Data Control Platform

Everyone is more sensitive to storing their data in the cloud.

Give your customers the antidote they want: control of their data.

Benefits of data control

  • Provable Access: It's the difference between "I think" my data is safe and "I know" who has access to my data. When data is controlled, there's no doubt about who can see the data. The proof is in the math.
  • Monitored Use: Knowing who can see the data is not enough. It's important to know who is actually looking at data, when, and from where so you can monitor for unusual activity and detect abuse.
  • Revocation: Granting access should not be a one-way street. What is granted should be revokable for any reason. Without revocation, you are left asking someone nicely to please delete your data. Good luck with that.
  • Everywhere: Having control of your data means controlling all copies of it — whether shared with third parties, stored on cloud servers, residing in a database, shared file storage, or on client devices. IronCore's data controls work everywhere and travel with the data.

Key Use Cases

Zero-trust Data Systems

Forget about zero-trust networks and take your security to the heart of what you're protecting: the data. Zero-trust data allows companies to survive network breaches without customer impact or disclosure.

Secure Sharing in the Cloud

Sometimes even sensitive data must be shared with partners, auditors, and data consortiums. With IronCore's Data Control Platform, data can be shared but still monitored and effectively pulled back if necessary. No more asking nicely and hoping.

Right to be Forgotten

Deleting users is harder than it seems. What about backups and copies across services? What if you still need the history so stats don't change? IronCore crypto-shredding solves these issues with a simple "revoke."

Data Residency

Stop spinning up data-centers to meet residency requirements. Use cryptography that can keep keys in-country while letting encrypted data replicate globally. The data can only be decrypted in-country.

End-to-end Encrypted Video Conferencing

Most cryptography is good at one-to-one or one-to-small-static-group scenarios. IronCore fixes this with strong end-to-end encryption suitable for video conferencing with large dynamic groups. There is no upper bound on conference size. All of the hard stuff is handled for you.

End-to-end Encrypted Group Chat

Group chats in applications like Slack are difficult to encrypt and scale without losing functionality. But with IronCore's group encryption, device-level key management, and extra features like text search, you can have your company chat and secure it, too.

Internet of Things (IoT)

The IoT space is a case study in poor security. Many connected devices don't even bother with the basics. But for devices that collect sensitive data, as with healthcare or military applications, the data should be encrypted before it ever leaves the device. We can help.

Blockchain

Whatever you may have heard, blockchains are not private. Data on a blockchain stays there forever. But what if you could change who could access that data even though the data itself is immutable? This is the power of data control in a blockchain world. The owner determines access and can change it. And this goes double for shared wallets used by organizations.

Why Choose Data Control

Data control is the difference between "I think" my data is safe and "I know" who has access to my data and who has accessed it. Everyone wants control of their data, but is it worth the time and effort? In short, yes.

Comply with evolving privacy laws.

Data protection and privacy laws demand increasingly strong data controls. Stop adding bandaids on top of bandaids and instead build data control into the core.

Impress customers. Scare your competitors.

Privacy matters. When you can demonstrate that you have the best privacy, you will win not just customers, but fans.

It's all about the trust.

If you distrust your service providers, then you need data control. If your customers distrust you as a service provider, then you need to offer them data control. Control replaces the need for trust.

Easier than you think.

Locking up your data, controlling who accesses it, and monitoring that access sound great, but these benefits often come with fear: what won't I be able to do? What if I can't access my data? But these are solved problems. We have designed solutions so you don't have to.

Talk to our data control experts

Core Features

Automatic Key Management

Encrypting data is easy. But then what do you do with the key? IronCore handles all of the hard parts around managing keys, linking to identities, generating new keys, rotating, lifecycle management, and more.

Device Management

Every client (app + device) that needs to interact with controlled data has its own key. A user controls a collection of their devices. Adding new devices and revoking lost, stolen, or temporary devices (like web browsers) is trivial.

Ease-of-Use

IronCore provides powerful cryptography for non-cryptographers. We remove as many decisions as possible so developers need only determine what to encrypt and where the encrypt/decrypt operations need to take place.

Audit trails

IronCore uses a multi-party computation that requires a call to a zero-trust server before any data can be decrypted. The generated audit logs can't be bypassed, and each request is cryptographically signed by the user for tamper-evidence.

