tiCrypt Principles

1. Security First

Security is the top priority, and the architecture is designed with security as the central consideration.
A comprehensive approach to security is taken, going far beyond perimeter protection with Firewall, VPN, and intrusion detection systems.
Zero-trust is implemented using cryptography rather than solely relying on access control lists (ACLs).
The goal is to architect a complete solution rather than "patching" security vulnerabilities.
Features are only added if they do not compromise security.
There is no notion of public/unsecured data; explicit sharing is the only allowed method.
Default shut is favored over default open.
Public-key cryptography (PKC) is the core concept, with all security mechanisms based on PKC.
Password-based authentication is not used, and extensive use of cryptography is implemented.
End-to-end encryption is utilized, and each resource is independently protected.
Encryption keys are managed using PKC, and cryptographic isolation is enforced.

Admin power is decentralized uniformly throughout the system to prevent data breach entry points, even if an admin account is compromised.
Access control and end-to-end encryption are used together, with the addition of two-factor authentication (2FA) for enhanced security.
Extreme flexibility is provided in terms of operating system support (Windows and Linux), tooling support (AI + GPUs), and the full software stack.
The overhead for small and large projects is kept minimal.
Researchers are empowered to manage and control their data and workflows, decentralizing management and minimizing the role of admins.
Admins define mechanisms and monitor usage but have no access to user data.

The focus is on enforcing behavior through mechanisms rather than relying solely on policies.
Mechanisms are designed to prevent and deter bad behavior, with system-enforced capabilities.
Automated system-enforced mechanisms reduce the risk of human error and ensure consistent adherence to security protocols.
Severely reduce the number of FTEs and "police" behavior responses.
Policies should only dictate the mechanisms used for enforcement.

tiCrypt supports diverse research workflows with Windows and Linux OS support, AI + GPU capabilities, and compatibility with various hardware devices.
It provides flexibility in deployment, allowing on-premises bare-metal servers, cloud deployment (AWS,Azure,Google Cloud,etc), hyper-converged solutions (Nutanix, RedHat,etc), and hybrid models (on prem+cloud).
Accommodate non-uniformity and "borrow" VM hosts from both cloud and HPC clusters.
Compatibility with existing security and infrastructure solutions such as Duo, Shibboleth, firewalls, and VPNs is ensured.

Auditing is fully integrated into the secure system, addressing compliance requirements directly.
Different projects may have specific auditing requirements, and the system caters to those needs.
tiCrypt solution includes an audit system that produces compliance reports, maintains a very detailed audit trail, and retains audit logs for the entire history of the system.
Reports allow audit pre-dictions of data behavior.

Partial success can be achieved with significant effort, but there may be system blind spots and limited supported workflows. tiCrypt is the result of a collaboration with University of Florida over ten years, designed to address all compliance and security needs, making it a proven security unicorn.
The three pillars of compliance include strong security, system enforcement, and comprehensive auditing and reporting.
All features are designed to meet the rigorous compliance standards of public institutions.