OC3 registrations are now open! Join the premier event for confidential computing online or in Berlin on March 27.
Case study: OCCRP
The Organized Crime and Corruption Reporting Project (OCCRP) is an international NGO composed of investigative journalists, media organizations, and activists who work together to expose organized crime and corruption around the world.
Fighting against corrupt banks, law firms, registration agents, and lobbyists that they call the "criminal services industry", OCCRP works in regions including South America, Eastern EU, Polynesia, and Africa. As an organization, OCCRP has been responsible for some of the most impactful investigations of the past decades, such as the Panama Papers and the Credit Suisse leaks.
To accomplish its challenging goals, OCCRP leans not only on the work of its journalistic network and partners like the BBC and The Guardian but also on sophisticated technical tooling. OCCRP's project Aleph provides a "global archive of research material for investigative reporting" and the OCCRP hosts many terabytes of sensitive, confidential data from sources, whistleblowers, investigations, and archives.
While for many companies, a data breach or a loss of sensitive information could cost a fortune, for the activists and journalists working with OCCRP, even the smallest data leak could severely impact their lives. Therefore, engineers at OCCRP invest significant effort to keep the journalists and activists connected to this information safe.
Initially, the material resided on a GKE cluster. However, conscious of how sensitive the data they handled was, security engineers at OCCRP needed a better solution. This solution would need to keep the data encrypted in all states, isolate clusters from the underlying infrastructure in case of a compromise, as well as ensure and proof that the cloud provider or malicious entities never get access.
With their existing setup, OCCRP experienced three main issues:
Before migrating to Constellation, OCCRP engineers were willing to take on the heavy lift to secure their Kubernetes installation, but the process was intensive and time consuming. With Constellation, this would no longer be necessary.
Understanding the overhead that their security needs put on them, OCCRP engineers sought out a dedicated solution. This search led them directly to Constellation and to the uplifting discovery that it fulfilled all their technical requirements.
OCCRP engineers used the open-source version of Constellation to quickly spin up a Kubernetes environment on GCP.
Because they were able to use their existing infrastructure provider and due to how seamlessly Constellation integrated with the GCP offerings, the migration of their sensitive data came with minimal downtime or disruption for users.
Once they were set up with Constellation, OCCRP engineers immediately experienced three concrete benefits:
Thus, after the migration, not only was the data now secure but Constellation’s auto-updating and autoscaling features ensured that no matter the amount of new data added, Constellation would continue making it virtually impossible for hackers or other malicious actors to access it.
After six months of using Constellation on GCP, OCCRP can deem the migration a success. No unauthorized data was accessed or hacked and OCCRP engineers continued to use the cloud provider they were accustomed to.
Constellation’s ease of use meant that developers at OCCRP could continue focusing on the other technical tools that augment their journalists’ work, and the organization could rest assured that the most valuable information, what they fight so hard to protect, remains safe for use by international journalists now and into the future.
“
Constellation provides us with the tools we need to meet the organization's goals around reducing risk of harm to our journalists. We have been running Constellation in production for several months now and are still impressed by its ease of use. Our only regret was not finding it earlier.
Amran Anjum, Head of Infrastructure at OCCRP
The form failed to load. Please send an email to contact@edgeless.systems. Loading likely fails because you are using privacy settings or ad blocks.