Skip to main content
Developed by Tera Insights in collaboration with the University of Florida
NIST 800-171 Certified·CMMC 2.0 Level 2 Certified·FIPS 140-3 Compliant

Take Control of Your Data

A secure enclave for storing, sharing, and analyzing restricted data inside isolated VMs or submitting batch jobs via native SLURM integration.

Read Whitepaper
0+Researchers
0+Unique Research Projects
0M+Grant Funding

Research Funding

Unlock Restricted Research Funding

Many federal grants and contracts require a compliant enclave for handling controlled data. Without one, your institution cannot compete. tiCrypt provides the certified infrastructure researchers need to win and execute these awards.

Department of Defense

DFARS 252.204-7012 & CMMC Level 2

  • Army Research Laboratory (ARL) cooperative agreements
  • Office of Naval Research (ONR) grants
  • DARPA-funded research programs
  • Air Force Research Laboratory (AFRL) contracts
Export-Controlled Research

ITAR & EAR Compliance

  • Defense industry subcontracts with ITAR data
  • Satellite and aerospace research programs
  • Controlled technology development partnerships
  • International Traffic in Arms Regulations (ITAR) projects
NIH & Biomedical

Controlled-Access & Genomic Data

  • dbGaP controlled-access genomic datasets
  • All of Us Research Program controlled tier
  • NCATS Clinical and Translational Science Awards
  • NCI Cancer Moonshot data-intensive grants
NSF & Federal Agencies

NIST 800-171 for Federal Awards

  • NSF Secure and Trustworthy Cyberspace (SaTC)
  • DHS Critical Infrastructure research programs
  • DOE National Nuclear Security Administration (NNSA)
  • Federal grants requiring FISMA Moderate controls

Researchers at tiCrypt institutions have secured over $312M in grant funding requiring controlled data environments.

The tiCrypt Platform

Your Data Is Restricted. Your Research Shouldn't Be.

Encrypted storage, secure virtual machines, and CMMC/NIST compliant batch processing in a single platform.

User-Centric PKI

Every user holds their own RSA-2048 key pair. All drives, files, and data are end-to-end encrypted with AES-256. Administrators cannot access user data unless explicitly shared.

  • RSA-2048 key pairs generated at registration, the private key never leaves the user
  • All authentication based on digital signatures, not stored credentials
  • AES-256 encryption managed through PKI for every file and drive
  • Without the decryption key, stored data is useless, even to administrators
83719046254062581937591736082415937048262608419375735914806204826371596284073591Generating key...

Our Origin

Developed for Researchers, by Researchers

Tera Insights was founded in 2012 by Dr. Alin Dobra, an Associate Professor in the CISE department at the University of Florida. In 2014, Tera Insights partnered with UF Research Computing to replace the university's existing system for handling sensitive data, which had limited user capacity, no proper auditing, and relied on users to self-enforce security policies.

UF needed a single platform to house all types of restricted research, including ePHI, ITAR, FERPA, CUI, and intellectual property, supporting both Windows and Linux workflows across campus. tiCrypt was jointly developed under a collaboration agreement between Tera Insights and the University of Florida, with thousands of hours of feedback from faculty, principal investigators, research computing staff, and compliance officers shaping the platform into what it is today.

2012Tera Insights founded at the University of Florida
10+Years building compliant research infrastructure
8+Named production deployments at R1 institutions
0Compromises on data security

110 Controls. 80 Directly Addressed with tiCrypt.

tiCrypt directly addresses 80 of the 110 NIST SP 800-171r2 practices required for CMMC Level 2 certification. An additional 4 are jointly managed between Tera Insights and your organization. The remaining 26 cover organizational policies, physical security, and personnel processes that require institution-specific implementation. tiCrypt deployments have been independently evaluated in 7+ NIST 800-171 assessments by multiple C3PAOs, with the most recent achieving a perfect 110/110 CMMC Level 2 score on the first pass using tiCrypt and our templated SSPs.

80DirectlyAddressed

Why tiCrypt

Purpose-Built Security vs. Managed Cloud

Managed cloud solutions force you to trust someone else with your most sensitive research data. tiCrypt keeps you in control, on your infrastructure, without compromise.

