Anqlave Data Vault

Anqlave's proprietary, institutional-grade modern key management and data encryption solution addresses the most critical security issues we face today.

What is Anqlave Data Vault?

Anqlave Data Vault (ADV) solves the secret management problem by allowing users to securely create, store, transport and use secrets. ADV ensures that secrets are never available in plaintext whether at rest, in motion or in use. Secrets are always encrypted at rest or in motion and are used inside secure enclaves which are protected memory regions created using Intel’s Software Guard Extensions (SGX) technology.

ADV centralizes secret creation and management and allows for decentralized secret use. This decoupling allows us to create portable enclaves, penclaves, that can be ported from one SGX enabled machine to another. Penclaves have wide applicability. They form the basis for keyless cryptography as a service and confidential distributed machine learning. They also play a key role in enabling elastic and confidential cloud computing.

The Secret Management Problem


Perimeter defense systems are not sufficient to protect secrets on the server side. Notably, Facebook and LinkedIn have been in the news for very insecure password management practices. Protecting secrets from insiders who have easy access to secrets or who can conduct sophisticated memory scraping attacks is critical.

A secret is anything that one system uses to authenticate or authorize itself with another. Examples of secrets are usernames and passwords, API tokens, TLS certificates and cryptographic keys. Secrets end up being stored and used in a wide variety of insecure places.

From the client perspective, secrets end up getting carelessly strewn in all sorts of places. Database usernames and passwords are often hard-coded into the source code, or are in configuration files. Locations of key files and certificates are often stored in configuration files. These end up in version control systems or even in shared folders or Wikis. It is impossible to manage these secrets and to determine whether your system has been compromised.

ADV uses a two pronged approach to secret management. First, it centralizes the secret life-cycle management activities to a single highly secure, fault tolerant and robust service. Second, ADV ensures that secrets are always encrypted; at rest, in motion and in use. This protects the secrets from insiders with root or administrative privileges, even those who can conduct sophisticated memory scraping attacks.

Features

Flexible

ADV supports deployment in cloud or on-premise

Secure

All sensitive data will be sealed before written into the hard drive

Compliant

FIPS 140-2 certification in progress

Trusted

All sensitive processing will be executed inside a Trusted Execution Environment

Auditable

ADV provides a tamper-evident log for auditing purposes

Scalable

ADV can easily scale in terms of number of keys as well as key operations per second

Available

ADV ensures high service availability

Manageable

User-friendly web interface for appliance administration

Keen to try it out?

BOOK YOUR LIVE DEMO
This website uses cookies to improve your browsing experience. We'll assume you're OK with this, but you can opt-out if you wish.
Got it!Read More