’s why we continue to build on this foundation to strengthen encryption across the entire Customer.io platform. So anytime we’re storing your data in the cloud or handling your secret information, you can trust that it’s locked up tight.
Want to learn more about our encryption model and approach to security? We’d welcome the chance to show you more details during a personalized demo.