Capability
tiCrypt
Managed Cloud
Security
Encryption
End-to-end encryption using public-key cryptography. All drives, files, and data are AES-256 encrypted. Data stays encrypted at rest, in transit, and during processing. Without the decryption key, stored data is useless.
Encryption at rest and in transit, but data is typically decrypted during processing. Provider administrators and support staff may have access paths to unencrypted data.
Admin Access
Zero admin access by design. Administrators manage the platform but never hold decryption keys. Security is user-centric: users generate their own key pairs at registration and the private key never leaves their possession.
Provider admins have privileged access to underlying infrastructure. Shared responsibility models leave gaps in data isolation between your organization and the provider.
Authentication
All authentication is based on digital signatures using public-key cryptography. No passwords are stored on the server. Private keys are generated during registration and controlled entirely by the user.
Password-based or federated SSO authentication. Credentials are stored and managed by the provider, creating a centralized attack surface that can be brute-forced or phished.
Session Isolation
Every session runs in a dedicated, encrypted virtual machine with no OS-level user accounts on the host. VMs have no general internet access. All traffic is tunneled via port 22, and opening tunnels requires cryptographic proof via digital signature.
Container or VM-based isolation with shared networking. Cross-tenant isolation depends on hypervisor security and provider configuration. OS user accounts on shared hosts create privilege escalation risks.
Compliance
CMMC Level 2
Independently assessed by multiple C3PAOs across 7+ NIST 800-171 assessments, with the most recent achieving a perfect 110/110 CMMC Level 2 score on the first pass. Templated SSPs accelerate your certification timeline.
Shared responsibility model requires significant organizational effort. Provider may cover infrastructure controls, but you own application-layer compliance and must build your own SSP.
FIPS 140-3
All cryptographic operations use FIPS 140-3 validated modules. AES-256 encryption keys are managed via PKI, and the private key never leaves the user's possession.
FIPS 140-2 validated modules are common, but FIPS 140-3 adoption varies. Key management is handled by the provider, limiting your control over the cryptographic chain of custody.
Audit Trail
Separate audit system (tiAudit) with independent authentication. Every data movement, user action, and access event is tracked with tamper-evident, immutable logging from the date of installation.
Cloud-native logging tools are available but require additional configuration. Audit logs are stored within the provider ecosystem, raising chain-of-custody questions for assessors.
Multi-Framework
Single platform satisfies HIPAA, ITAR/EAR, FERPA, CUI, FISMA, and CMMC simultaneously. One deployment covers all compliance frameworks without separate environments.
Different compliance frameworks may require different configurations, regions, or service tiers. Managing multiple frameworks across provider services adds complexity and cost.
Infrastructure
Data Location
Data never leaves your data center. Deployed on-premises on your own hardware, giving you complete physical and logical control over where data resides.
Data is stored in provider-managed data centers. Region selection is available but you rely on the provider for physical security and data residency guarantees.
Hardware
Hardware agnostic. Runs on any x86 infrastructure, repurposing existing servers, HPC clusters, or new hardware. No proprietary appliances required.
Locked to provider hardware and instance types. Migrating between providers requires re-architecting workloads and potentially re-certifying compliance.
HPC & SLURM
Native dual-SLURM architecture separates resource scheduling from secure execution. A Global SLURM handles allocation while per-project Local SLURMs run inside encrypted VMs. The scheduling layer never sees user data or code.
HPC workloads require specialized instance types at premium pricing. SLURM integration is limited or unavailable. Running sensitive batch jobs requires custom security engineering.
OS Support
Both Windows and Linux virtual machines in the same deployment. Researchers choose the environment that fits their workflow without additional licensing.
OS flexibility varies by service tier. Windows workloads often incur additional licensing fees. Mixing OS types may require separate service configurations.
Operations
Licensing
Single deployment license with unlimited seats. Add researchers, projects, and workloads without per-user fees. Standalone VMs and HPC batch jobs run on the same hardware.
Per-user, per-seat, or consumption-based pricing. Costs scale linearly with team size and often include hidden egress, storage, and compute charges.
Vendor Independence
You own and operate the deployment. No dependency on a third-party operations team. Full control over upgrades, maintenance windows, and configuration.
Provider controls upgrade schedules, feature deprecation, and service availability. Outages and policy changes are outside your control.
Data Portability
Your data lives on your drives in standard encrypted formats. No export fees, no migration complexity, no lock-in.
Data egress fees and proprietary formats create switching costs. Migrating large datasets out of the cloud can take weeks and incur significant charges.
Support
Tera Insights provides deployment assistance, templated SSPs, and direct engineering support. Your team is trained to self-manage the platform independently.
Enterprise support tiers available at additional cost. General-purpose support teams may lack domain expertise in research compliance workflows.

