SplitSecure for Vaulting

SplitSecure makes it possible to split secrets across multiple devices. Secrets split this way can be used just like they were in a traditional secrets vault, but they are never persisted on any device, and never exposed.

This “Vaultless Vault” concept offers superior security claims to traditional vaulting architecture, while having easier setup and lower costs. Organizations can seamlessly shift from traditional vaults to SplitSecure via a gradual migration, without having to perform extensive modification of their existing traditional-vault oriented code.

Advantages of this approach include:

• Cost: SplitSecure can be deployed for a fraction of the cost of traditional on-prem vaulting solutions. Organizations struggling with the cost of their current vault provider can see savings of over 50%.

• Hardware-Based Root of Trust: With SplitSecure, there is no admin account that has to sit outside the vault, no stored credential that acts as a single point of failure on the entire system. The vault's security claims are enforced by cryptography and hardware backed confidential compute, not a centrally managed policy that could be compromised.

• Cryptographic Sovereignty and Vendor Dependency: SplitSecure is a full self-custody / cryptographic sovereignty solution. Even SplitSecure Inc has no access to protected information, and the entire SplitSecure stack can be deployed on-prem to ensure no vendor dependency.

Even better, SplitSecure is easy to use and easy to integrate with your existing tools. No large or sophisticated cybersecurity team required. Your existing IT staff can deploy SplitSecure in as little as 30min.

Technical Architecture: How SplitSecure Works

Inside your enterprise, you have secrets you protect with other secrets. You might have password managers protected by passwords, PAM platforms you need credentials to access, and so forth. No matter how many layers you add, there’s always a “last secret” protecting the entire system. That last secret is a liability to your organization, and it creates risk of theft or abuse.

SplitSecure solves this problem by offering a way to protect secrets without a persistent “last secret”. It is the foundation upon which your SSO, PAM, Vault, and PKI can securely rest.

Concept: Team-Based Access Control

SplitSecure solves the “last secret” problem by splitting secrets & credentials across a group of devices called a team. The team can use the protected secret normally, but the secret is never persisted on any device and never leaves the environment.

You can think of this like the classic requirement to launch a nuclear missile, where two users must turn their keys at the same time. Multiple SplitSecure devices collaborate to take an action with the secret, but none of them ever possess the secret.

Practical Benefits

This architecture is powerful because it offers defense in depth, cryptographic sovereignty, and infinite resolution.

Defense in Depth

Because no device in the SplitSecure team ever holds the protected secret, it is not possible for an attacker to extract the secret by compromising an employee device. Even if an attacker fully compromised the devices and user accounts of your SplitSecure IT admin, they cannot grant themselves access to protected resources.

Cryptographic Sovereignty

Enterprises using SplitSecure retain full control over their secrets at all times. They never have to allow a vendor to hold their secrets – even SplitSecure Inc has no access.

Infinite Resolution

In SplitSecure, the team “sees” how a secret is going to be used before deciding if it should grant an access request. This means CISOs can write policies not just for when secrets may be accessed, but specifically how they may be used.

Contact Sales

If you’d like to know more about how SplitSecure can help your organization, or if you’d like to see our technical whitepaper to get a better idea of how it works, please contact our sales team.