Use Case
Use Case
SplitSecure is a new kind of PAM/IAM solution, based on a concept called team-based access control. In this framework, secrets & credentials are not protected by individual humans or individual devices, but by teams of human and machine actors. When those actors collectively approve, access is granted.
For example, when an employee wants to use SplitSecure to log into a sensitive account, they might be part of a team consisting of: their iPhone, their laptop, and our Okta integration. When these three entities agree the user’s access request complies with company policy, access is granted. This is automatic and occurs invisibly in the background.
This approach has four advantages:
Since no device in the team ever stores the credentials, it is not possible for the credentials to be extracted from a compromised device. Even if your IT admin’s laptop, phone, and user account were fully compromised, adversaries could not extract the protected information.
Enterprises using SplitSecure retain full control over their secrets at all times. They never have to allow a vendor to hold their secrets – even SplitSecure Inc has no access. For enterprises who wish to avoid vendor dependency, SplitSecure can be run locally.
SplitSecure is fully customizable to your enterprise’s security requirements. In the above example, the employee logs in using their devices and a single automated integration. But depending on your needs, you could add requirements for integrations with multiple tools, MFA, or human approval. SplitSecure supports everything from logging in to check your email in the morning, to highly sensitive actions that require the approval of multiple humans.
Finally, SplitSecure is easy to use and easy to integrate with your existing tools. No large or sophisticated cybersecurity team required – any IT person can have SplitSecure up and running in your institution in as little as half an hour.
When a user opens SplitSecure, the first thing they see is a list of accounts or tools their organization allows them to request access to. To log-in, they just click on what they want. After that, the organization’s access control rules are automatically enforced, including MFA and additional human-approval steps.
Inside your enterprise, you have secrets you protect with other secrets. You might have password managers protected by passwords, PAM platforms you need credentials to access, and so forth. No matter how many layers you add, there’s always a “last secret” protecting the entire system. That last secret is a liability to your organization, and it creates risk of theft or abuse.
SplitSecure solves this problem by offering a way to protect secrets without a persistent “last secret”. It is the foundation upon which your SSO, PAM, Vault, and PKI can securely rest.
SplitSecure solves the “last secret” problem by splitting secrets & credentials across a group of devices called a team. The team can use the protected secret normally, but the secret is never persisted on any device and never leaves the environment.
You can think of this like the classic requirement to launch a nuclear missile, where two users must turn their keys at the same time. Multiple SplitSecure devices collaborate to take an action with the secret, but none of them ever possess the secret.
This architecture is powerful because it offers defense in depth, cryptographic sovereignty, and infinite resolution.
Because no device in the SplitSecure team ever holds the protected secret, it is not possible for an attacker to extract the secret by compromising an employee device. Even if an attacker fully compromised the devices and user accounts of your SplitSecure IT admin, they cannot grant themselves access to protected resources.
Enterprises using SplitSecure retain full control over their secrets at all times. They never have to allow a vendor to hold their secrets – even SplitSecure Inc has no access.
In SplitSecure, the team “sees” how a secret is going to be used before deciding if it should grant an access request. This means CISOs can write policies not just for when secrets may be accessed, but specifically how they may be used.
If you’d like to know more about how SplitSecure can help your organization, or if you’d like to see our technical whitepaper to get a better idea of how it works, please contact our sales team.