NuCypher leads the advancement of big data security with a state-of-the-art re-encryption cryptosystem for Kafka. Purpose-built for streaming sensitive data in compliance with strict governance and regulatory requirements, NuCypher enables granularly encrypted messages and brings encryption at-rest to the Kafka protocol. NuCypher arms security professionals with new capabilities for eliminating single points of failure and reducing their attack surface.

State-of-the-Art Encryption.
Uses AES256-GCM and standardized ECIES elliptic curve encryption (ANSI, IEEE, ISO, NIST curves).

Automated, policy-based encryption.
Protects sensitive data in AVRO and JSON file formats.

Cryptographic enforcement of ACLs.
Integrates with Ranger/Sentry and AD/LDAP authorization groups to protect against insider risks.

Fine-grained decryption permissions.
Field-level granularity.

FIPS 140-2 Compliant.
Industry standard Key Management Interface Protocol (KMIP) support for leading Hardware Security Modules.

Encryption at-rest.
Data written to disk can now be protected at rest.

Our IT function is standardizing around Kafka for messaging, but our security and compliance needs are very advanced. With NuCypher, we're able to keep data encrypted broker-side and at-rest, which is key for future-proofing against regulatory changes.

Head of Fixed Income Technology, Global Investment Bank

Make Your Data an Asset

Not A Liability

NuCypher Kafka supports granular encryption and fine-grained decryption permissions. Combined with encryption at-rest and end-to-end encryption in-transit (even broker-side), it enables secure messaging and microservices. It works seamlessly across your entire environment — on-premise, hybrid, and public cloud.