Designed to simplify enterprise data protection, privacy and sharing.
TDF was created by Virtru Co-Founder and CTO, Will Ackerly, to address gaps in secure information sharing between federal agencies. Today, TDF is used by thousands of organizations to enable secure sharing with platform-agnostic encryption for any type of data, across any cloud environment or device, using persistent access controls that ensure data privacy.
- Organizations reap the security and financial benefits of rapid, secure business collaboration.
- Data owners don’t have to trust third parties with their content.
- Collaborators are continuously verified to ensure privacy.
- Enables open source development via the Virtru Developer Hub.
Trust and Verify
TDF is a JSON-encoded data format that employs multiple cryptographic and security techniques to enable secure sharing in ways that are impossible with traditional network-based defenses.
TDF encrypts data using a unique encryption key for every object for persistent control that enables secure sharing. TDF also supports strong protections for the encryption keys by double wrapping them to further protect the data.
Attribute-Based Access Controls
Data owners define policies for who can access the keys protecting the data, for how long and whether they can add other users. These policies enable granular controls such as revocation, expiration and disabled forwarding.
TDF binds the encrypted data with the policies using public-based signatures, ensuring policies cannot be tampered with. Only the data owner can adapt control policies, guaranteeing information integrity.
TDF and supporting infrastructure logs every key request for persistent visibility, reinforcing information integrity. Data owners can easily track shared data to support granular audit and modifications to access controls.
TDF enables high assurance key management with embedded, cryptographically-bound policies. Organizations can jointly own, control and audit files in a zero trust manner by using multiple key servers, each hosted by a different organization.
As collaborators request access to TDF-protected data, TDF leverages existing accounts through federated identity and authentication frameworks such as OpenID, OAuth and SAML, to enable seamless access.
Large File Support
TDF enables the encryption and decryption of very large files—up to 1 TB—including streaming files – making it easy to protect and share PDFs, Excel spreadsheets, Word documents, and more.
TDF-enabled clients can create TDFs without an internet connection. The offline-created TDF can be sent to anyone via offline methods, or when the device is back online.