Anqlave's proprietary, institutional-grade modern key management and data encryption solution addresses the most critical security issues we face today.
Anqlave Data Vault (ADV) solves the secret management problem by allowing users to securely create, store, transport and use secrets. ADV ensures that secrets are never available in plaintext whether at rest, in motion or in use. Secrets are always encrypted at rest or in motion and are used inside secure enclaves which are protected memory regions created using Intel’s Software Guard Extensions (SGX) technology.
ADV centralizes secret creation and management and allows for decentralized secret use. This decoupling allows us to create portable enclaves, penclaves, that can be ported from one SGX enabled machine to another. Penclaves have wide applicability. They form the basis for keyless cryptography as a service and confidential distributed machine learning. They also play a key role in enabling elastic and confidential cloud computing.
Perimeter defense systems are not sufficient to protect secrets on the server side. Notably, Facebook and LinkedIn have been in the news for very insecure password management practices. Protecting secrets from insiders who have easy access to secrets or who can conduct sophisticated memory scraping attacks is critical.
A secret is anything that one system uses to authenticate or authorize itself with another. Examples of secrets are usernames and passwords, API tokens, TLS certificates and cryptographic keys. Secrets end up being stored and used in a wide variety of insecure places.
From the client perspective, secrets end up getting carelessly strewn in all sorts of places. Database usernames and passwords are often hard-coded into the source code, or are in configuration files. Locations of key files and certificates are often stored in configuration files. These end up in version control systems or even in shared folders or Wikis. It is impossible to manage these secrets and to determine whether your system has been compromised.
ADV uses a two pronged approach to secret management. First, it centralizes the secret life-cycle management activities to a single highly secure, fault tolerant and robust service. Second, ADV ensures that secrets are always encrypted; at rest, in motion and in use. This protects the secrets from insiders with root or administrative privileges, even those who can conduct sophisticated memory scraping attacks.
ADV supports deployment in cloud or on-premise
All sensitive data will be sealed before written into the hard drive
FIPS 140-2 certification in progress
All sensitive processing will be executed inside a Trusted Execution Environment
ADV provides a tamper-evident log for auditing purposes
ADV can easily scale in terms of number of keys as well as key operations per second
ADV ensures high service availability
User-friendly web interface for appliance administration