Does your system process someone else's sensitive data?
If that data was found in a breach, what can you show that proves your service isn't the leak?
Logs? Can be tampered with.
Audit reports? Months old.
Source code? How do you know that matches what is deployed?
There's a gap between the things that describe a system, and the actual system.
This gap is our trust. We trust that code, policy or reports accurately represent our systems.
Unfortunately, as breach, after, breach shows, trust isn't enough.
attested.systems closes that gap.
Proof-driven compliance, no trust required.
Our systems provide evidence of technical and compliance claims. Involved parties can verify exactly what software is running, and what compliance policies are followed by a system.
Verification is entirely automated and protects each individual data exchange with the system. If a system were to turn non-compliant while data is in-flight, the system is unable to see or accept that data.
Our design is inspired by Apple's Private Cloud Compute and the technical foundation is provided by OpenPCC.
Is your service processing sensitive data for enterprise clients in the EU?
We're selectively working with 2-3 EU companies to shape the product before general availability.
Get in touch at w@willem.dev if you're interested.
About
attested.systems is founded by Willem Schots, he has spent the last 18 months building confidential computing infrastructure, with significant contributions to OpenPCC. He has 15+ years of experience in e-commerce, adtech, and developer tooling.
Get in touch at w@willem.dev.
Links
“There's a gap in everything,
that's how the hackers get in”
- Leonard Cohen, if he worked in computing.