Skip to content

Akeyless DFC 101—A Zero-Knowledge Approach

Encryption key ownership is a source of concern for many enterprise companies. With cloud adoption on the rise, it becomes more important for companies to retain key ownership in order to protect their data. Our answer to the question of key ownership is the Akeyless DFC ™ technology, which stands for Distributed Fragments Cryptography. 

As a result, we created the Akeyless platform as a SaaS built on DFC™, an encryption technology that ensures two things:

  1. You retain 100% ownership of your keys.
  2. Decryption occurs safely on your infrastructure.

What is Akeyless DFC ™?

First off, DFC™ is a FIPS 140-2 validated technology that enables Akeyless to store fragments of an encryption key in different regions and on different cloud providers. Using standard AES or RSA encryption, Akeyless never combines these fragments, either in the creation process or during encryption / decryption of data.

key ownership dfc 2

100% ownership: Customers retain their own fragment of the key, which Akeyless never has access to.

Secure encryption and decryption: Using their own fragment, customers encrypt and decrypt data in their internal environment. This technology completely encrypts the data our customers store on the Akeyless infrastructure. In other words, customers can have confidence their data is safe. 

What are the Benefits of DFC™?

1. It’s secure.

With DFC™, Akeyless never combines the key fragments. With key-split methods, platforms eventually combine the keys to encrypt and decrypt data. This can be risky, as a malicious attacker can gain access to the constructed key, compromising your sensitive data. 

key ownership dfc

Akeyless rotates each fragment. In order to access your keys, an intruder would have to intercept all the fragments, all in different places, and use the fragments before it’s refreshed. 

Akeyless DFC technology is based on standard cryptography and is FIPS 140-2 Certified by the US NIST. 

2. Hardware doesn’t limit DFC.

Traditionally, the gold standard of storing keys is using a hardware security module (HSM). 

However, maintaining and managing hardware can be difficult, expensive, and consuming for businesses and their engineers. Scaling is difficult, especially in a world in which auto-scaling and automation are the new normal. DFC™ rivals the HSM in security, while enabling the scalability of the cloud. 

3. It gives you the advantages of SaaS without leaving you vulnerable.

It can be difficult to entrust mission-critical data to a SaaS. Yes, using a SaaS means you don’t have to host any services on-premise, cutting costs and saving headache, but can you be sure your data is secure? A DFC™-backed SaaS like Akeyless can give you confidence that your secrets are safe. 

What does working with Akeyless DFC ™ look like?

DFC™ underlies all the functionality in Akeyless, from encrypting secrets and PII, signing transactions, and other aspects of encryption-as-a-service. All you have to do is work normally from the simple user interface (or CLI/SDK) and know that DFC™ is behind the encryption and decryption that keep your data secure. 

About Akeyless

Akeyless is a Secrets Orchestration Platform, protecting and managing credentials, certificates and keys used by machines, applications and DevOps teams, in both hybrid and multi-cloud environments. It offers Secrets Management with extensions that provide Secure Remote Access and Data Protection.

We built the Akeyless SaaS platform on top of a unique KMS (Key Management System) encryption technology. It enables us to provide a true Zero Knowledge solution where even Akeyless can’t access a customers’ secrets and keys. 

Akeyless is SOC2 Type2, ISO 27001, and GDPR compliant.

Curious about DFC™ and how we can help? Book a meeting with us.

cloud

See Akeyless in Action

Get a Demo certification folder key