Use Case
Use Case
Whenever enterprises entrust third parties with cryptographic material, they entrust those parties with the future of the enterprise. This trust is not always well placed. Over 30% of enterprise cyberattacks originate from compromised vendors.
SplitSecure is the secrets management platform that makes it easy for enterprises to grant limited, contextual use of their protected secrets to third parties. The enterprise retains full control over their secrets at all times, and protected information is never revealed. Even SplitSecure Inc itself has no access to protected information. We are a full cryptographic self-custody / cryptographic sovereignty solution.
In this configuration, SplitSecure sits as an intermediary between the enterprise and third parties. The third parties can make access requests or API calls to SplitSecure to use a particular secret, and if that usage request is in accordance with the enterprise’s policy, the secret will be used on their behalf. However, the secret is never exposed to the third party, only the output of the approved operation.
Because secrets are never exposed, third parties do not simply request access to secrets, but request the secret be used in a particular way on their behalf. This is powerful because it grants enterprises infinite resolution in security policy. They aren’t limited to specifying when a third party can have access to a secret, but what specifically they can use that secret to do.
This can be used for:
For organizations that have regulations regarding third party risk management, such as SEC Regulation S-P or NYDFS’s third party risk management guidelines, SplitSecure is an easy path to demonstrating compliance.
Through this architecture, contractors, consultants, and MSPs can be granted the access they need to do their jobs – and no more. No third party has the keys to the kingdom.
SplitSecure can sit between the enterprise and key vendors to ensure the vendors never have access to the company’s data or secrets. This also ensures cryptographic sovereignty.
Setup is light and simple. SplitSecure is easy to use and easy to integrate with your existing tools. No large or sophisticated cybersecurity team required – any IT person can have SplitSecure up and running in your institution in as little as half an hour.
Inside your enterprise, you have secrets you protect with other secrets. You might have password managers protected by passwords, PAM platforms you need credentials to access, and so forth. No matter how many layers you add, there’s always a “last secret” protecting the entire system. That last secret is a liability to your organization, and it creates risk of theft or abuse.
SplitSecure solves this problem by offering a way to protect secrets without a persistent “last secret”. It is the foundation upon which your SSO, PAM, Vault, and PKI can securely rest.
SplitSecure solves the “last secret” problem by splitting secrets & credentials across a group of devices called a team. The team can use the protected secret normally, but the secret is never persisted on any device and never leaves the environment.
You can think of this like the classic requirement to launch a nuclear missile, where two users must turn their keys at the same time. Multiple SplitSecure devices collaborate to take an action with the secret, but none of them ever possess the secret.
This architecture is powerful because it offers defense in depth, cryptographic sovereignty, and infinite resolution.
Because no device in the SplitSecure team ever holds the protected secret, it is not possible for an attacker to extract the secret by compromising an employee device. Even if an attacker fully compromised the devices and user accounts of your SplitSecure IT admin, they cannot grant themselves access to protected resources.
Enterprises using SplitSecure retain full control over their secrets at all times. They never have to allow a vendor to hold their secrets – even SplitSecure Inc has no access.
In SplitSecure, the team “sees” how a secret is going to be used before deciding if it should grant an access request. This means CISOs can write policies not just for when secrets may be accessed, but specifically how they may be used.
If you’d like to know more about how SplitSecure can help your organization, or if you’d like to see our technical whitepaper to get a better idea of how it works, please contact our sales team.