Evervault Open Access: Encryption as a Service Now Available

Evervault Exits Beta, Offering Developers Open Access to its Encryption Engine

Dublin-based Evervault, a security startup geared towards developers, is officially launching its encryption engine today, moving out of closed beta. The company provides encryption capabilities through an API and has secured investment from prominent firms such as Sequoia, Kleiner Perkins, and Index Ventures.

Developer Interest and Target Data Types

Approximately 3,000 developers have been awaiting access to Evervault’s encryption engine, known as E3. The startup is initially focusing on companies that handle sensitive data, including identity & contact data, financial & transaction data, health & medical data, and intellectual property.

Introducing Relay and Cages

Evervault’s initial product suite, comprising Relay and Cages, is built on E3. Relay offers a novel approach to encrypting and decrypting data as it moves in and out of applications. Cages provides a secure processing environment – utilizing trusted execution environments on AWS – that isolates plaintext data processing from the broader developer stack.

First Deployment on AWS Nitro Enclaves

Evervault is the first company to deploy a product on Amazon Web Services’ Nitro Enclaves, according to founder Shane Curran. He explains that Nitro Enclaves create environments where code execution can be verified, ensuring the correct code processes the data.

Addressing the Persistent Problem of Data Breaches

Data breaches remain a significant concern online, often stemming from inadequate security practices or a lack of attention to user data protection by application developers. Evervault aims to resolve this issue by simplifying the integration of encryption via an API, relieving developers of the complexities of key management.

Shifting Focus to Proactive Security

Curran states that Evervault’s primary goal is to assist companies in adopting encryption as a fundamental security practice. The platform aims to enable organizations to implement controls and gain visibility into data access and usage.

The Rise of Data Privacy Services

Growing awareness of data breaches, coupled with stricter data protection regulations like Europe’s General Data Protection Regulation (GDPR), is driving demand for data privacy services. Numerous startups are now offering tools designed to protect data while still allowing for valuable insights to be extracted.

Defining Data Privacy at Evervault

Evervault defines “data privacy” as ensuring that no unauthorized party can access plaintext user data, users and authorized developers maintain control over data access, and plaintext data breaches are prevented. While encrypted data could still be compromised, the encryption itself would safeguard the information.

Exploring Advanced Encryption Techniques

While currently not implemented, Evervault is closely monitoring advancements in techniques like homomorphic encryption, which allows for analysis of encrypted data without decryption. Curran anticipates incorporating this technology in the future.

Trusted Execution Environments as a Core Strategy

Evervault’s initial approach leverages trusted execution environments, working with Amazon Web Services to be the first production deployment of their Nitro Enclaves. This prioritizes accessibility for developers over the complexities of fully homomorphic encryption.

Developer Experience as a Key Differentiator

Curran emphasizes that Evervault’s focus is on making robust security practices accessible to developers who may not have extensive encryption expertise. The platform aims to bridge the gap between cutting-edge security and practical implementation for average developers.

Future Plans for Homomorphic Encryption

While not currently prioritized due to performance and flexibility concerns, fully homomorphic encryption remains a potential future enhancement for Evervault. The company continues to monitor academic advancements in the field.

Competition and Differentiation

Curran identifies open-source encryption libraries as Evervault’s primary competitor. The company differentiates itself through the speed of integration and, crucially, the management of encrypted data. Evervault manages the encryption keys, while customers store only encrypted data, minimizing the risk of plaintext exposure.

Beyond Encryption: Addressing Data Access Rights

While the initial focus is on encryption, Evervault acknowledges the importance of data access rights, as mandated by regulations like GDPR. The company plans to introduce features that simplify compliance with these requirements, including encrypted data tagging and programmatic access control.

Future Functionality: Enhanced Compliance and Control

Evervault intends to provide functionality such as encrypted data tagging, time-locked data usage, role-based access control, and programmatic compliance features like data localization.

The Evolving Landscape of Data Security

As encryption technology advances, the vision is to move towards a future where applications are encrypted by default, and user data remains encrypted throughout its lifecycle, eliminating the need for decryption during processing.