Protection Against
Data Leaks & Ransomwares

Klave DB is the quickest way to protect existing databases. It is designed to precisely protect sensitive data, keeping all valuable and critical data encrypted while leaving the rest untouched.

Why Klave DB?

All databases should be protected with encryption in transit and at rest. This eliminates many common vulnerabilities, but it doesn’t fully protect your data.

If the system is compromised, attackers can still access decrypted information. So can high-privileged users. To truly protect data, additional layers of security are essential.

Without Klave DBWith Klave DB
Database Administratorsopen eyeclosed eye
Cloud Administratorsopen eyeclosed eye
Server Administratorsopen eyeclosed eye
Server Administratorsopen eyeclosed eye
Hackersopen eyeclosed eye

Data Stays  Where It Is

Klave DB is designed to protect existing / legacy databases. It encrypts sensitive columns, ensuring that even if someone gains access to the database, there isn’t any sensitive or valuable information to leak.

first image
second image

How Does Klave DB Work?

Klave DB automatically generates encryption keys and stores them in a secure enclave. The encryption key never leaves the enclave and remains inaccessible to high-privilege users. Learn more about encryption keys.

Klave DB acts as a proxy for SQL queries and transactions that process encrypted data. The rest of the architecture remains unchanged, greatly reducing the cost of securing your databases.

Klave DB Diagram

See Klave DB  in Action

A Data Protection Solution

Klave DB is a cybersecurity solution designed to mitigate the risk of data leakage from unauthorised users.

Klave DB will blindly transform APIs queries. If an API is designed to reveal a large amount of critical data to an authorised user, then the data will be revealed. Klave DB is not a privacy-by-design solution, but APIs can be updated with privacy techniques to protect data from authorised users. Learn more about privacy techniques.

Klave DB Comparison

Microsoft’s Always Encrypted uses secure enclaves to protect the data and mitigate the risk from unauthorised users, but it comes at the cost of moving the database to Azure. This is not always possible.

Klave DB also uses secure enclaves, but only to orchestrate column encryption.

Standard DatabaseMicrosoft Always EncryptedKlave DB
Protects sensitive data against Database Administratorsred crosswhite checkteal check
Protects sensitive data against Server Adminsred crosswhite checkteal check
Protects sensitive data against Cloud Adminsred crosswhite checkteal check
Protects sensitive data against hackersred crosswhite checkteal check
Data remains where it isred crossred crossteal check

Get Started  with Klave DB

You don't need to be a security expert to secure your database. Klave DB handles the hard parts so you can focus on what matters most.