Cloudproof Encryption

Cloudproof Encryption for Big Data Repositories.

Confidential Data Access for Big Repositories.

Cloudproof Encryption provides librairies and tools to encrypt large repositories of data – Big Data – with high performance and advanced secure techniques in zero trust environments.

One key
for each usage

Your data are better protected: a single key cannot decrypt them.

Granular control of your
data access policy

Finely control your data access policy: attribute-based encryption support monotone boolean operations (AND and OR).

Client-side
encryption

Cosmian Cloudproof Encryption REST API lets you build client-side encryption by providing a KMIP KMS and various advanced encryption techniques. You also use your bring your own KMS.

KMS
included

Manage your keys easily with our KMIP compatible KMS.

Smart
attributes

Attributes can be hierarchical (for security level) or non-hierarchical (for business units, departments, countries…)

Protection against
cyber threats

Access control attributes are embedded in the data in the ciphertext itself: far more secure protection against cyber attacks centralized access solutions.

How it works

 

This is your Data


These data need to be encrypted.

Encryption

With Cosmian Cloudproof Encryption API and libraries, you can encrypt data with different keys in the same dataset.

Key distribution

We provide everything you need to generate and distribute the right key to the right user (following KMIP protocol).

Decryption

You now have a fine-grained data access policy, backed by cryptography.
Users can only decrypt what they are authorized to see.

Cosmian Cloudproof Encryption librairies are available in multiple languages facilitating encryption close to the data source and decryption close to the decryption target, including mobile devices and browsers.

How it works

 

This is your Data


These data need to be encrypted.

Encryption

With Cosmian Confidential Data Access API and libraries, you can encrypt data with different keys in the same dataset.

Key distribution

We provide everything you need to generate and distribute the right key to the right user (following KMIP protocol).

Decryption

You now have a fine-grained data access policy, backed by cryptography.
Users can only decrypt what they are authorized to see.

Cosmian Confidential Data Access librairies are available in multiple languages facilitating encryption close to the data source and decryption close to the decryption target, including mobile devices and browsers.

Why you should encrypt partitions using policy attributes

Better security through partitioning: leaking a decryption key only gives access to the partition(s) this key can decrypt.

The cryptosystem allows issuing user decryption keys for overlapping sets of partitions, allowing for sophisticated, fine-grained user access policies.

Encryption is performed using a public key, which cannot decrypt and can therefore be safely deployed to all encrypting systems: Encrypting systems do not need to be secured.

The cryptosystem allows rotating policy attributes, providing forward secrecy for designated partitions without re-encrypting the entire database.

User decryptions keys can be issued at any time after data is encrypted, for any given set of partitions. This facilitates user key management and does not require exhaustively listing all possible usages before partitioning (a typical data science use case).

Why you
should encrypt
partitions using
policy attributes

Better security through partitioning: leaking a decryption key only gives access to the partition(s) this key can decrypt.

The cryptosystem allows issuing user decryption keys for overlapping sets of partitions, allowing for sophisticated, fine-grained user access policies.

Encryption is performed using a public key, which cannot decrypt and can therefore be safely deployed to all encrypting systems: Encrypting systems do not need to be secured.

The cryptosystem allows rotating policy attributes, providing forward secrecy for designated partitions without re-encrypting the entire database.

User decryptions keys can be issued at any time after data is encrypted, for any given set of partitions. This facilitates user key management and does not require exhaustively listing all possible usages before partitioning (a typical data science use case).

Get Started

Ubiquitous Encryption for Privacy-by-default.

Ubiquitous
Encryption for
Privacy-by-default.