Introduction
OmniIndex enables all data to be used in the cloud, regardless of how sensitive or complicated it is. The patented and innovative OmniIndex technology uses a blended mix of advanced cryptography, established security protocols, and decentralized technology to ensure user’s data is both safely encrypted and anonymized, and available to productivity and analytics tools.
We have been working with Google Workspace to provide a customer data solution that enables data owners to be in full control of their secure and private data, while still having access to the industry-leading infrastructure and productivity tools Google offers.
Customer Challenges
Consider the following example, a Life Science organization is developing a new product and is working with third-party suppliers and external research development companies to get it completed.
This Supply Chain includes both IP and business critical data around competing contracts and industry secrets, and protected health information combined with other regulated PII. What if they were able to aggregate this data into one distributed network to manage the development and quickly gain insights from BigQuery, without ever exposing any of the content or breaching regulatory requirements around data integrity and security?
OmniFS combines OmniIndex’s patented fully homomorphic encryption and hybrid blockchain with Google’s Cloud Infrastructure & optimized productivity and collaboration tools, to offer:
1: Within a single Blockchain, all third-party supplier data can be aggregated. The individual suppliers can only ever access their own data, while the Life Science Organization can see everything they need.
2: OmniIndex’s patented FHE (Fully Homomorphic Encryption) enables the data to be encrypted at all times while still allowing computations and search to be performed. This gives each supplier confidence that their data is private and secure.
3: The OmniIndex Blockchain and architecture acts as a defense against a number of different attacks. For example phishing attacks that manage to infiltrate your other defenses and try to cause a Ransomware attack are nullified.
4: OmniFS enables all these benefits to be accessed within Google Workspace and BigQuery. This means you can gain product actionable insights on encrypted data in BigQuery.
5. Regulatory Compliance, many industries face increasing compliance regulations and not least Life Sciences. OmniIndex provides a ‘Forced Exit Strategy’ out of the box. Our nodes can be deployed on containers wherever the customer choses enabling true hybrid / multi-cloud modality
Solution Architecture:
The OmniIndex architecture is separated into 3 sections to enable secure use and access from wherever you are and maintain data security and independence with a multi cloud (public, private, or public and private) while not losing the benefits of Google’s infrastructure.
Section 1: API Server
This VM should sit inside your organization's firewall and only requires the opening of a web port. This server does not hold any of your crypto keys, but does use them to encrypt, create the searchable encrypted data contexts, and create the searching contexts that are sent to a Node Server (Distributed Storage Node). Because it is the power house to the data, it should be kept separate from your data.
Section 2: The Node Servers (Distributed Storage)
These are your storage nodes (Blockchains). You should have more than one of these and they should all be on different network segments or within different data centers. Because of the way they are architected, these Distributed Storage Nodes can be placed anywhere that is accessible via a web port. (This is the only port that needs to be opened, and in turn this port should only be accessible by the API Server/s and other Node Servers within its Peer Network.)
The Nodes are your distributed storage servers. They hold your data in multiple formats including on the file system and within a local data set. All data is sandboxed from other data, and (where required) fully encrypted with no access to the keys and more importantly no software installed that would allow data decryption. In essence, these are nothing more than a clever hard disk drive!
Section 3: API
Your client app will be the one calling the API and either passing the credentials to, or asking the API to create derived crypto keys.
(OmniFS Google Client App)
The OmniFS Add-on utilizes the API and the Distributed Storage in a number of ways. These include:
-
Saving Files
-
Searching Files (Full Text Homomorphic)
-
Opening Files
-
Importing Data (JSON or direct with ODATA)
-
Exporting Data to Google Sheets
-
Exporting Large Data Sets for AI and ML tasks to Google BigQuery
All this is done with calls to the API Servers that are held within your cloud tenancy, and it calls one of the Node Servers (we call this node the ‘Seed Node’) which are running across multiple cloud projects, tenancies, and networks.
In addition to the basic API calls, our Google Workspace implementation is able to:
-
Redact documents, storing the redacted text securely within the Blockchain.
-
Securely share files with other users, using the Google Workspace groups and multi factor authentication.
-
Share redacted documents with external (Non Group Members) email addresses.
Summary:
Google’s industry-leading cloud infrastructure and suite of tools have the functionality and scope that enterprises need. With OmniFS, they also have the security and privacy benefits of OmniIndex’s advanced and unique cryptography and decentralized technology to ensure data is safely encrypted and anonymized throughout.
In our Life Science Supply Chain scenario this means being able to manage the process with optimized and modernized infrastructure while being able to gain product actionable insights with maximum security. However, OmniFS offers a solution for any industry as all data can be added to and used in Google Workspace and BigQuery with encrypted and anonymized security and privacy.
