Patented Split-Key Encryption Technology

When it comes to protecting data in the cloud, the biggest challenge isn’t encrypting the data– it’s protecting the encryption keys. Every time an application accesses a data store, it needs to use the encryption keys. This puts them at risk in two places: when they are stored, and when they are in use. Porticor® patented Virtual Key Management™ is the first solution that mitigates the threat of key theft both in storage, and in use – to keep your cloud data truly secure.

Porticor® Virtual Private Data™ is the only system available that offers the convenience of cloud-based hosted key management without sacrificing trust by requiring someone else to manage the keys. Breakthrough split-key encryption technology protects keys and guarantees they remain under customer control and are never exposed in storage; and with homomorphic key encryption, the keys are protected – even while they are in use.

How it works

Each data object (such as a disk or file) is encrypted with a unique key that is split in two. The first part – the master key – is common to all data objects in the application. It remains the sole possession of the application owner and is unknown to Porticor. The second part is different for each data object and is stored by the Porticor Key Management Service. Every time the application accesses the data store, Porticor uses both parts of the key to dynamically encrypt and decrypt the data. When the master key is in the cloud, it is homomorphically encrypted – even when in use – so that it can never be hacked or stolen.

Split-Key Encryption Diagram

Homomorphic Key Encryption

Porticor uses specialized homomorphic encryption techniques to keep your master key safe when it is in the cloud. With Porticor, the master key is known only to you, the application owner. Even before it arrives at the virtual appliance, Porticor encrypts the master key. The master key then stays encrypted while it is being used. Even if your cloud account is penetrated and the master key is stolen, it cannot be used to hack into the rest of your application, because Porticor encrypts the master key differently for every separate use.

Generally, homomorphic encryption is much too slow to be viable for real-world applications. But Porticor’s patent-pending technology combines the most robust key security with very high performance so that you can guarantee the safety of your data and fully comply with regulations. Learn more about Homomorphic Key Encryption.

Proven Strong Encryption Standards

Porticor Virtual Private Data uses strong encryption algorithms, such as AES-256, to encrypt the entire data layer. All projects (typically each project is an application) are cryptographically separated from each other, and Porticor uses a secure protocol to ensure trust among project instances. Porticor VPD also encrypts backup snapshots and for an extra measure of security, encrypted disks can be locked if the data is not in use.

Reliable, Scalable Infrastructure

With Porticor VPD, you can ensure data security in as many projects as you need: by applications, departments, content domain, or any other way you’d like. Each project can contain as much data as required, across multiple disks, databases, file servers and object storage. Porticor fully supports clustering and fail-over configurations and is available for public, private or hybrid clouds.

Integration and Automation

For organizations that want to integrate data encryption into an automated environment, Porticor VPD features a secure API that controls all of the functions of the virtual appliance. Porticor also offers a secure API to the Virtual Key Management service to enable integration with your existing cloud deployment. With Porticor you can automatically:

  • Bring up and shut down new appliances securely
  • Add and remove protected disks and revoke the associated keys
  • Add other protected data objects (such as files or DB records) or remove them, and revoke the associated keys when needed
  • Integrate the Porticor key management service with another 3rd party encryption solution for key allocation, management or revocation.