A simple developer experience gets you to market faster, reduces your technical debt and helps you focus on writing the code that matters.
Cloud secure by design. There is no need for you to support a physical or virtual appliance for your application – stop the on-prem and hybrid madness.
There are no limitations on the number of users, files, documents or groups. All services scale horizontally.
IronCore can host services or deploy in your own environment with enterprise options.
All use cases are extensively documented with examples, architectural patterns and guidance for iterative roadmaps.
Multi-tenant architectures are supported with project and segment containers.
Key recovery has low administrative friction, and even catastrophic scenarios such as master domain key loss have well-designed recovery procedures.
Customer control by design. There is no need for your customer to host a Customer Managed Key (CMK) server or Hardware Security Module (HSM).
An optional storage service provides an encrypted NoSQL key value store for basic cases such as a PII vault.
Unlock data only at the point of use.
Control access by class of data or by role-based group. Cryptographically backed and mathematically provable.
Revoke users, groups, services or devices at any time without touching the underlying data.
Share sensitive data within an organization and with external systems, data centers, customers and partners.
Data is owner-controlled even when stored with third parties or offline.
Record all privacy and security events with digitally signed directives in a tamper-evident log.
Authorize multiple desktop, mobile, web clients and back end cloud services. Quickly disable lost or stolen devices.
Rather than asking a customer to trust you with their data, you let them own it and they retain full control at all times.
IronCore services never see private keys and cannot decrypt data.
Users and data owners don’t need to know about encryption or keys because the security is built into their applications, which seamlessly handle the details under the hood.
The first commercialization of proxy re-encryption (PRE), which converts ciphertexts for one private key into ciphertexts for another, without decrypting the underlying data (yes, it’s magic).
Privacy and security are mathematically provable using public key cryptography where every user has their own keys. Even a hacked application cannot see all the data.
Unidirectional, non-interactive, non-transitive, multi-hop and collusion safe.
Turnkey and instant erasure for all protected data via crypto-shredding.
Meet data locality restrictions for sovereign citizens, reducing operational complexity and lowering costs.
Third party audits, compliance certifications, contractual agreements, math proofs, bug bounties and ongoing diligence from the crypto community.
Notifications are not required if a breach exposes only encrypted data and not keys, protecting customers and your brand.
Pinpoint access to personal data and allow incorrect data to be fixed.
Key management, rotation, encryption, sharing, and permissions are handled automatically. Changing access and rotating keys are constant time operations.
Maintain records of every access and update of data, users, groups and permissions in tamper-evident, immutable logs.