With more news of security incidents involving cloud-based password managers (e.g., LastPass, Norton, and several others in recent years), it is understandable that some of our current and prospective customers may feel less comfortable with the idea of storing their confidential information in the cloud. It is somewhat disappointing that the benefits of better collaboration, availability, and usability cannot offset security defects or negligence. At Devolutions, we understand this situation quite well, which is why from the beginning we have built Devolutions Hub Business with high-security standards in mind.
What Would Happen if Your Hub Data Were Accessed by an Adversary?
Simply put: your data would remain confidential. Your data is protected using strong modern encryption, which is impossible to break with current and forecasted technology. This is true for both live production data and backed-up data.
The only way for your data to be recovered is if an adversary obtains both your master password and several secrets managed by other components of Hub Business. But without the master password, even with the component secrets in his possession, an adversary would have to “guess” or “brute force” your master password. We designed Hub Business with the best technology available to ensure that password guessing and brute-force attempts require too much effort and cost to be sustainable.
Devolutions Does Not Have — and Cannot Get — Access to Your Sensitive Information.
The explanation above may alleviate some of your concerns. But you may also have a legitimate follow-up question: What happens if Devolutions personnel accesses your data?
Here is your reassuring answer: it cannot happen. Our zero-knowledge principle is ferociously applied to ensure privacy by design. The sensitive data and encryption keys of our customers are never accessible by Devolutions’ personnel. All encryption and decryption operations are performed on customer devices, and Devolutions has no visibility on data.
Devolutions Implements the Best and Latest Industry-Accepted Encryption.
Encryption schemes and algorithms implemented by Devolutions Hub Business surpass other cloud-based password managers. Older algorithms implemented by most solutions — while generally still considered “secure” — nevertheless suffer from a lack of flexibility, degraded performance, and poor resistance to human error.
What this means is that Devolutions Hub Business delivers a higher degree of security in more challenging scenarios like multi-user cloud-based password management. Remember: it is not possible to attack or “crack” any secrets without prior knowledge of your unique master password — even for us!
Want More Proof? No Problem.
As Chief Security Officer, I am proud to note that Devolutions does not operate on “security by obscurity.” Transparency is one of our company’s most cherished values. Our cryptographic library is open-sourced and available online on Github for public scrutiny. Our commitment to transparency is also demonstrated by publishing third-party security reports and certifications such as ISO/IEC 27001 and SOC2, which are available in the Security & Compliance section of our website. A complete Devolutions Hub Cryptographic Design report is also available directly on our trust center. In fact, we have so much trust and confidence in our solution, that we even have an active bug bounty program running 24/7!
The Bottom Line
From day one we have taken a security-first approach to Devolutions Hub (just as with all of our other solutions). Devolutions Hub Business can be classified as cloud-based storage that stores your encrypted data securely, and delivers it solely to authorized users.
And we are not stopping here. We are constantly innovating and improving the security of the platform. This ensures that we stay on top of emerging threats and risks, while going beyond what has been done and maintaining a leadership position in the industry. Expect more cool stuff coming soon!