Use Case
Use Case
SplitSecure can help your organization go passwordless, even if you’re working with legacy systems that don’t support modern passwordless authentication.
SplitSecure protects credentials. One of its most important security claims is that protected credentials are never exposed, even during use. This claim extends to passwords. With SplitSecure, it is possible to use a password without the user or their device ever being exposed to it. This fulfills regulatory requirements for passwordless operations, and ensures passwords cannot be extracted from compromised employee devices.
When a user needs to gain access to an account protected by SplitSecure, the credential for that account is securely seeded into a hardware-backed confidential computing environment. Inside that environment, a temporary credential is minted for the end user. This temporary credential is all the end user ever sees.
Think of this environment as a special kind of hardware-isolated container, allowing integrations between legacy systems and modern security tools to be safely implemented. This allows SplitSecure to act as a “translation layer” between the user’s modern security requirements and the legacy systems which expect a password.
Note that SplitSecure Inc itself never has any access to this process: we are a full self-custody / cryptographic sovereignty solution.
When a user opens SplitSecure, the first thing they see is a list of accounts or tools their organization allows them to request access to. To log-in, they just click on what they want. After that, the organization’s access control rules are automatically enforced, including MFA and additional human-approval steps.
Inside your enterprise, you have secrets you protect with other secrets. You might have password managers protected by passwords, PAM platforms you need credentials to access, and so forth. No matter how many layers you add, there’s always a “last secret” protecting the entire system. That last secret is a liability to your organization, and it creates risk of theft or abuse.
SplitSecure solves this problem by offering a way to protect secrets without a persistent “last secret”. It is the foundation upon which your SSO, PAM, Vault, and PKI can securely rest.
SplitSecure solves the “last secret” problem by splitting secrets & credentials across a group of devices called a team. The team can use the protected secret normally, but the secret is never persisted on any device and never leaves the environment.
You can think of this like the classic requirement to launch a nuclear missile, where two users must turn their keys at the same time. Multiple SplitSecure devices collaborate to take an action with the secret, but none of them ever possess the secret.
This architecture is powerful because it offers defense in depth, cryptographic sovereignty, and infinite resolution.
Because no device in the SplitSecure team ever holds the protected secret, it is not possible for an attacker to extract the secret by compromising an employee device. Even if an attacker fully compromised the devices and user accounts of your SplitSecure IT admin, they cannot grant themselves access to protected resources.
Enterprises using SplitSecure retain full control over their secrets at all times. They never have to allow a vendor to hold their secrets – even SplitSecure Inc has no access.
In SplitSecure, the team “sees” how a secret is going to be used before deciding if it should grant an access request. This means CISOs can write policies not just for when secrets may be accessed, but specifically how they may be used.
If you’d like to know more about how SplitSecure can help your organization, or if you’d like to see our technical whitepaper to get a better idea of how it works, please contact our sales team.