Levels
LunaDefend Security Levels
| Level | Tokenizer | Authentication | Authorization | Cryptographic Environment |
|---|---|---|---|---|
| 1 | Embedded | App | App | None |
| 2 | Dedicated | App | App | Tokenizer |
| 3 | Dedicated | Auth Provider | App | Tokenizer |
| 4 | Dedicated | Auth Provider | Secure Functions | Tokenizer |
Level 1: Simple Tokenizer
Pros
Security - Sensitive plaintext is no longer being passed around by the application. Tokens are used to identify information and the content is only resolved when explicitly needed.
Developer Experience - Almost no changes are needed to the code base. Compatible with any frontend framework.
Cons
Security - In the case of a Remote Code Execution(RCE) in the frontend or backend, the attacker will have access to sensitive information.
Suitable For
Small team, compliance focused security.
Level 2: Dedicated Tokenizer and Existing Auth
Security
LunaDefend Secure Frame is an iFrame served from another domain. It becomes very difficult for an attacker to exfiltrate the sensitive information entered and displayed in the secure components. Your application's session management is a point of attack because LunaDefend has to trust it.
Developer Experience
Deployment of a dedicated tokenization server and replacement of frontend components with secure components, only certain frontend frameworks supported.
Suitable For
Small to mid-size team in need of hardened security.
Level 3: Dedicated Tokenizer with Authentication Provider
Security
Auth Provider hardens the authentication and session management for your existing application to access plaintext directly, very difficult to attack.
Developer Experience
User management code such as signup pages and session management is no longer needed, it comes from the auth provider. The auth provider is an additional service that must be configured and deployed.
Suitable For
Enterprises and government organizations in need of very robust security
Level 4: All of the above with Secure Function support
Security
Secure Functions are ephemeral virtual machines which allow serverside access to secure data. These functions exist in isolated environments which greatly reduce the attack surface the code which interacts with sensitive information. Additionally, a specialized Secure Function can be created which will control authorization decisions for frontend detokenization.
Developer Experience
Centralized authorization greatly simplifies compliance requirements.
Individual teams do not need to create and maintain authorization code outside of a single location.
Security auditors can quickly audit just the small pieces of code that run in the Secure Function.
Suitable For
Enterprises and government organizations in need of the most robust security solution, especially where serverside processing of sensitive data is required
