LunaDefend Security Levels
|4||Dedicated||Auth Provider||Secure Functions||Tokenizer|
Level 1: Simple Tokenizer
Security - Sensitive plaintext is no longer being passed around by the application. Tokens are used to identify information and the content is only resolved when explicitly needed.
Developer Experience - Almost no changes are needed to the code base. Compatible with any frontend framework.
Security - In the case of a Remote Code Execution(RCE) in the frontend or backend, the attacker will have access to sensitive information.
Small team, compliance focused security.
Level 2: Dedicated Tokenizer and Existing Auth
LunaDefend Secure Frame is an iFrame served from another domain. It becomes very difficult for an attacker to exfiltrate the sensitive information entered and displayed in the secure components. Your application's session management is a point of attack because LunaDefend has to trust it.
Deployment of a dedicated tokenization server and replacement of frontend components with secure components, only certain frontend frameworks supported.
Small to mid-size team in need of hardened security.
Level 3: Dedicated Tokenizer with Authentication Provider
Auth Provider hardens the authentication and session management for your existing application to access plaintext directly, very difficult to attack.
User management code such as signup pages and session management is no longer needed, it comes from the auth provider. The auth provider is an additional service that must be configured and deployed.
Enterprises and government organizations in need of very robust security
Level 4: All of the above with Secure Function support
Secure Functions are ephemeral virtual machines which allow serverside access to secure data. These functions exist in isolated environments which greatly reduce the attack surface the code which interacts with sensitive information. Additionally, a specialized Secure Function can be created which will control authorization decisions for frontend detokenization.
Centralized authorization greatly simplifies compliance requirements.
Individual teams do not need to create and maintain authorization code outside of a single location.
Security auditors can quickly audit just the small pieces of code that run in the Secure Function.
Enterprises and government organizations in need of the most robust security solution, especially where serverside processing of sensitive data is required