Cloudproof Encryption
Cloudproof Encryption for Big Data Repositories.
Confidential Data Access for Big Repositories.
Cloudproof Encryption provides libraries and tools to encrypt large repositories of data – Big Data – with high performance and advanced secure techniques in zero trust environments. It also provides encrypted indexing and encrypted searches to quickly and securely find and retrieve encrypted data.
Public Key Encryption and Post Quantum Resistance
Your data is better protected: data is encrypted using a public key which can only decrypt and can be safely shared in clear text on all encrypting systems. Users use their own private key to decrypt. Post quantum hybridation can also be activated to provide resistance against future attacks from post quantum computers.
Granular control of your
data access policy
Finely control your data access policy: data is encrypted with freely chosen attributes enabling tight secure partitioning. Only users that have a key with an access policy matching the attributes can decrypt.
Client-side
encryption and decryption
Data can be encrypted or decrypted using either REST calls to the KMS or API calls to local libraries. Libraries are available for many languages and systems (Java, Python, Javascript,Linux,MacOS, iOS, Android, Flutter, Spark,…)
KMS
included
High performance
Near zero cost: encryption and decryption is performed in micro-seconds in order to process (very) big data at performance.
Secure search out of the box
Quickly and securely search and retrieve encrypted data using encrypted queries and end encrypted indexes. The cloud never learns anything about the data or the queries on the data.
How it works
This is your Data
These data need to be encrypted.
Encryption
With Cosmian Cloudproof Encryption API and libraries, you can encrypt data with different keys in the same dataset.
Key distribution
We provide everything you need to generate and distribute the right key to the right user (following KMIP protocol).
Decryption
You now have a fine-grained data access policy, backed by cryptography.
Users can only decrypt what they are authorized to see.
Cosmian Cloudproof Encryption librairies are available in multiple languages facilitating encryption close to the data source and decryption close to the decryption target, including mobile devices and browsers.
How it works
This is your Data
These data need to be encrypted.
Encryption
With Cosmian Confidential Data Access API and libraries, you can encrypt data with different keys in the same dataset.
Key distribution
We provide everything you need to generate and distribute the right key to the right user (following KMIP protocol).
Decryption
You now have a fine-grained data access policy, backed by cryptography.
Users can only decrypt what they are authorized to see.
Cosmian Confidential Data Access librairies are available in multiple languages facilitating encryption close to the data source and decryption close to the decryption target, including mobile devices and browsers.
Why you should encrypt partitions using policy attributes
Better security through partitioning: leaking a decryption key only gives access to the partition(s) this key can decrypt.
The cryptosystem allows issuing user decryption keys for overlapping sets of partitions, allowing for sophisticated, fine-grained user access policies.
Encryption is performed using a public key, which cannot decrypt and can therefore be safely deployed to all encrypting systems: Encrypting systems do not need to be secured.
The cryptosystem allows rotating policy attributes, providing forward secrecy for designated partitions without re-encrypting the entire database.
User decryptions keys can be issued at any time after data is encrypted, for any given set of partitions. This facilitates user key management and does not require exhaustively listing all possible usages before partitioning (a typical data science use case).
Why you
should encrypt
partitions using
policy attributes
Better security through partitioning: leaking a decryption key only gives access to the partition(s) this key can decrypt.
The cryptosystem allows issuing user decryption keys for overlapping sets of partitions, allowing for sophisticated, fine-grained user access policies.
Encryption is performed using a public key, which cannot decrypt and can therefore be safely deployed to all encrypting systems: Encrypting systems do not need to be secured.
The cryptosystem allows rotating policy attributes, providing forward secrecy for designated partitions without re-encrypting the entire database.
User decryptions keys can be issued at any time after data is encrypted, for any given set of partitions. This facilitates user key management and does not require exhaustively listing all possible usages before partitioning (a typical data science use case).
Get Started