Sharding to Contain the Blast Radius of Data Breaches
4 days ago
- #Zero Trust
- #Data Sharding
- #SaaS Security
- Modern SaaS platforms face risks of 'wholesale' data breaches affecting large user bases.
- Designing for tenant isolation and blast radius reduction is a key security principle.
- Sharding, initially for scalability, is now used to prevent widespread data compromise.
- Blast radius thinking focuses on limiting damage from compromised principals or infrastructure.
- Zero Trust emphasizes explicit verification, least-privilege access, and assuming breach.
- Sharding changes the failure model by exposing only data in a compromised shard.
- Sharding can be by tenant, geography, business unit, or user access domain.
- Mimir's 'Shard on User Access' model aligns shards with user access boundaries.
- Client-side encryption ensures servers only handle opaque ciphertext.
- Keys in Mimir's model are scoped to logical access domains, not infrastructure.
- Sharding supports compliance with GDPR, HIPAA, and data residency rules.
- Practical questions for CISOs include maximum unit of compromise and key management.
- Sharding transforms breach profiles from catastrophic to bounded and recoverable.