Portal26 Named Finalist in 3 Categories for A.I. Awards

Learn More >

Transform Your Secure Web Gateway into a Powerful GenAI Governance and Security Platform

Download Whitepaper >
Schedule a Demo >

AWS OpenSearch Security

Portal26’s OpenSearch Security Plugin

What do you get when you protect the industry's best search platform with the industry's most advanced data protection solution?

You get solutions for the most urgent of security needs, ransomware and extortion defense.

Try Portal26 Protect >

Top 5 Use Cases for Portal26 Plugin for AWS OpenSearch?

Data Security

Whether you’re ingesting sensitive data like PII or PHI, or managing valuable business information in your OpenSearch Cluster, securing this data is paramount. 

Customer controlled keys for SaaS

If you are a SaaS provider, your customers often ask, “How is my data encrypted? Can I control the encryption keys?” This is often referred to as BYOK (Bring Your Own Key) or HYOK (Hold Your Own Key). With Portal26, you can confidently say “yes,” facilitating the onboarding of larger enterprises and compliance-focused industries like financial services and healthcare.

SaaS Customer Data Segregation

If you are a SaaS provider and you are provisioning separate clusters per customer, because you need to encrypt each customer with a separate key, you can use the Portal26 plugin to partition the data with separate keys within one cluster. This will result in substantial reduction of operating cost, oftentimes exceeding the plugin license by a large factor.

Internal Audit Requirements

If your organization is in a regulated industry or you store PII, PHI or PCI data in your OpenSearch cluster, you will not meet audit requirements.

Regulatory Compliance

you may be looking to check the box on regulatory compliance such as SOC2, FedRAMP, GDPR, CCPA, and PCI—which requires NIST FIPS 140-2 certified encryption at rest and key rotation with minimal disruption—is streamlined with our solution.

How Does Portal26 Provide AWS OpenSearch Security?

Portal26 offers a robust encryption plugin that seamlessly integrates with your OpenSearch cluster, providing:

Regulatory Compliance

No changes to your existing application.

API Encryption (NIST FIPS 140-2)

Encryption of search results, ensuring no possibility for bulk exfiltration from the file system or API layer.

At-Rest Encryption (NIST FIPS 140-2

Encryption of index data before they are written to the file system.

Zero downtime Migration & Key Rotation

Strong enterprise expertise in transitioning existing clear text data over to encrypted index, key rotations, backup and recovery

This diagram illustrates how the plugin adds application-level encryption to your OpenSearch and how encrypted search results are decrypted by the proxy before reaching the client application.

BYOK Enablement for SaaS Operators and MSPs

Gain full control over your encryption keys with our BYOK feature. This allows both SaaS providers and their clients to manage and control access to their encryption keys, enhancing security and ensuring compliance.

See the Portal26 AWS OpenSearch Security Plugin in Action

Discover the power and simplicity of the Portal26 encryption plugin through a scheduled live demonstration. Sign up to see how it integrates seamlessly with your existing OpenSearch environment, maintaining operational efficiency while significantly enhancing security. Reserve your spot now to experience firsthand how our plugin operates without disrupting your current workflows.

Schedule a Demo >

Pricing

Our pricing model is transparent and covers various tiers to suit your needs:

1-20 Nodes

$ 3000 Anually Per Node
  • List Item #1

20-50 Nodes

$ 2750 Anually Per Node
  • List Item #1

51-100 Nodes

$ 2500 Anually Per Node
  • List Item #1

Over 101 Nodes

Call Us To get a Quote
  • List Item #1

A node is an Opensearch node. All nodes in the cluster must have the plugin.

Discounts available for multi-year commitments and quick close following a PoC.

Contact us to find out more >

Supported Platforms and Key Stores

  • Self-hosted OpenSearch 2.x and Managed OpenSearch.
  • Key stores like Hashicorp Vault, AWS Secrets Manager, Azure KeyVault.

Other Noteworthy Points

  • Low performance overhead.
  • No client application modifications needed.
  • Supports all vector search.
    • Does not support file system system encryption with knn plugin
  • Backup and snapshots.
  • Zero-downtime key rotation.
    • Zero down time is available if you do only writes and search. 
    • If you also update or delete, then you may have to change your queries to update or delete by ID

Datasheet Download

Fill the form below to download our Portal26 Plugin for OpenSearch Datasheet.

OpenSearch Datasheet Download

Scale with Confidence

Our plugin and the search proxy scale with your cluster. The proxy, distributed as a Docker container with a helm chart, ensures stateless service scalability on Kubernetes.

Ready to Enhance Your AWS OpenSearch Security?

Whether you are starting with existing indices or new ones, our plugin adapts to your setup without requiring reindexing for new indices. API encryption can be added to existing indices seamlessly.

Leverage Portal26 to secure your most sensitive data efficiently and meet compliance demands effortlessly.

Schedule a Call >
Email Us >

AWS OpenSearch Security Resources