Integrate customer-provided keys into
your data plane without a large refactor

EdgeBit runs your backend code in a secure enclave beside your other services and transparently selects customer keys from your internal tenancy model.

Automatic rotation
Rekey without impact
Store your encrypted data anywhere
Enhanced privacy

Privacy-centric customers love EdgeBit

Using EdgeBit, your customers can bring their own encryption key (BYOK) to your SaaS without having to give up full control. The encryption key can only be accessed within the EdgeBit Security Engine running in your cloud account. This means that none of your employees can read the plaintext of the key.

EdgeBit never has control over the key or can read the plaintext — the key is 100% confined to the secure enclave inside the Security Engine

Privacy-centric customers in the Fortune 500 are interested in how you secure their data, which goes beyond your compliance reports. Using EdgeBit for your SaaS provides verifiable security for their powerful API tokens, file uploads, controlled PII/GDPR data, and any other sensitive item.

Security-centric customers like FinTech and identity providers desire protection for their data being compromised by insider threats and data breaches. EdgeBit gives your company assurances that can be verified and proved to your customers and their auditors.

EdgeBit emits a trusted and tamper-proof audit log of customer data being accessed. This is exposed in the EdgeBit dashboard and can be embedded in your SaaS software as well.

As a third party, EdgeBit is a trusted source of data activity for your customer's auditors and provides an important forensic tool during security incidents.

Reduce the burden of handling sensitive data.

Secure ingestion – encrypt as soon as possible
Different security models for each of your services. Move sensitive workloads into a secure enclave to gain high trust.
Control where decryption can happen
Decrypting and using customer data happens only within a secure enclave and is subject to policies embedded in your code.
Redaction and tokenization for shared data
Enforce that data is obfuscarted properly when sharing between apps, business units or into partner SaaS services.
Deploys in your cloud

Works with any tech stack,
secures any sensitive data

EdgeBit uses secure enclaves to ensure that all data is isolated from everyone – attackers, compromised hosts, and insider threats.

Works with existing Go, Java, Python and Rust software.

Deploy secure sidecars beside your apps
Shared tools for all of your engineering teams

EdgeBit enforces protection for sensitive data, so that it can never leave unless specifically allowed. Data inserted, processed or decrypted can never be read by an attacker.

This protection starts in the hardware with isolated RAM, dedicated CPU cores, reduced default networking and Trusted Platform Modules (TPM), all powered by AWS Nitro Enclaves.

EdgeBit adds additional network policy that is embedded into the Security Engine, so it can't be relaxed or removed.

An enclave fulfills the exact definition of privacy: being free from observation or disruption by others. Even a hostile parent machine can't introspect the enclave or modify its operating parameters.

Enclaves are the perfect environment to decrypt and process sensitive data of any sort. This can be long-lived like a complete microservice or short per-request workflows.

EdgeBit manages per-tenant encryption keys automatically. All you need to do is call encrypt() — the correct encryption key is selected or created as needed.

When your customers opt to bring their own key, we will start using it immediately without interruption. Existing data will be "re-keyed" with the customer's key without having to re-process the data, due to our primary key → secondary key → data key structure.

Encryption key access policies are tied to the secure enclave's attestation which guarantees that only trusted code can fetch the key.

Zero Trust For Customer Data

E2E security, 100% confidential computing

Offer E2E security for your enterpise and B2B customers, just like they are used to with consumer messaging apps.

EdgeBit uses rotating data keys derived from a master key held by each customer.

Each product is different — choose which clear-text data stays inside the secure enclaves.

Essential privacy & security for your SaaS

Identity & FinTech
Secure partner integrations
Give customers extra confidence around security and usage of powerful API keys
Compliance
Data tagging & audit
Catalog your customer data by type and sensitivity
Security
Customer-provided encryption keys
Allow customers to bring their own key (BYOK) to encrypt their data in your product
Zero Trust
E2E security for customer data
Keep customer data encrypted while executing normal business processes

Icons from: Upload by Adrien Coquet from Noun Project •  Redaction by Dan Hetteix from Noun Project •  Lock by nico bayu saputro from Noun Project •  Secured by Saideep Karipalli from Noun Project •  hack by Adrien Coquet from Noun Project •  access control by Vector Portal from Noun Project •  Key by David Khai from Noun Project •  Rotate by Alice Design from Noun Project

Get started with privacy-enabled computing

Reduce your data risk.

Adopt a stronger security posture.

Start winning privacy-centric customers.

Book a Demo