Security

Encrypted in depth — even from itself.

Intelligence that moves between sites and sits on machines in the field needs protection at every layer, not just one. VALIS encrypts in depth, so a single failure — a stolen disk, a tapped link, a compromised database account, an untrusted relay — does not hand an adversary your intelligence.


At rest — stolen hardware is useless

The datastore, its backups and its logs sit on encrypted volumes. A seized laptop or a lifted disk yields ciphertext, not intelligence.

In transit — sites prove who they are

Every link between headquarters is mutually authenticated and encrypted, and every batch of changes is digitally signed by its origin. A site can prove a change is genuine and untampered independently of the network — even if the link between you is hostile.

Per field — even the database cannot read the crown jewels

The most sensitive fields are encrypted in the application, before they ever reach the database. A compromised database account or a curious administrator sees only ciphertext. The keys never live beside the data they protect.

Protection that travels with the intelligence

Sensitive fields move between sites still encrypted, readable only by a site that has been granted the key — shared so that even a headquarters relaying the traffic in between cannot read it. Keys can be rotated without rewriting a single record, and a partner’s access can be revoked.

It is the digital equivalent of a handling caveat that physically enforces itself. Need-to-know stops being a promise and becomes a property of the data.

Compartmented by design

Isolation is enforced in the database itself. You only ever see the workspaces you belong to — another team’s data does not exist from where you sit, even if you go looking. Every action, human or machine, is written to an append-only audit trail.

An honest word on assurance

VALIS’s convergence and cryptographic properties are demonstrated by runnable proofs that ship with the code, and its federation is exercised by an adversarial twelve-act demonstration against three live instances. That is a stronger position than most, and it is not the same as a certificate.


An independent security assessment remains a prerequisite for operational use. 

We would rather tell you that plainly than let you discover it later.