TozID: Centralize Identity Management Without Centralizing Risk

Powerful Identity Defense-in-Depth for Workforces and Customers in an Encryption-as-a-Service Platform

The biggest data breaches of the past year were not prevented by HTTPS, but they would have been prevented with application-layer encryption. Unfortunately, encryption is easy to get wrong, and too often developers and companies continue to fail to put the correct safeguards in place.

To make strong encryption safe and easy for businesses to integrate, Tozny is proud to announce the launch of TozID — an identity and access management (IAM) toolkit with support for end-to-end encryption of application data. TozID’s robust defense against data leaks, insider threats, and hacks will add defense-in-depth to your application and IT infrastructure. TozID makes protecting application data, workforce and end user identities, and PII with end-to-end encryption accessible to every business, regardless of cryptography expertise.

Identity Management with End-to-End Encryption

Built with technology developed for NIST and DARPA-funded projects, and leading security research firm Galois, TozID is the most secure and sophisticated identity and access management solution available to the commercial market.

Prevent the Next Big Data Leak

Encryption is the most effective way to secure your data, but too often organizations relegate it to the infrastructure and don’t build it directly into the application. Developers aren’t at fault here; most cryptography toolkits aren’t safe to use without extensive training, and developers rightly see it as too risky.

For instance, Capital One was recently hacked and sensitive financial information stolen. Capital One uses HTTPS, but application-layer encryption would have prevented this misconfiguration from getting exploited. Similarly, Google Photos accidentally gave the wrong users access to photos and videos from other users. End-to-end encryption would have migitaged the damage from this software bug since the “wrong user” would never have had the key to decrypt data.

Application-layer and end-to-end encryption is no longer too hard. Tozny changes that with easy-to-use SDKs that provide secure login, SSO, and encrypted data reading, writing, and sharing.

Centralize Identity Without Centralizing Risk

TozID centralizes identity and single sign-on without centralizing risk because it is built using Zero Knowledge Authentication, meaning that Tozny never sends passwords over the network and does not handle key material or unencrypted application data. Customers are also able to easily integrate TozStore, Tozny’s encrypted storage solution for securing sensitive information directly at the browser, at the device level, and in IoT or embedded solutions.

Use cases include:

  • Customer Identity Management: Log in end-users with optional Multi-factor Authentication (MFA). Get OIDC compatibility and OAuth tokens right out of the box. Use RBAC and ABAC to enforce your policies.
  • Servers and IoT Identity Management: Each server and device is managed with access control rules and empowered with encryption keys for user-to-server or server-to-server communication.
  • Workforce Identity Management: Log in employees with any SAML-compatible service. We interoperate with minimal data exchange to untrusted parties.
  • Secure Data Storage: With TozStore as a foundation, you can read, write, query, and share encrypted data across your organization. TozStore works with both structured and unstructured data.

Additionally, TozID gives you the following features and benefits:

  • Multi-factor Authentication (MFA) with TOTP and Push Verification to support Google Authentication or Authy, and push-based login for seamless authentication
  • OpenID Connect (OIDC) and SAML integrations to easily protect G-Suite, Slack, Atlassian, Salesforce and more, or integrate your own applications
  • Role and Group-based Access Control for managing large teams of users easily
  • Detailed event logging and authentication tracking for all users, including customizable logging administration
  • Available as a Security-as-a-Service platform and via SDKs
  • FISMA compliant with optional deployment to AWS FedRAMP cloud for government users
  • Exceeds compliance requirements for regulations such as GDPR and CCPA

Shift-Left Cryptography: Part of a Trend for Secure APIs

Signal and WhatsApp broke new ground with end-to-end encrypted chat messages. Stripe and Twillio broke new ground with developer-friendly APIs for complex and security-critical applications. In much the same way, Tozny brings end-to-end encryption and secure identity management to the fingertips of any developer.

The practice of moving more security, operations, and testing into the development process (known as shift-left) is improving software agility, reliability and efficiency. It also means that security best practices need to be implemented as part of application development. Not as an afterthought, after things go wrong. However, the vast majority of developers are not security or cryptography experts, and at the same time, the security team has less control over the security posture of IT and development than ever before.

Tozny’s approach to application-layer encryption is Shift-Left Cryptography. Shift-Left Cryptography means giving the application logic more control over what gets encrypted and who gets the keys for decryption. In some cases, the users themselves may be the only parties with the keys. In other cases, application-layer encryption can be an added access control layer on data management, providing huge defense-in-depth.

Historically, Shift-Left Cryptography has had some pitfalls. Most encryption libraries are developer-hostile, with insecure defaults and too much room for error. Key management is very hard to get right, and search / query of data is challenging. Tozny’s identity and encryption platform addresses these challenges with a robust, developer-friendly toolkit to add application-layer cryptography and identity management to your web, mobile, and server apps. For those developers embracing the shift-left mindset, Tozny’s toolkits give you the support you need.

How Would I Use TozID?

Imagine you’re writing the Next Great Social Networking app. You want your users to get better privacy, and you want to follow all the new legal requirements coming out of Europe and California.

So you decide to add strong, application-layer encryption to your web app. First, embed our SDK into your JavaScript. Then Tozny allows users to log in with their password, which gets converted into an encryption key in the browser. Now the Tozny SDK encrypts user data right in the browser. When they share a post with their friends, the SDK automatically performs a key exchange that lets friends decrypt each other’s messages. Ready to add Android and iOS apps? We have SDKs for that too.

What if your server gets hacked? The data is already encrypted. You hire the wrong employee? They can’t get to the data either. You make a mistake on your firewall rules, exposing your data storage? Nothing gets leaked. On top of that, your users have the confidence that their privacy is being protected not just by a vague privacy policy, but enforced with strong encryption.

Ready to Get Started?

TozID and TozStore add the power of encryption to your application to protect your users, your employees, and your business. They’re easy to integrate and they add defense-in-depth to your authentication, authorization, and data management approach. Try it now, or contact us to schedule a demo.

  • Our developer docs include SDKs and tutorials
  • For IT departments, try integrating GSuite or Slack for single sign-on (SSO)
  • Sign up and try it for free today!

Download the TozID Datasheet!


Interested in learning more about encryption?
Check our in-depth Security Guides!