<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1424789497837018&amp;ev=PageView&amp;noscript=1">
CloudMask transparently works with your apps to ensure data remains private, no matter where it is.

Why CloudMask?

blueNetworkDot.svg

Cross-Organizational Boundaries

Avoid limiting yourself to specific Cloud vendors. CloudMask protects your data across organizational and application boundaries.

You can leverage the full potential of Cloud ecosystem with its many providers, software developers and ongoing innovations.

blueNetworkDot.svg

Develop With Your Preferred Cloud

Build hybrid applications using the Cloud platform that best fits your needs. 

Your data remains protected as it is processed on the Cloud and is only decrypted once it reaches your trusted on-premise server.

blueNetworkDot.svg

Mitigate Insider Threat

Strengthen your on-premise security by ensuring that administrators, root users and other insiders do not have implicit data access. Data remains protected in-use while being processed in server memory.

Even CloudMask system administrator can only access the data if they possess keys that have been explicitly authorized.

blueNetworkDot.svg

Comply With Privacy Regulations

Apply Privacy By Design and Privacy By Default throughout your on-premise and cloud environments. Use fine-grained policies to centrally manage access based on user, application context, and fields in question.

Grant access when a valid reason exists and for only as long as required. When regulations change, propagate the change with a single click.

Easier Than You Think

No need to change your application. CloudMask runs on end-point devices to intercept and encrypt data in a manner that is transparent to users and preserves application functionality.

All you need for integrated & efficient key management

blueNetworkDot.svg

Hold Your Own Key

Each user/service device has its own encryption key under its sole control. It is never shared nor transmitted over the network.
blueNetworkDot.svg

HSM & HW Tokens

Use your preferred cryptographic engine along with integrated HSM and Hardware Token support.
blueNetworkDot.svg

Multi-Device Trust

Enable users to authorize keys for each of their devices without administrative overhead.
blueNetworkDot.svg

Key Management

Use a combination of internal PKI, public CA, and/or our securely generated keys.
blueNetworkDot.svg

Identity Providers

Automatically generate keys using private and public Identity Providers with OpenID and SAML standards.
blueNetworkDot.svg

Assurance Levels

Assign different levels based on how keys have been activated. Elevate the level through peer-to-peer trust or officer approval.
blueNetworkDot.svg

Temporal Access

Grant field-specific access to desired entities. Revoke keys manually or automatically after a set period of time.
blueNetworkDot.svg

Organizational Keys

Ensure that data is automatically encrypted for applicable organizational keys for the purpose of recovery, auditing and forensics.
blueNetworkDot.svg

Segregate Encrypted Data

Send a one-way token to the application and store your encrypted data separately on-premise or on Cloud.

Manage At Scale

forth-3d.png
blueNetworkDot.svg

Distributed Workload

All cryptographic operations are done on end-point devices. As more users are activated, CloudMask leverages their devices' processing power.

There are no encryption servers or gateways that can introduce a bottleneck.

blueNetworkDot.svg

Evolving Encryption

As guidelines evolve, data needs to be re-encrypted using stronger algorithms.

CloudMask lets you distribute the re-encryption workload among available trusted devices, without impacting your application.

blueNetworkDot.svg

Change Management

Each data element is tagged with its associated policy at the moment of its creation and throughout its lifecycle.

When policies change, it is immediately applied without the need to read or write data to the applications. 

blueNetworkDot.svg

Auditing & Monitoring

Every data and key operation is securely logged. Monitor files and fields access inside and outside your organization. 

Block abnormal access patterns based on parameters such as frequency, location and device. For more insight, feed the trace to your SIEM system.