Use Case
Use Case
It’s not enough to be a bank or a brokerage anymore – every financial institution is expected to also be a technology company. Adoption of digital assets is accelerating under MiCA and NYDFS, and a global wave of custody regulations (DORA, PRA, MAS, VARA, FINMA, etc) is tightening requirements around the handling of cryptographic information.
The days when these demands could be outsourced are gone. Financial institutions are expected to have the in-house capacity to show both cryptographic sovereignty (no vendor or single-party control of sensitive material) and regulatory attestation (immutable, mathematically provable control integrity).
SplitSecure solves these problems. It allows financial institutions to assign access as-needed without ever moving or sharing cryptographic information. The institution retains full cryptographic sovereignty / self-custody, and can easily demonstrate regulatory compliance via automatically generated reports. Those reports are based on immutable and cryptographically provable logs, ensuring SplitSecure complies with the minimum reporting requirements for all major financial regulations.
Even better, SplitSecure is easy to use and easy to integrate with your existing tools. No large or sophisticated cybersecurity team required – any IT person can have SplitSecure up and running in your institution in as little as half an hour.
SplitSecure has security claims suitable for the largest banks, and a setup process suitable for the smallest community bank.
SplitSecure can be used throughout the banking stack, and has applications for everything from routine commercial banking to cutting-edge digital asset management. SplitSecure can be used for:
SplitSecure makes it easy for banks to manage third party cybersecurity risk (under NYDFS TPRM guidance). We can also help show compliance with regulations like DORA, PRA, MAS, VARA, FINMA, etc.
Even with legacy vendors, SplitSecure makes it easy to remove passwords from your organization.
SplitSecure meets all security and regulatory requirements to hold digital assets, and can also act as a tokenization system. We help banks comply with regulations like MiCA, DASCP C10/C27, or DORA.
With SplitSecure as your PAM/IAM tool, you can rest easy knowing that no employee device, and no employee, can compromise your secrets. You are protected from social engineering, insider threat, and many types of device-compromise attacks.
Inside your enterprise, you have secrets you protect with other secrets. You might have password managers protected by passwords, PAM platforms you need credentials to access, and so forth. No matter how many layers you add, there’s always a “last secret” protecting the entire system. That last secret is a liability to your organization, and it creates risk of theft or abuse.
SplitSecure solves this problem by offering a way to protect secrets without a persistent “last secret”. It is the foundation upon which your SSO, PAM, Vault, and PKI can securely rest.
SplitSecure solves the “last secret” problem by splitting secrets & credentials across a group of devices called a team. The team can use the protected secret normally, but the secret is never persisted on any device and never leaves the environment.
You can think of this like the classic requirement to launch a nuclear missile, where two users must turn their keys at the same time. Multiple SplitSecure devices collaborate to take an action with the secret, but none of them ever possess the secret.
This architecture is powerful because it offers defense in depth, cryptographic sovereignty, and infinite resolution.
Because no device in the SplitSecure team ever holds the protected secret, it is not possible for an attacker to extract the secret by compromising an employee device. Even if an attacker fully compromised the devices and user accounts of your SplitSecure IT admin, they cannot grant themselves access to protected resources.
Enterprises using SplitSecure retain full control over their secrets at all times. They never have to allow a vendor to hold their secrets – even SplitSecure Inc has no access.
In SplitSecure, the team “sees” how a secret is going to be used before deciding if it should grant an access request. This means CISOs can write policies not just for when secrets may be accessed, but specifically how they may be used.
If you’d like to know more about how SplitSecure can help your organization, or if you’d like to see our technical whitepaper to get a better idea of how it works, please contact our sales team.