Appearance
Loss of Critical Staff
SplitSecure is a distributed hardware security module. What that means is that we take secrets like keys and credentials and split them across multiple devices, leveraging the hardware security claims of each device. This allows us to offer superior claims to traditional hardware security modules, while being cheaper, more performant, and easier to manage.
An intrinsic part of this concept is that secrets are split across multiple devices, and approval processes are run by teams instead of by individuals. This ensures that no single employee has access to any secret, and that no employee is alone in being able to trigger any secure process. This protects enterprises from damage caused by the loss of critical employees.
Let’s look at two examples: Loss of Key Material, and Insider Threat.
Loss of Key Material
Picture a security engineer. They have a keyring in their pocket, and on that keyring is a USB device that contains the keys for a critical enterprise system: their admin accounts or their enterprise wide backups. They need this device on their person at all times, to allow them to access these systems and prevent theft.
When this engineer leaves the company abruptly, what becomes of that USB device? Does it get thrown away? Does it get tossed into a desk drawer and forgotten? Does it get given to a new security engineer who might not be totally clear on exactly what locks this key opens?
It is not uncommon for enterprises to lose key materials in this way, either risking hostile access to critical systems or simply rendering those systems inaccessible. With SplitSecure, there is no danger of loss of key material from loss of an individual device. The team that controls the key material can continue to access it, and can use enterprise-management features to invalidate the devices of employees who have left the company.
Insider Threat
Not all loss is accidental. While it is rare, sometimes employees attempt to exfiltrate keys or enterprise data when they leave.
SplitSecure prevents this by ensuring no single employee has access to protected secrets. Removing a secret from SplitSecure requires the approval of the team that controls the action to remove it, and that action is cryptographically guaranteed to be logged. Enterprises can also implement additional controls on secret or data extraction, such as that action requiring the approval of a second team or executive group.
Imagine a security engineer requesting to download the keys to an enterprise backup system of SplitSecure and onto a USB device. That action would have to be approved by the rest of the team, who would certainly have questions! And in the event of a successful social engineering attack, where the rest of the team is somehow tricked into approving the action, there would be an indelible log of who extracted the secret – and who authorized them to do so.