EdgeBit runs your backend code in a secure enclave beside your other services and transparently selects customer keys from your internal tenancy model.
Using EdgeBit, your customers can bring their own encryption key (BYOK) to your SaaS without having to give up full control. The encryption key can only be accessed within the EdgeBit Security Engine running in your cloud account. This means that none of your employees can read the plaintext of the key.
EdgeBit never has control over the key or can read the plaintext — the key is 100% confined to the secure enclave inside the Security Engine
Privacy-centric customers in the Fortune 500 are interested in how you secure their data, which goes beyond your compliance reports. Using EdgeBit for your SaaS provides verifiable security for their powerful API tokens, file uploads, controlled PII/GDPR data, and any other sensitive item.
Security-centric customers like FinTech and identity providers desire protection for their data being compromised by insider threats and data breaches. EdgeBit gives your company assurances that can be verified and proved to your customers and their auditors.
EdgeBit emits a trusted and tamper-proof audit log of customer data being accessed. This is exposed in the EdgeBit dashboard and can be embedded in your SaaS software as well.
As a third party, EdgeBit is a trusted source of data activity for your customer's auditors and provides an important forensic tool during security incidents.
EdgeBit uses secure enclaves to ensure that all data is isolated from everyone – attackers, compromised hosts, and insider threats.
Works with existing Go, Java, Python and Rust software.
EdgeBit enforces protection for sensitive data, so that it can never leave unless specifically allowed. Data inserted, processed or decrypted can never be read by an attacker.
This protection starts in the hardware with isolated RAM, dedicated CPU cores, reduced default networking and Trusted Platform Modules (TPM), all powered by AWS Nitro Enclaves.
EdgeBit adds additional network policy that is embedded into the Security Engine, so it can't be relaxed or removed.
An enclave fulfills the exact definition of privacy: being free from observation or disruption by others. Even a hostile parent machine can't introspect the enclave or modify its operating parameters.
Enclaves are the perfect environment to decrypt and process sensitive data of any sort. This can be long-lived like a complete microservice or short per-request workflows.
EdgeBit manages per-tenant encryption keys automatically. All you need to do is call
encrypt() — the correct encryption key is selected or created as needed.
When your customers opt to bring their own key, we will start using it immediately without interruption. Existing data will be "re-keyed" with the customer's key without having to re-process the data, due to our
primary key → secondary key → data key structure.
Encryption key access policies are tied to the secure enclave's attestation which guarantees that only trusted code can fetch the key.
Offer E2E security for your enterpise and B2B customers, just like they are used to with consumer messaging apps.
EdgeBit uses rotating data keys derived from a master key held by each customer.
Each product is different — choose which clear-text data stays inside the secure enclaves.