How to Implement Searchable Data Encryption

Since Paperclip introduced SAFE® in September 2022, we have been focused on educating the market on the solution and the critical security issues it can solve. We had to answer the question “What is searchable data encryption?” for people who have varying degrees of familiarity with encryption technology.

Many organizations already had encryption in motion and at rest but did not know the significance of searchable encryption (often referred to as encryption of data in use). Searchable data encryption is the ability to search data while it remains fully encrypted. This differs from encryption at rest and in motion as those two solutions only encrypt the data while it is in a restful state and that data must be decrypted for search or use. Searchable encryption is a highly beneficial evolution to the way we currently secure data. It’s also the only solution aligned to the way we use data today, and the way we secure our core data from threat actors.

Organizational data is rarely at rest or static; it needs to be accessed and used for organizations to operate efficiently. And Paperclip SAFE is the only SaaS solution designed to effectively address the fluidity of data while maintaining full, complex encryption on not just our data, but our key operational functionality.

Fast forward to 2024, and organizations are now more aware of searchable encryption and that Paperclip is the leading solution to protect their in-use data.

The growing cost of cyber-crime—now $8 trillion globally—coupled with the frustration related to the effective failure of traditional, complex cybersecurity solutions is shifting the conversation to better core encryption of operational data. Organizations are also facing growing accountability pressure from regulating bodies such as SEC, FINRA, HIPAA and GDPR, as well as a deeper focus on data encryption from compliance bodies such as ISO, CMMC, and SOC II.

The questions are now shifting to implementation and ease of use within their existing environment. This is an evolution in action that moves organizations to a better, more effective way to encrypt and secure their sensitive data. So, how does an operation move their data to this new platform? Here’s a very brief explanation:


Paperclip SAFE Implementation Overview

The Paperclip SAFE solution is a SaaS solution within the Microsoft Azure cloud. In the event you’re not in the Azure cloud—you’re on premise or you use a multi-cloud strategy—SAFE can still be implemented easily. It was designed as a plugin that doesn’t impact your end-users (no end-user training or process shift) and there is no need to rearchitect your network. This doesn’t mean you flip a switch to encrypt all your data, but the implementation process is simple if you follow these six simple steps:


Stage 1: Scoping

Stage 1 begins prior to finalizing the contract. The Paperclip SAFE Implementation Team will work with the Client Team to determine the data that needs to migrate to the SAFE environment. This stage will determine the size of the environment and a more accurate level of effort estimate (LOE).

Stage 2: Environment Creation

Once the contract is in place, the Paperclip SAFE Implementation Team will spin up the Client environment. During this stage the Paperclip SAFE Implementation Team will partner with the Client Team to guide the Client through the creation of the Client Key Vault, and application registration.

Stage 3: SAFE Portal Access

The Paperclip SAFE Implementation Team works with the Client Team to create access to and configure the Paperclip SAFE administrative portal, and authorization criteria. This is where Paperclip partners with the client to define the private, sensitive, and controlled data they would like secured.

Stage 4: API Development

The Paperclip SAFE Implementation Team supports the Client Development Team as they create the necessary API links as required to support the Client’s existing operational application or applications.

Stage 5: Data Population

In the data population stage, the Paperclip SAFE Implementation Team partners with the Client Team to move the identified critical/sensitive data from the Client’s database environment to the Paperclip SAFE environment. In most cases, the Paperclip SAFE team already has a script that will easily work with the existing database and automate the migration.

Stage 6: Usage Training

This is the final stage. At this point, the environment is fully operational, and the Paperclip SAFE Team is ready to onboard the Client Administrative Team. Since there is no need to train or disrupt the end users, the onboarding process is very quick.


In summary, a new client can have all their sensitive, controlled, or private data fully encrypted, and searchable within as little as 30 days with little to no impact to business operations. Better encryption, better control, and greater confidence in your ability to both use your data, and to know that it is always secure.

Click here to evolve your data security approach or to learn more about Paperclip SAFE today.

Still have questions? Please feel free to visit our FAQ Page or email us at