Why Zero-Knowledge Encryption Matters
What is Zero-Knowledge Encryption?
Zero-knowledge encryption is a security model that uses encryption and data segregation to make data breaches irrelevant.
When a software platform is zero-knowledge, the user’s data is encrypted and decrypted at the device level – not on the company's servers or in the cloud. The keys to decrypt and encrypt data are derived from the user’s master password and secret keys stored on the user’s device. The application never stores plaintext (human readable) data, and the provider’s server never receives data in plaintext. Because of this, only the user can decrypt their data, so even if a provider is breached, end users' data is not compromised.
Why Zero Knowledge is Critical
Data stored in applications can contain highly sensitive Personally Identifiable Information (PII) about you, your employees, your customers, customer account data and confidential business information. Yet most users don’t understand how their data is secured or if their information is stored in a 3rd party cloud environment.
In the event that a zero-knowledge provider is breached, all of your data remains protected. The keys required to decrypt the information are only available to the user on their device. In addition to protecting end-user data, zero-knowledge security protects organizations against data breaches and simplifies compliance audits.
Is Zero Knowledge Secure?
Yes, zero-knowledge is secure. In fact, it’s one of the safest ways to store sensitive data. Without a zero-knowledge architecture, anyone who breaches a cloud provider's servers can access sensitive information such as confidential personal data, business data, employee information and PII belonging to current and previous customers.
Benefits of Zero-Knowledge Encryption
Secures your data even if your provider is breached
With a zero-knowledge architecture, your vendor and underlying infrastructure provider can’t decrypt your data under any circumstances. So, even if your provider is breached or data has been stolen, cybercriminals will only have access to encrypted ciphertext that cannot be decrypted.
Meets regulatory compliance
Because no one but you can decrypt your data, zero knowledge makes it easier for you to prove to compliance auditors you are taking all necessary steps to prevent threat actors from exfiltrating data.
Protects data-at-rest, in-transit and in-use
In a zero-knowledge architecture, customer data is encrypted and decrypted only on the user’s device, not in a vendor’s cloud. The application never stores plaintext and the vendor’s cloud never receives data in plaintext. When data is synchronized to other devices, the data remains encrypted until it is decrypted on the other device. Data is encrypted on the device using 256-bit symmetric encryption. Data in-transit is also encrypted with Transport Layer Security (TLS). Interception of data in-transit is protected through transmission key encryption and mitigations are in place to prevent replay attacks and man-in-the-middle attacks.
Provides privacy protection
Zero knowledge is the pinnacle of privacy protection. It means that you – and only you – can decrypt your stored data. Your provider cannot decrypt the information, and the underlying cloud infrastructure providers cannot decrypt it either. Even if your provider is subpoenaed in legal proceedings, they will only be able to hand over encrypted values without the required decryption keys.
How Keeper Protects Your Business With Zero Knowledge
Keeper is a zero-knowledge, zero-trust password management solution for consumers and organizations. Our customers are the only ones who can access the information that they store in their Keeper vaults; even Keeper’s own employees can’t access it. Find out how Keeper is built with zero knowledge to protect you and your organization.
To learn more about how Keeper Business and Keeper Enterprise can protect your organization, contact our Sales Team or start a free 14-Day trial.