Matomo

Hermes – end-to-end secure data storage

🇺🇦 We bring our capabilities to all institutions that help protect Ukraine across critical infrastructure, defence, and government.

Cossack Labs
search
Zero trust, end-to-end encrypted, secure data storage and sharing framework

Hermes

Zero trust, end-to-end encrypted, secure data storage and sharing framework

Enforce access control and facilitate sharing with end-to-end encryption via client-side SDK. Hermes provides cryptographically protected data processing and data collaborating without the need to re-encrypt an excessive amount of data.

Product sheet

A simple way of collaborating on end-to-end encrypted data

  • tab 0 icon 1 tab 0 icon 2
    Secure granular CRUD

    Secure granular CRUD

    Let multiple users collaborate on shared data structures with granular access control and key management over each data block, while enforcing different cryptographic protections on all CRUD operations.

    Zero-trust ACL

    Zero-trust ACL

    Traditional access control has ACL lists and ACL engine that enforces access rights, which you have to trust. In Hermes, access rights are enforced cryptographically, so you don’t have to trust anything to be sure that no one unwanted has access to the data.

    Convenient storage

    Convenient storage

    Data is stored encrypted, but does not require re-encryption during changing the access rights, key revocation or planned key rotation. Convenient data model allows to integrate Hermes with different architectures and storage schemes.

Industries

Hermes’ unique capabilities are the best to protect shared structured documents, where different fields have different security risks and access control patterns.

Finance

Finance

Store and process customer payment data and PII securely, minimise insider threats and enable secure, accountable cross-organisation data exchange.
Healthcare

Healthcare

Share FHIR and other medical records safely and distribute granular access to all entities in your system. Spend less on access control while gaining more fine-grained security.
Enterprise

Enterprise

Protect commercially sensitive data and enforce access control, integrate with existing PKI and IAM, enforce group policies and efficient key/storage management – all the while keeping the data end-to-end encrypted.

Advanced use-cases

  • Cryptographic access control

    Deploy Hermes to build cryptographic access control in your application: grant and revoke read and write access through a cryptographic scheme resistant to privilege escalation attacks.

    Secure distributed collaboration

    Hermes is a cryptography-based method of providing protected data storage and sharing that allows the enforcement of cryptographically-checked permissions between any number of Hermes clients.

  • Multi-user object store

    Build end-to-end secure document/object stores where every document or field’s access rights can be granted to any registered user of the system, transparently, and with low overhead.

    Security layer for data exchange

    Collaborating securely when a document is one blob of data is straightforward, but modern documents are actually large tree-like structures. Hermes is designed precisely for today’s applications.

Available for:

Linux Python Go C++

Get started with Hermes

See Hermes documentation for more info and how-tos

GitHubGitHub
Scientific paper
Implementation Paper

Related materials

How mobile app analytics library led to the PII exposure

How mobile app analytics library led to the PII exposure

Vulnerabilities in third-party libraries: Exploring a real-world case where an update in an analytics library exposed personal data. We’ll cover the entire journey from discovering the i...

SBOM from the security perspective

SBOM from the security perspective

Despite being a potential approach for enhancing software supply chain security, SBOM’s own flaws and complexities in implementation may be holding back its goal to improve software tran...

Protecting ML models running on edge devices and mobile apps

Protecting ML models running on edge devices and mobile apps

Machine Learning models are a significant investment in competitive advantage; thus, companies are willing to walk the extra mile to protect them. ML model security is even more critical...

Go to blog

Contact us

Get whitepaper

Apply for the position

Our team will review your resume and provide feedback
within 5 business days

Thank you!
We’ve received your request and will respond soon.
Your resume has been sent!
Our team will review your resume and provide feedback
within 5 business days