Preventing Cross‑Tenant Breaches: How BrunnrDB’s Architecture Contains Attacks Post‑MongoBleed
Introduction: Recent events have cast a spotlight on the risks inherent in traditional multi-tenant database architectures. Modern SaaS platforms often house all customer data in a single, massive multi-tenant data store. This creates an “all or nothing” scenario in security: if that central store is breached, the damage is rarely confined to a single account – […]
Vendor Breach Containment: Making Integrations Safe Even When They Get Popped
Vendor breaches are no longer an edge case—they are a primary way attackers bypass your “front door” controls. A single compromised integration can turn into wholesale data access if it relies on long-lived tokens, broad permissions, unmanaged exports, or direct database connectivity. This post turns the “side doors” risk into an actionable containment checklist: minimize what vendors can reach, shorten how long access works, and reduce the value of anything that leaks. You will find practical patterns—an integration gateway, curated exports, kill switches, and tight token scopes—that make stolen vendor access boring and keep blast radius small.
When Healthcare Breaches Happen, Cyber Attacks Pay the Highest Price: Insights from Two Years of HHS OCR Data
Over the last two years, large healthcare data breaches reported to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) have revealed a consistent pattern: almost all of the risk and almost all of the cost sit in one place – server aggregated data.
Sharding to Contain the Blast Radius of Data Breaches
Modern SaaS platforms sit on top of massive, multi-tenant data stores. When those stores are breached, the damage is rarely limited to a single record; it is often “wholesale” compromise of large slices of the user base. For a CISO or CTO, this is the critical risk: not that a record can be stolen, but that everything a given system knows becomes available in one incident.
When SaaS Fails, It Fails at Scale: Why Data-in-Use Protection Matters
Cloud and SaaS have become the default place to store and process sensitive data. They have also become the default place to lose it. Recent years have seen the same pattern repeat: a single weakness in a cloud platform, data-warehouse service, or widely used SaaS component is exploited once, and data for many organisations and […]
Protecting Data-In-Use in the Cloud: A Pragmatic Philosophy
Executive Summary: In modern cloud environments, protecting data-in-use (data actively processed in memory) is critical. If an adversary can read or dump your system’s memory, they can steal session tokens, encryption keys, or other credentials that let them impersonate legitimate users. In fact, infostealing malware that exfiltrates session cookies can “bypass password and 2FA controls” and give attackers […]
The Hidden Risk in Cloud Databases: When a Vendor Breach Becomes Your Breach
Most companies lock down their apps – but leave the side doors wide open.
Those “side doors” are your vendors, integrations, and managed services.
The Lifecycle of a Hacked Database – and Why Aggregated Data Takes the Biggest Hit
A database breach isn’t a single event—it’s a story that unfolds in stages.
Each stage brings attackers closer to the crown jewels: your aggregated data.
Closing the Encryption Gap: Protecting Data While It’s Being Used
Encryption protects data at rest and in transit – but what about when it’s being used?
That’s the missing layer in most security architectures.