Hermes

Zero trust, end-to-end encrypted, secure data storage and sharing framework

Enforce access control and facilitate sharing with end-to-end encryption via client-side SDK. Hermes provides cryptographically protected data processing and data collaborating without the need to re-encrypt an excessive amount of data.

Product sheet

A simple way of collaborating on end-to-end encrypted data

Secure granular CRUD
Let multiple users collaborate on shared data structures with granular access control and key management over each data block, while enforcing different cryptographic protections on all CRUD operations.
Zero-trust ACL
Traditional access control has ACL lists and ACL engine that enforces access rights, which you have to trust. In Hermes, access rights are enforced cryptographically, so you don’t have to trust anything to be sure that no one unwanted has access to the data.
Convenient storage
Data is stored encrypted, but does not require re-encryption during changing the access rights, key revocation or planned key rotation. Convenient data model allows to integrate Hermes with different architectures and storage schemes.

Industries

Hermes’ unique capabilities are the best to protect shared structured documents, where different fields have different security risks and access control patterns.

Finance

Store and process customer payment data and PII securely, minimise insider threats and enable secure, accountable cross-organisation data exchange.

Healthcare

Share FHIR and other medical records safely and distribute granular access to all entities in your system. Spend less on access control while gaining more fine-grained security.

Enterprise

Protect commercially sensitive data and enforce access control, integrate with existing PKI and IAM, enforce group policies and efficient key/storage management – all the while keeping the data end-to-end encrypted.

Advanced use-cases

Cryptographic access control
Deploy Hermes to build cryptographic access control in your application: grant and revoke read and write access through a cryptographic scheme resistant to privilege escalation attacks.
Secure distributed collaboration
Hermes is a cryptography-based method of providing protected data storage and sharing that allows the enforcement of cryptographically-checked permissions between any number of Hermes clients.
Multi-user object store
Build end-to-end secure document/object stores where every document or field’s access rights can be granted to any registered user of the system, transparently, and with low overhead.
Security layer for data exchange
Collaborating securely when a document is one blob of data is straightforward, but modern documents are actually large tree-like structures. Hermes is designed precisely for today’s applications.

Available for:

Get started with Hermes

See Hermes documentation for more info and how-tos

GitHub

Scientific paper

Implementation Paper

Related materials

SBOM from the security perspective

Despite being a potential approach for enhancing software supply chain security, SBOM’s own flaws and complexities in implementation may be holding back its goal to improve software tran...

Protecting ML models running on edge devices and mobile apps

Machine Learning models are a significant investment in competitive advantage; thus, companies are willing to walk the extra mile to protect them. ML model security is even more critical...

Cossack Labs Mobile Security Score framework for mobile AppSec

Cossack Labs Mobile Security Score (CL MSS) is security framework for mobile applications. It focuses on risk-based requirements, continuous risk management, and measurable progress for ...

Go to blog

All products

Themis, a cross-platform crypto library

Acra, a database security suite

Hermes, end-to-end secure data storage

Documentation server

Blog

Documentation

Conferences & events

Whitepapers & research

SBOM from the security perspective

About

Customer stories

Partners

News

Join us!
We have cookies.

Zero trust, end-to-end encrypted, secure data storage and sharing framework

A simple way of collaborating on end-to-end encrypted data

Secure granular CRUD

Zero-trust ACL

Convenient storage