Technology fueled by research and differentiated by patented unique approaches
Judo’s technology emerged from intense research, into managing and protecting the most valuable data for organizations. Judo creates a digital-wrapper around the most valuable assets of the company, providing the ability to stave off attackers. Judo adds another layer of security by using a well-constructed scheme of creating shards from the key and distributing shards on a multitude of nodes.
Legacy techniques used to protect digital assets are subject to three limitations – reliance on specific architectures, loss of control over data and absence of defense in depth.
Current solutions to protect your critical data and secrets are tied to the specific infrastructure on which you store data or on which your applications are built. Modern cloud-native and hybrid cloud applications need an approach that is infrastructure agnostic.
Loss of control over your data
Several approaches to securing one’s data require that the owner of the data relinquish control. The data gets moved to a vendor-controlled cloud or proprietary storage system.
Single point of failure
Most approaches to securing data use encryption. However, the encrypted data and key are stored on a single system. This means if a malicious actor hacks into one system, they have access to the data, and they key.
JUDO IS DIFFERENT
Judo Security’s solution applies the principles of defense-in-depth to protect your data. Judo uses a patented digital “wrapper” system with dual layers of protection – one providing encryption and the second enforcing policies.
Judo encrypts your data, not once but twice. The platform uses a patented digital “wrapper” system. An inner layer of encryption protects your secrets, while an outer layer of encryption enforces user defined policies. The key used to encrypt your data, as part of the inner layer of encryption, is referred to as the Key Encryption Key (KEK). The outer layer of protection, referred to as cryptosharding, is defined below.
Encrypted, distributed component storage
Judo’s cryptosharding ensures that your encryption keys (KEK) neither reside intact on any disk, nor do they traverse the network intact. Only components of the key are transported to the nodes used for storage. Each component of the KEK is referred to as a shard. Each shard of the key can be stored on a choice of platforms including Google Cloud Platform, Amazon AWS, Microsoft Azure or your own private infrastructure
Secure, authorized and timely access
When a user or a service needs to access the stored data, it is reassembled at the destination only as needed for immediate use. The algorithm reassembles the key and applies the key to the local data allowing the authorized service to manipulate the data.
The same mechanism used to shard the key and store it on a wide variety of nodes, ensures that each of these shards is destroyed when the secret is no longer needed. When the shards are destroyed, the key cannot be reassembled which renders the underlying data inaccessible.
Immutable audit log
Judo’s granular logging provides definitive information needed to understand who accessed the data, how it was accessed and from where. That information can then be analyzed to ensure compliance, fed into an analytics engine for advanced correlation and anomaly detection, or used to generate custom reports to understand usage patterns and user behavior.