Encryption: zero-trust solution

Why use encryption?

Since Formsure supply all the maintenance, support, and functionality for applications on demand anytime and anywhere, such that it can be set up and running by a consumer in a matter of minutes, Formsure is probably the best known and most commonly used aspect of external form processing. In addition to cost savings on maintenance, support, hardware and software costs, etc., another major advantage of using Formsure services is that updates are automatically installed without any need to download and install software.

Most of our customer base in the EdTech and GovTech segment uses various encryption options provided by Formsure

Client-side encryption (no key sharing)

The only secure way to run Formsure is to encrypt all of the data on the client side and only send encrypted data to the Formsure app (and ensuring you NEVER share the key with us). However, this approach hobbles the application functionality as this encrypted data can not be transformed or searched. Basically, you end up with remote storage of encrypted data blobs. This methodology is secure (therefore it has applications in the world of enterprise data storage), but it hobbles the ability of a server-side application to actually perform much work. Companies like Keybase are making this much more possible and we’re excited about the potential that it brings (messaging apps such as Whatsapp and iMessage already use this technique to ensure that their servers do not have access to the encrypted messages).

Fully homomorphic encryption (FHE)

FHE is often heralded as the coming savior for Formsure data security. The promise of FHE is that the enterprise is able to encrypt all data in a special way that preserves the ability for the vendor to perform special operations over the data in encrypted form and produce encrypted solutions that can be read by the enterprise with the original encryption key. The problems with technique are related to the a) it is very slow compared to unencrypted computations b) not all operations are currently possible in FHE c) frequency information could reveal patterns that expose the content of the underlying data.

Enterprise key management (EKM)

EKM is touted by vendors such as Salesforce and Box as the solution to all enterprise data concerns. However, for EKM you still have to trust the vendor not to purposefully or accidentally store the encryption key or any of the data while it is unencrypted in system memory. Combining this technology with secure enclaves (specialized hardware to load encrypted data in from main memory into a hardware encrypted cache) can prevent the vendor from accessing the encryption key, but it does not guarantee that data isn’t accidentally mishandled while it is unencrypted on the hardware. The bottom line, is that bugs happen.