TideCloak’s ‘Breach-Assumed’ Approach To Cybersecurity Via Ineffable Cryptography

The solution uses a decentralized method of storing keys.

Australia-based cybersecurity startup Tide Foundation, recently announced the launch of TideCloak—which it describes as an “identity, immunity, and access management system.”

TideCloak provides developers a way to lock down systems with “ineffable cryptography,” a “breach-assumed” approach to cybersecurity that makes platforms immune to “even this highest privilege breaches,” Tide said in a news release.

In a blog post, Tide explained how ineffable cryptography differs from traditional. With traditional cryptography, security relies on keys. The problem with that, Tide said, is that keys have to exist somewhere, and someone has to have access to them. If a bad actor gets hold of those keys, they have access to your systems.

Ineffable cryptography take a decentralized approach. Keys are “manifested in fragments across a decentralized network of nodes. Each node holds only a piece of the key, and no one node can reconstruct the full key on its own,” Tide said in its post.

Dr. Matthew P. Skerritt, a mathematics and cybersecurity Researcher at RMIT University, described the technology in a news release: “Think of how an idea forms in the brain across many neurons. It isn't held in any single neuron, so stealing ideas by grabbing a few neurons, is futile. Only the entire network of neurons—the brain—can express or comprehend that idea. Similarly, Ineffable Cryptography uses a network of servers to unlock data, making it virtually impossible for an attacker to steal or misuse the key, because there isn't one to find,” he said.

According to Tide, early adopters of TideCloak include major institutions, critical infrastructure providers, and AI startups.

The technology sounds promising for cybersecurity, but what relevance does it have for midmarket IT leaders?

“When the largest, most resourced tech-savvy organizations on the planet are falling victim to cyber attacks, what chance does the midmarket have? Companies like Cisco, AT&T, Microsoft and Barclays just to name a few. With today's solutions, none.

TideCloak offers a new approach: one where the inevitable slip up, whether it’s a misconfiguration, a compromised administrator account, or the myriad of other things that can expose you, no longer means catastrophic damage. While the technology behind the solution is complex, our intensive focus on ensuring no change to the user experience, without compromising security, means that it’s perfectly suited to the midmarket,” Tide Foundation CEO Mike Loewy said in a statement to MES Computing.

The company cited some real-world use cases of TideCloak including its use to protect water facilities from remote attacks, for identity protection at universities, and use by password managers.

Currently available to users as part of a beta access program, those interested can apply for the program here.