Encrypted Search

IronCore supports encrypted search of substrings where the client sends an encrypted query and the server returns encrypted results without learning about the search or the results.

Scalable Groups

IronCore uses public-key cryptography based on elliptic curves. Traditionally this only works well for point-to-point encryption schemes, but with IronCore, you can encrypt to groups and dynamically change the group membership. Groups can be any size and encrypt operations are constant time operations.

Policy-driven Encryption

IronCore offers a policy feature that allows the determination for who (which users or groups) to encrypt to to be determined based on the type of data being encrypted. This is the developer-proof mode that puts the security team in charge.

Multi-tenant Native

With projects and segments, IronCore easily supports different identity realms and applications so you don't have to work hard to integrate our products into a multi-tenant SaaS application.

Revocation

When data is shared with a group, it's trivial to remove a member and thereby revoke access for that user. Doing this does not require touching files that were encrypted to the group, which makes it a nearly instantaneous change.

Broad Platform and Language Support

End-to-end encryption isn't too useful when one of the ends can't encrypt or decrypt the data. With IronCore, data can be processed on all major cloud platforms, desktop operating systems, mobile devices, and browsers. In addition, a variety of programming languages are fully supported and others can be upon request.
TypeSupported
Cloud PlatformsGoogle Compute Platform, Amazon Web Services, Microsoft Azure
Web BrowsersChrome, Safari, Firefox, Edge, WebAssembly
Mobile OSesAndroid, iOS
Desktop OSesLinux (with libstd or musl), Mac, Windows
ChipsARM32, ARM64, x86, x86-64
Programming LanguagesJava, Scala, Rust, NodeJS, JavaScript, TypeScript, C, C++

Broad Data Support from Files to Fields

The Data Control Platform can be used to control data on a per-row, per-column, per-field, per-object, per-file, or per-big-data-partition basis depending on your needs. We can encrypt large files or small data fields in SQL databases. Below is a partial list of the supported backend data storage systems that we support.
TypeSupported
File StorageAWS S3, GCP FileStore, Azure Blob Storage, Linux FileSystem, NFS, NetApp
SQL DatabasesMySQL, Oracle, SQL Server, Postgres, AWS RDS, Google Cloud SQL, Azure SQL
Big DataHadoop, Apache Spark, Snowflake, Cassandra
NoSQL DatabasesMongoDB, CouchDB, Neo4j, BigTable, Firebase

Be Compliant

Most regulatory and contractual mandates require strong data protection measures including encryption, access monitoring, and tight control of permissions. The Data Control Platform brings all of this to your most regulated and sensitive data.

GLBA and SOX

Being a public company means being very private with strategic plans, unreleased financial data, unannounced acquisitions, and more. Control your data and you control your liability.

HIPAA and HITECH

Personal health data is some of the most protected data worldwide and in the US, penalties for failing to protect this data are steep. Stop unauthorized access by your biggest threat: curious insiders.

CJIS

Criminal justice data must be stored securely and with tight access control mechanisms. Unfortunately, this data gets emailed around and shared in ways that cause all control to be lost. We can help with this.

GDPR and CCPA

GDPR and CCPA require careful handling of data and have steep penalties if consumers' private information is leaked. GDPR goes even farther by requiring "data protection by design and by default" (article 25). We can help with all of the data protection, access control, and audit trail requirements.

PCI-DSS

PCI requires that all payment data be encrypted and that payment providers "develop and maintain secure systems and applications." We help providers by not just handling the data they hold internally, but controlling who can access data as it flows between parties.

ITAR and EAR

ITAR and EAR protect sensitive Government and Military information, but both now allow some data to be stored in the cloud and even outside the country if the data is end-to-end encrypted. We make ITAR and EAR-compliant functionality easy to build into applications.

FERPA

Data relating to minors is protected by FERPA and by a patchwork of strict state privacy laws in the U.S. Many countries go even farther. Claiming to be FERPA-compliant without data control is like claiming to be a superhero when you have no powers. You just hope the villains are weaker than you are.

Learn More

Whether it's your sensitive intellectual property, financial information, healthcare information, consumer personal information, or just non-public information at a public company, you need to protect data that can be abused.
Protect your data with non-transparent, application-layer encryption that provides the security and privacy for the data you hold, regardless of where that data lives.

Let's Talk

We'd love to hear what's on your mind.

Products

Documentation

Trust Center

Find Us