Whether data is isolated in a controlled network or distributed across ubiquitous environments, no network is truly secure and modern enterprises must architect their systems under the assumption that they can and will be compromised. NuCypher leads the advancement of big data security with an innovative re-encryption cryptosystem that handles data across platforms and between on-premise and cloud environments, while avoiding the performance and functionality tradeoffs traditionally associated with encryption.
With delegated access for both internal and external users, NuCypher facilitates secure multi-tenant clouds and centralized data lakes for its customers. For fine-grained permissions, NuCypher enables complete control of the data sets down to the field level, limiting users and services access to only the data they are allowed to access.
The benefit of using NuCypher with Hadoop is that it does not require communication between computing nodes and the Key Management Server, removing latency bottlenecks and slow requests over the network. “Importantly, no node in the cluster knows the “golden key” for decryption, because it is not required to manage permissions and give users access to the data,” Wilkison adds.
We can employ the entire cluster to perform key rotation in seconds as opposed to having to do it manually
In addition, NuCypher provides fast and secure key rotation, so as to eliminate the process of shutting down encryption zones and suffering through long downtimes. Wilkison explains, “We can employ the entire cluster to perform key rotation in seconds as opposed to having to do it manually.”
NuCypher’s key differentiator is their zero-trust approach, which is uniquely enabled by their state-of-the-art proxy re-encryption technology. Particularly, for cloud deployments, it reduces the level of trust required in the cloud service provider.
Cloud enablement is one of NuCypher’s common use cases. One of their clients, a leading investment bank, presented three requirements that had to be met to move their data to a public cloud. First, encryption keys had to be stored on site. The second requirement was secure key rotation. Finally, the solution had to be FIPS 140-2 compliant, meaning it must integrate with hardware security modules. NuCypher is the first and only tool that satisfies all three of these requirements in a performant way.
NuCypher also works with leading technology companies to enable cross-organizational data-sharing in a secure and auditable way. Wilkison states, “We’re seeing a burgeoning interest in the idea of shared, industry data lakes, in which multiple participants pool proprietary data. NuCypher enables each participant to bring their own key (BYOK) and easily delegate and revoke access to their partners without requiring a single trusted administrator.”
With their ongoing innovations and unique insights into the specific challenges at the intersection of big data, cloud, and cyber security, NuCypher will continue to stand out from competitors in the arena.