Who Uses tiCrypt

Built for the Most Demanding Research Environments

From research universities to defense contractors and national labs, tiCrypt is the trusted secure enclave for institutions that cannot afford to compromise.

Research Universities

CMMC-Ready CUI Environment.

Satisfies data handling requirements for DoD (DFARS 252.204-7012), NSF, NIH, and DHS without additional infrastructure. Maps to NIST SP 800-171 controls.

  • DoD-funded research (DFARS / CUI)
  • NIH and NSF sensitive data compliance
  • Multi-PI collaboration with data isolation
  • NIST SP 800-171 control mapping
Defense Contractors & FFRDCs

ITAR-Compatible. Audit-Ready.

All actions are logged to tiAudit, a separate system with independent authentication. Audit records are immutable from installation date onward. Project-level isolation enforces ITAR/EAR access boundaries.

  • Immutable audit trail for contract reporting
  • Every action is audited, no exceptions
  • Per-project access control and data isolation
  • Separate audit system with independent login
HPC & Computational Research

Secure HPC With Minimal Overhead.

SLURM-managed clusters inside a certified enclave. Hardware-accelerated encryption adds single-digit percentage overhead on I/O, negligible for compute-bound workloads.

  • SLURM job submission inside the enclave
  • Encrypted scratch storage for batch jobs
  • VM-based interactive compute sessions
  • Secure data ingestion via write-only SFTP

What Experts Are Saying

Independently Validated Security

"

Our independent security review and penetration test of tiCrypt revealed an exceptionally strong, defense-in-depth architecture aligned with NIST SP 800-171. The platform incorporates non-default security design choices not commonly encountered in comparable systems. We were particularly impressed by the overall security architecture and the team's responsiveness.

Guillermo Munoz, M.A., CISSP, CEHSenior Information Security ArchitectHarvard Medical School
"

We have been working with Tera Insights for about a decade on building a computing environment for working with restricted data that is flexible, highly secure, and straightforward to manage. With constant feedback from researchers, the environment has matured to meet the demands of very complex workflows.

Dr. Erik Deumens, PhDSenior Director, UFIT Research ComputingUniversity of Florida
"

After completing our penetration test of the tiCrypt LASER environment, we came away genuinely impressed. The platform reflects a layered, thoughtful security architecture built with compliance and protection at its core. For organizations working with sensitive data, tiCrypt is an exemplary model.

Amanpreet Parmar, CASP+Senior Security EngineerHarvard Medical School
"

Our tiCrypt environment has significantly improved collaboration between the college and hospital by providing researchers from both organizations a shared space to work with highly sensitive data. We have enjoyed watching the platform mature and continually improve. As we find new use cases, Tera Insights has been great to help us find solutions.

Elijah Gagne, M.S.Director Research CyberinfrastructureDartmouth
"

Our independent security review and penetration test of tiCrypt revealed an exceptionally strong, defense-in-depth architecture aligned with NIST SP 800-171. The platform incorporates non-default security design choices not commonly encountered in comparable systems. We were particularly impressed by the overall security architecture and the team's responsiveness.

Guillermo Munoz, M.A., CISSP, CEHSenior Information Security ArchitectHarvard Medical School
"

We have been working with Tera Insights for about a decade on building a computing environment for working with restricted data that is flexible, highly secure, and straightforward to manage. With constant feedback from researchers, the environment has matured to meet the demands of very complex workflows.

Dr. Erik Deumens, PhDSenior Director, UFIT Research ComputingUniversity of Florida
"

After completing our penetration test of the tiCrypt LASER environment, we came away genuinely impressed. The platform reflects a layered, thoughtful security architecture built with compliance and protection at its core. For organizations working with sensitive data, tiCrypt is an exemplary model.

Amanpreet Parmar, CASP+Senior Security EngineerHarvard Medical School
"

Our tiCrypt environment has significantly improved collaboration between the college and hospital by providing researchers from both organizations a shared space to work with highly sensitive data. We have enjoyed watching the platform mature and continually improve. As we find new use cases, Tera Insights has been great to help us find solutions.

Elijah Gagne, M.S.Director Research CyberinfrastructureDartmouth

Take Control of Your Data

Join the growing community of universities, national labs, and medical centers using tiCrypt to protect sensitive data, meet compliance requirements, and empower researchers to do their best work.

View Latest Releases