Security at Aircloak

At Aircloak, security is not just a feature – it is in our DNA.

Aircloak is not only the leading innovator when it comes to data anonymity solutions: we are also leading the way in measuring the strength of anonymization mechanisms, and in crowd-sourcing the discovery of vulnerabilities through bounty programs.

These innovations allow us to overcome shortcomings in the data anonymization industry, such as the lack of certifications by Data Protection Authorities and generally applicable standards for data anonymity.

GDPR Compliance Assurance

How can an anonymization provider legitimately claim that its technology meets the anonymity standard for GDPR? Our approach is based on four key aspects:

1. Use strong criteria for anonymity
2. Establish and maintain a “no known attacks” stance
3. Full transparency
4. Encourage active public oversight

Read more about our approach in the blog article “The Four Pillars of GDPR Compliance Assurance”. Upon request, we can also give you access to our Aircloak GDPR Compliance Statement that goes more into detail about our technology and compliance processes.

Aircloak Attack Challenge

We run the world’s first and only bounty program for anonymized data re-identification. A community of leading privacy researchers from Universities such as the MIT, UCL, and EPFL help to make sure that Aircloak has strong anonymization even with great analytic utility. 

To incentivise attackers, we give bounty prizes even for attacks that are low risk. Read more about how we determine bounty payments and assess severity scores for vulnerabilities.

More Information about the Latest Attack Challenge

 

 

Open General Data Anonymity Score Project

In close collaboration with the Max Planck Institute for Software Systems, we are working on a general metric for measuring and benchmarking the efficiency of different anonymization algorithms. The General Data Anonymity Score compares the privacy and utility of different data anonymization methods based on the EU Article 29 criteria for anonymity.

Soon you will be able to measure the effectiveness of K-anonymity, Differential Privacy or Aircloak and see which algorithm performs best!

More Information about the GDA Score

Additional Security Features

Aircloak Insights is built to be minimally invasive to your critical corporate IT infrastructure. Our software should give you a competitive edge, not be a liability!

As one expects of software today, all communication channels are encrypted by default. Audit logging and rich authentication and authorization schemes are offered out of the box.

On top of this Aircloak Insights supports air-gapped deployments, source code inspection, and is based on year-long research by Aircloak and the Max Planck Institute for Softwaresystems.

Our approach to data anonymization

Vulnerabilities

We are as transparent as possible when it comes to communicating vulnerabilities.

Open publication of vulnerabilities discovered by Aircloak and patched are periodically published in academic papers, and not listed here. All vulnerabilities are communicated privately to Aircloak customers as they are discovered.

Here you can find the status and description of vulnerabilities to our anonymization software that have been discovered and openly published by third parties.

Aircloak Vulnerabilities Status

#

Discovered

Demonstrated

Announced

Severity

Patched Version

Patched Date

Expected Patch Date

Details

1

April 2018

April 2018

October 2018

Moderate

18.3 (Cedar)

July 2018

——

2

April 2018

—–

April 2018

Very Low

—–

—–

—–

3

May 2018

May 2018

October 2018

Low

18.3 (Cedar)

July 2018

—–

4

January 2018

January 2018

July 2018

Very High

18.3 (Cedar)

July 2018

—–

5

May 2020

May 2020

October 2020

Moderate

20.2 (Dogwood)

August 2020

—–