Create a unique key for every single record, authenticate users and applications, and log every access. A perfect complement to Tandem, but can also be used with any database or application.
ZeroKMS generates a unique key for every record in your database. This level of granularity hasn’t previously been realistic because traditional solutions like AWS KMS perform one network round-trip per key request.
Composite keys are used to manage decryption, meaning no single entity, whether client or server, can see the complete decryption key. Complete keys are never sent over the network.
Every access to your data is logged, including the identity of the user or application, the time of the access, and the data that was accessed.
Ingest the encrypted access log into your SIEM or log management system to ensure you have visibility of every access to your data.
Use the CipherStash managed ZeroKMS or deploy on-premises.
Managed service
CipherStash manages ZeroKMS for you. We take care of security, availability, and scalability.
Quickly validate ZeroKMS in your environment, and deploy to production in minutes.
On-premise deployment
Deploy ZeroKMS on-premise, in your own cloud account, or even on your own hardware.
ZeroKMS is built as a docker container, so it can be deployed anywhere.
ZeroKMS uses composite keys to manage decryption, meaning no single entity, whether client or server, can see the complete decryption key. Complete keys are never sent over the network.
ZeroKMS enables fine-grained access control by generating a unique data-key per record. This level of granularity hasn’t previously been realistic because traditional solutions like AWS KMS perform one network round-trip per key request.
ZeroKMS integrates with OpenID authentication providers such as Auth0, enabling per request—not just per session—identity checks.
ZeroKMS guarantees that policy checks and audit logging always occur if decryption is successful. If any check or logging fails, the decryption also fails.
Revoke keys immediately, without the need for re-encryption.
Tandem is the CipherStash platform’s data protection gateway for your SQL databases. Tandem uses ZeroKMS for decryption operations, making ZeroKMS your secure single source of truth for fine-grained data access control.
Book a 30 minute demo to see how CipherStash can solve your data protection challenges.
Book a DemoThe CipherStash platform incorporates several groundbreaking products that work together to protect your data.
Key management ready for a zero trust future.
Fast and secure, ZeroKMS is the CipherStash key management system, bringing the protection of zero trust to complex data environments where decryption isn’t just done on the server but in the app, in the browser or on the desktop. Designed so that neither the client nor the server needs to be fully trusted, ZeroKMS nullifies the security risks present in traditional trust-based key management.
Encryption-in-Use for any database or warehouse. No code required.
A high-performance searchable encryption proxy that truly works out of the box, requiring no changes to your apps, codebase or data analysis workflows. Ready for deployment at scale with full PostgreSQL support and beta support for SQL Server.
Data governance dashboard for your entire data estate.
Give your administrators and analysts total visibility and control over the who, what and when of your data. Command brings together auditing, policy management, anomaly detection, alerting and logging, allowing you to gain critical data governance insights.
A four step approach to data loss prevention in today's complex threat landscape.
Download the Whitepaper