COSSACK LABS | Encryption and data protection for your apps

Helping innovators. Protecting innovations.

Cossack Labs helps companies to efficiently and conveniently protect sensitive data in their products by providing developer tools, bespoke solutions and security consulting services.

Do not shackle your innovation with security challenges ever again.

We help the leaders to build secure systems at scale

Solving security challenges at scale that is right for you

From dev tools to bespoke solutions, from security control design to product security team for hire, we offer a wide gamut of ways to help you tackle security risks.

  • Acra, <span class="font-normal">a database security suite</span>

    Acra, a database security suite

    Acra provides 9 security controls in one suite, pluggable as SQL proxy, API service or SDK in your architecture. Features include transparent field-level encryption, searchable encryption, data masking, authentication, firewalling and many more.
    Read more
    Themis, <span class="font-normal">a cross-platform crypto library</span>

    Themis, a cross-platform crypto library

    Themis provides an easy-to-use and hard-to-misuse encryption API for securing data at rest and in transit. Solves 90% of use cases for protecting data in mobile, web and server-side apps. Helps to integrate a security layer fast and easy.
    Read more
    Hermes, <span class="font-normal">end-to-end secure data storage</span>

    Hermes, end-to-end secure data storage

    A security framework for end-to-end encrypted data flow. Hermes provides cryptographically protected data processing and data collaborating without the need to re-encrypt an excessive amount of data.
    Read more
    Custom data security solutions

    Custom data security solutions

    One size doesn't fit all: we build customised data security solutions that may or may not utilize our IP: from greenfield to "just add encryption".
    Read more
  • E2EE in mobile and web apps

    E2EE in mobile and web apps

    We design and implement end-to-end encrypted layers: endpoint cryptography, operations on encrypted data, integration of key management processes and ensuring consistent product experience.
    Read more
    Zero Trust architectures

    Zero Trust architectures

    When your business requires software operating on hostile territory, designing software and security controls without relying on implicit trust is challenging. We've been doing it for a while before "Zero Trust" became a popular term.
    Read more
    Transparent, auditable systems

    Transparent, auditable systems

    Building trust is as crucial as protecting the data. We've built a number of custom cryptographically provable audit log systems that enable qualified auditors or empowered 3rd parties to validate system's behaviour.
    Read more
    Hermes, <span class="font-normal">end-to-end secure data storage</span>

    Hermes, end-to-end secure data storage

    A security framework for end-to-end encrypted data flow. Hermes provides cryptographically protected data processing and data collaborating without the need to re-encrypt an excessive amount of data.
    Read more
  • Product security & SSDLC

    Product security & SSDLC

    The most sustainable way to ensure software security is to make it an integral part of the ongoing development process. We lead engineers to pragmatic security and "shifting security left".
    Read more
    Security engineering & architecture

    Security engineering & architecture

    Our engineers fill your team skill gaps wherever necessary — in designing, planning, implementing, or verifying security components of your solution, ensuring its good performance, usability, and reliability.
    Read more
    Applied cryptography engineering

    Applied cryptography engineering

    Rolling your own crypto is a sin unless you're a cryptographer. Luckly, we are :) Our core competence is designing and implementing cryptography-based components, protocols, and systems.
    Read more
    Mobile app security

    Mobile app security

    Mobile app security means building protections that don't ruin UX, but mitigate platform-specific risks & threats, and align app security with backend security.
    Read more
  • Defining security strategy

    Defining security strategy

    It's tricky to correlate security matters to your product growth plan when you're aspiring for a product business. We can cover this gap, ensuring that whatever you're building is resilient against the risks you're facing.
    Read more
    Advisory and risk management

    Advisory and risk management

    We assist C-level managers in defining cybersecurity goals and choosing efficient strategies for achieving them. We provide risk assessment, strategic and tactical advice in line with pragmatic security and compliance demands.
    Read more
    Security engineering oversight

    Security engineering oversight

    If you are building a security-critical system, we can act as your product security team. We provide constant oversight over features, match them to risks, and assist your engineers with implementing security-related features.
    Read more
    Privacy compliance

    Privacy compliance

    We translate the language of compliance requirements to your business and technological stack. We guide you towards the right balance between security, cost, and operational trade-offs.
    Read more
  • AI/ML security

    AI/ML security

    We assist innovative AI/ML-driven startups in protecting sensitive parts of their TensorFlow models and ML pipelines.
    Read more
    Differential privacy

    Differential privacy

    We assist adtech networks to build cryptographically-proven public accountability systems (differential privacy) based on anonymisation with protection against inference attacks.
    Read more
    zk-SNARKs and transactions privacy

    zk-SNARKs and transactions privacy

    We assist mature high-assurance blockchain companies who deal with identity management with research work and applied cryptography engineering.
    Read more
    Custom solutions

    Custom solutions

    Many of the projects we're most excited about are targeting particular needs that don't fit into any typical description. We love unique challenges. If you have something that is outside of this capability navigator, we're eager to talk.
    Read more

Helping across industries

Typically we work with fintech, power grids, payment processors, healthcare companies, popular applications, AI/ML solutions. Whatever is the industry, we help those where data security is a hard requirement.

Finance

Finance

Our products and solutions help modern financial institutions tackle data security for regulatory compliance and practical business risk mitigation.
Read more
Healthcare

Healthcare

Patient data is an important class of sensitive data that requires combining security and compliance with usability and interoperability in special ways.
Read more
Industrial / CNI

Industrial / CNI

We help state-wide organisations and industrial companies protect sensitive data, telemetry and commands in constrained environments.
Read more
Blockchain

Blockchain

We help cryptocurrencies and surrounding ecosystem to do the ‘crypto' and ‘security' part right from both practical and formal perspective.
Read more
SaaS

SaaS

On overlap between compliance, cloud security standards and customer requirements, SaaS security strategies often require elegant, yet unique solutions.
Read more
B2C apps

B2C apps

You manage sensitive data of millions of your users? We're experienced in protecting massively successful B2C products without slowing their pace.
Read more

Our operating principles

Think we're good fit?

Leave your email and we will get in touch about your security challenges.

Contact us