Secure your S3 buckets and build secure privacy-aware data lakes on AWS S3.

Titaniam is the pre-eminent provider of encryption based data proyection solution for a variety of data stores. Titaniam protects your valuable data with FIPS 140-2 encryption and patent-pending searchable encryption.

Titaniam S3 Proxy adds client-side encryption to all the objects in your S3 bucket. Your client applications will send S3 requests to Titaniam Proxy instead of calling AWS S3 directly. Titaniam Proxy will intercept just the GET and PUT calls. With PUT calls, Titaniam will encrypt the payload (object) before calling the S3 APIs and with GET Titaniam will decrypt the payload and send it to the client.

From the client side there will be no impact except changing the URL, which could also be accomplished by making DNS changes to your network (i.e. zero client-side impact).

Titaniam will derive a unique encryption key for each object. So even if your encryptoin key is compromised, noone can decrypt the objects stored in S3.

AWS S3 offers a few encryption choices such as SSE-S3 and SSE-KMS. These add encryption when the data is written to the storage media. It prevents AWS data center employees from seeing the data in clear text. But they do not prevent your own AWS admininstrators from seeing the data in clear text.

Titaniam Proxy adds a client-side encryption, so the data is encrypted before even it reaches S3. So your data in S3 will not be visible even to your AWS administrators unless they also go through the Titaniam Proxy.

Titaniam's encryption is FIPS 140-2 certified by NIST. This puts the offering to an exactong set of rigor- including key zerozation, granular key derivation using HKDF functions, zero-downtime key rotation job etc. Things that just do not existing in any other offering.

On top of the all that Titaniam allows you to add privacy controls when data is released. This is relevant when you are storing structured data on S3 (like .json files) to build data lakes. When releasing a structured data file Titaniam allows you to choose between privacy preserving data types such as - masking, format-preserving encryption (ff1), encryption, hashing etc.

Performance wise, Titaniam adds very little (imperceptible) overhead to the reads and writes. And Titnaiam Proxy can be deployed with scale out architecture - on AWS ECS or EKS or Fargate to meet with variations in demand.

If you are a SaaS provider running your application AWS, chances are you store data belonging to multiple clients. Titaniam allows you to offer BYOK/ HYOK (Bring/ Hold) to your customers. In short you can allow each of your customers to supply and control the encryption keys for their data that is held by you. Your customers can turn off your access to their encryption keys without interrupting your other customers.