Use Case
Use Case
SplitSecure isn’t just a product – it’s a security toolset that service providers can integrate with their own offerings, simplifying security and differentiating them against their competition.
When service providers integrate SplitSecure, they gain the power to split secrets, credentials, and approvals across multiple entities, with no conventional single point of failure. That means never having to worry about where to store static secrets. Access is always ephemeral, policy is always enforced, and there is no central policy server that could potentially be compromised. With SplitSecure, there is no device or system that persists protected information, and protected secrets are never exposed, even during use.
SplitSecure offers service providers three primary benefits:
In SplitSecure, the team “sees” how a secret is going to be used before deciding if it should grant an access request. This means CISOs can write policies not just for when secrets may be accessed, but specifically how they may be used.
Because no device in the SplitSecure team ever holds the protected secret, it is not possible for an attacker to extract the secret by compromising an employee device. Even if an attacker fully compromised the devices and user accounts of your SplitSecure IT admin, they cannot grant themselves access to protected resources.
Enterprises using SplitSecure retain full control over their secrets at all times. They never have to allow a vendor to hold their secrets – even SplitSecure Inc has no access.
Inside your enterprise, you have secrets you protect with other secrets. You might have password managers protected by passwords, PAM platforms you need credentials to access, and so forth. No matter how many layers you add, there’s always a “last secret” protecting the entire system. That last secret is a liability to your organization, and it creates risk of theft or abuse.
SplitSecure solves this problem by offering a way to protect secrets without a persistent “last secret”. It is the foundation upon which your SSO, PAM, Vault, and PKI can securely rest.
This is possible because SplitSecure splits secrets across a group of devices called a team. The team can use the protected secret normally inside a hardware-backed confidential computation environment, but the protected secret is never persisted on any device and never leaves the confidential environment.
You can think of this like the classic requirement to launch a nuclear missile, where two users must turn their keys at the same time. Multiple SplitSecure devices collaborate to take an action with the secret, but none of them ever possess the secret.
If you’d like to know more about how SplitSecure can help your organization, or if you’d like to see our technical whitepaper to get a better idea of how it works, please contact our sales team.