Posted by Joyce Ling
December 8, 2022
Encryption key ownership is a source of concern for many enterprise companies. With cloud adoption on the rise, it becomes more important for companies to retain key ownership in order to protect their data.
Our answer to the question of key ownership is the Akeyless DFC™ technology, which stands for Distributed Fragments Cryptography.
The Akeyless platform is a SaaS built on DFC™, an encryption technology that ensures two things:
- You retain 100% ownership of your keys.
- Decryption occurs safely on your infrastructure.
What is DFC™?
DFC™ is a FIPS 140-2 validated technology that enables Akeyless to store fragments of an encryption key in different regions and on different cloud providers. Using standard AES or RSA encryption, these fragments are never combined, either in the creation process or during encryption or decryption of data.
100% ownership: Customers retain their own fragment of the key, which Akeyless never has access to.
Secure encryption and decryption: Using their own fragment, customers encrypt and decrypt data in their internal environment. All data stored on the Akeyless infrastructure is encrypted, so customers can have confidence their data is safe.
What are the Benefits of DFC™?
1. It’s secure.
With DFC™, the key fragments are never combined. With key-split methods, keys are eventually combined to encrypt and decrypt data. This can be risky, as a malicious attacker can gain access to the constructed key, compromising your sensitive data.
Each fragment can be rotated. In order to gain access to your keys, an intruder would have to intercept all the fragments, which are all in different places, and use the fragments before it’s refreshed.
Akeyless DFC™ technology is based on standard cryptography and is FIPS 140-2 Certified by the US NIST.
2. It isn’t limited by hardware.
Traditionally, the gold standard of storing keys is using a hardware security module (HSM).
However, maintaining and managing hardware can be difficult, expensive, and consuming for businesses and their engineers. Scaling is difficult, especially in a world in which auto-scaling and automation are the new normal. DFC™ rivals the HSM in security, while enabling the scalability of the cloud.
3. It gives you the advantages of SaaS without leaving you vulnerable.
It can be difficult to entrust mission-critical data to a SaaS. Yes, using a SaaS means you don’t have to host any services on-premise, cutting costs and saving headache, but can you be sure your data is secure? A DFC™-backed SaaS like Akeyless can give you confidence that your secrets are safe.
What does working with DFC™ look like?
DFC™ underlies all the functionality in Akeyless, from encrypting secrets and PII, signing transactions, and other aspects of encryption-as-a-service. All you have to do is work normally from the simple user interface (or CLI/SDK) and know that DFC™ is behind the encryption and decryption that keep your data secure.
Akeyless is a Secrets Orchestration Platform, protecting and managing credentials, certificates and keys used by machines, applications and DevOps teams, in both hybrid and multi-cloud environments. It offers Secrets Management with extensions that provide Secure Remote Access and Data Protection.
The Akeyless SaaS platform is built on top of a unique KMS (Key Management System) encryption technology that enables us to provide a true Zero Knowledge solution where even Akeyless can’t access the customers’ secrets and keys.
Akeyless is SOC2 Type2, ISO 27001, and GDPR compliant.
Curious about DFC™ and how we can help? Book a meeting with us.
DevOps SecurityDevelopers on public GitHub leak over 5,000 API keys or credentials every day. Learn best practices to avoid credential breaches on GitHub.
What’s in a Secret? Best Practices for Static, Rotated and Dynamic SecretsSecrets are ranked as the leading cause of data breaches. Combat this by learning how to best use static, rotated, and dynamic secrets.
Key Ownership in the Cloud: Using Zero Knowledge to Protect Your DataCustomers often wonder if their data is secure in the cloud. To answer this, let’s discuss key ownership and zero trust.