Cloudproof Encryption

Partitioned Encryption for your data in the cloud.

Partitioned Encryption for your data in the cloud.

Cloudproof Encryption provides libraries and tools to encrypt large repositories of data – Big Data – with high performance and advanced secure techniques in zero trust environments. It also provides encrypted indexing and encrypted searches to quickly and securely find and retrieve encrypted data.

Designed for big data repositories.

Encrypted data partitioning facilitates feeding data from multiple sources, the management of ciphertext rotations, and defining policies for extractions. Encrypted search provides a secure mechanism to quickly find encrypted data across the partitions.

Adapts to your business.

Application level encryption with freely defined attributes along multiple axes and user decryption keys embedding access policies, simply defined as boolean expressions over the attributes.

Improved security model.

Using application layer encryption limits the attack surface. Ciphertext partitioning limits the consequences of key leakage. Post-quantum hybridization provides security against future threats.

Better key security.

The encryption key is public and cannot be used to decrypt. Private decryption keys are unique, even when sharing the same access policies; this allows tracing in case of leakage and facilitates revocation inside a KMS.

High performance

Near zero cost: encryption and decryption is performed in micro-seconds in order to process (very) big data at performance.

The cloud learns nothing.

Everything is encrypted: the data, the indexes, the search queries, and their response. Data is kept encrypted at all times and only decrypted on the end user’s device.

How it works

 

This is your Data


These data need to be encrypted.

Encryption

With Cosmian Cloudproof Encryption API and libraries, you can encrypt data with different keys in the same dataset.

Key distribution

We provide everything you need to generate and distribute the right key to the right user (following KMIP protocol).

Decryption

You now have a fine-grained data access policy, backed by cryptography.
Users can only decrypt what they are authorized to see.

Cosmian Cloudproof Encryption librairies are available in multiple languages facilitating encryption close to the data source and decryption close to the decryption target, including mobile devices and browsers.

How it works

 

This is your Data


These data need to be encrypted.

Encryption

With Cosmian Cloudproof Encryption API and libraries, you can encrypt data with different keys in the same dataset.

Key distribution

We provide everything you need to generate and distribute the right key to the right user (following KMIP protocol).

Decryption

You now have a fine-grained data access policy, backed by cryptography.
Users can only decrypt what they are authorized to see.

Cosmian Confidential Data Access librairies are available in multiple languages facilitating encryption close to the data source and decryption close to the decryption target, including mobile devices and browsers.

Why you should encrypt partitions using policy attributes

Better security through partitioning: leaking a decryption key only gives access to the partition(s) this key can decrypt.

The cryptosystem allows issuing user decryption keys for overlapping sets of partitions, allowing for sophisticated, fine-grained user access policies.

Encryption is performed using a public key, which cannot decrypt and can therefore be safely deployed to all encrypting systems: Encrypting systems do not need to be secured.

The cryptosystem allows rotating policy attributes, providing forward secrecy for designated partitions without re-encrypting the entire database.

User decryptions keys can be issued at any time after data is encrypted, for any given set of partitions. This facilitates user key management and does not require exhaustively listing all possible usages before partitioning (a typical data science use case).

Why you
should encrypt
partitions using
policy attributes

Better security through partitioning: leaking a decryption key only gives access to the partition(s) this key can decrypt.

The cryptosystem allows issuing user decryption keys for overlapping sets of partitions, allowing for sophisticated, fine-grained user access policies.

Encryption is performed using a public key, which cannot decrypt and can therefore be safely deployed to all encrypting systems: Encrypting systems do not need to be secured.

The cryptosystem allows rotating policy attributes, providing forward secrecy for designated partitions without re-encrypting the entire database.

User decryptions keys can be issued at any time after data is encrypted, for any given set of partitions. This facilitates user key management and does not require exhaustively listing all possible usages before partitioning (a typical data science use case).

Get Started

Ubiquitous Encryption: secure your data everywhere, at all times.

Ubiquitous
Encryption for
Privacy-by-default.

Cosmian makes no tracking for advertising and does not collect any personal data. Cookies are used for statistical or operational purposes, as well as for analysis, allowing for continuous improvement of the website. Cosmian uses the Matomo Analytics tool, an audience measurement solution that uses cookies with a configuration that complies with the data protection legislation and the recommendations of the CNIL (Commission Nationale de l'Informatique et des Libertés). This configuration allows to anonymise visitor's data and to limit the storage period of this data to a maximum of 13 months. With this configuration, the prior consent to the deposit of Matomo Analytics cookies is not required. However, you can still choose not to allow these cookies (by clicking here ) or at any time by consulting our Privacy Policy.

For more information please consult our Privacy Policy