Best-of-class solution for highly-sensitive workloads

LucidLink Filespaces is built on a modern, general-purpose distributed file platform designed for the cloud.

One of the fundamental tenets of the design is our strong focus on security to provide the best-of-class solution for highly sensitive workloads.


A novel approach to data confidentiality in the cloud

We minimize the amount of trust required by all entities involved in storing, managing, and transferring data. This means not making any assumptions about explicitly trusting the network infrastructure, the cloud storage providers, or LucidLink itself.

“Zero-knowledge” encryption model

Infrastructure & storage providers have no knowledge about the data that customers store and transmit. Only the customer can “see” the data.

Full System Encryption – In flight and at rest

Data is encrypted on the customer device and remains encrypted both in transit and at rest and only the customer is in possession of the encryption keys. In contrast, server-side encryption typically employed by other cloud storage services, data is encrypted at only rest, and the service providers maintain the encryption keys and therefore have full access to the content.


Stream data on-demand

No residuality

All the locally cached data and metadata on the client devices are stored encrypted on the local disk. Simply disconnecting from the Filespace prevents an attacker with physical access to the device from gaining access to the LucidLink Filespace. 

Split plane architecture 

Filespaces are based on a split plane architecture where the metadata and the data planes are managed separately. The metadata is synchronized through a central metadata service provided by LucidLink, while the data is streamed directly to and from the cloud or an on-premise object-store. 


This split plane design requires securing the metadata and the data independently.

Every file and folder along with its metadata is fully encrypted.

Accessed data is genuine

Authenticated encryption –  AES-256 in GCM mode 
Any malicious tampering or data integrity issues such as bit rot on the

server-side are immediately detected upon access

SaaS offering, no hardware or IT support required

End-to-end security encryption

Works with any object storage

Instant on-demand file access from anywhere

Works with any OS