Portal26 selected as a finalist for 2024 AI Trailblazer award

Learn More >

Transform Your Secure Web Gateway into a Powerful GenAI Governance and Security Platform

Download Whitepaper >
Schedule a Demo >

Enterprise Data Encryption Software

Portal26 Encrypted Search Plugin Keeps Enterprise Search Data Secure

Are you worried about securing Elasticsearch and OpenSearch? Portal26 provides the industry’s most advanced data encryption solution that plugs into Elasticsearch and OpenSearch and delivers NIST FIPS 140-2 validated data encryption without losing the full featured search capabilities that makes these platforms so powerful in the first place.

Demo Search Security >

Is Search Getting in the way of Security?

Portal26 extends traditional data encryption to go beyond data-at-rest and data-in-transit to include data-in-use. Using high-performance encryption-in use Portal26 enables platforms like Elasticsearch and OpenSearch to retain their powerful search capabilities while becoming extremely secure. With this new defense in place, sensitive data inside Portal26 enabled enterprise search platforms to becomes immune to compromise at the hands of external attackers, malicious insiders, or accidental exposure. Any data queried or otherwise exfiltrated retains encryption and cannot be used as leverage against the enterprise even if it is accessed using admin privileges. This makes Portal26 an extremely valuable data encryption solution.

Are infrastructure costs exploding because each customer requires their own data nodes?

Portal26 allows index level encryption keys thus making it possible to store multiple customers’ data on the same node while ensuring complete isolation of data between customers. For large deployments this can result in over 60% reduction in node count and associated costs.

Are privacy savvy customers asking to hold their own encryption keys?

Portal26 comes with BYOK/HYOK out of the box so that every customer can either supply their own keys or store their own keys in their own external key vaults. Portal26 enables external key registration for key vaults residing across clouds and data centers for the industry’s most versatile and rich data privacy options for enterprise search customers.

Elasticsearch or OpenSearch with Portal26 Plugin

Elasticsearch or OpenSearch without Portal26 Plugin

Encryption-at-rest

Yes 

Yes

Full featured encrypted search without any data decryption

Yes

-

NIST FIPS 140-2 validation for PCI, HIPAA, FedRAMP, GDPR, CCPA…

Yes

-

Data can be released in multiple privacy preserving formats: masked, encrypted, redacted, tokenized…

Yes

-

Allows for customers to bring or hold their own keys (BYOK/HYOK)

Yes

-

Allows for customer specific keys in commingled data (index level, row level, field level keys)

Yes

-

Automated Zero Downtime Key Rotation

Yes

-

Securing Elasticsearch Resources >
Securing OpenSearch Resources >

Portal26 Encrypted Search Plugin Key Features

Searchable Encryption
Portal26’s data encryption stays in place even as data is actively indexed and searched by the platform. The plugin enables the construction of the encrypted search index and also intercepts and transforms all queries against protected data.
Transparent Security
Elasticsearch, OpenSearch, as well as any applications built on top of it are not impacted by the Portal26 plugin as all operations are performed transparently and using native platform capabilities.
Private Data Release
In addition to retaining encryption within the platform and indices, Portal26 also supports traditional and format preserving encryption, tokenization, masking and redaction of sensitive data when it is released from the platform.
Encryption Keys, BYOK/HYOK
Integrates with industry-leading key vaults for key materials and supports Bring Your Own Key (BYOK) and Hold Your Own Key (HYOK) at scale and zero downtime key rotation and re-keying.. Keys can be applied at all levels of granularity including field and index level keys.
Audit, Compliance, and Post-Attack Support
By utilizing NIST FIPS 140-2 validated encryption for data in all states (including data-in-use) Portal26 helps protected Elasticsearch and OpenSearch clusters support FEDRAMP, GDPR, CCPA, ITAR, Data Residency, and least privilege requirements.
High-Performance and Scalability
Portal26 Plugin operates at petabyte scale and with minimal performance impact. Portal26 encryption-in-use for Elasticsearch and OpenSearch is orders of magnitude faster than next best solutions such as homomorphic encryption.

Product Blogs