The safest way to store data in a cloud is to make sure the cloud can never read it. That principle is the whole of Coracias. Enterprises increasingly spread data across Azure, Google Cloud, and AWS, for resilience, for cost, for avoiding lock-in, but every additional cloud is another party that, in principle, can see what it holds. Coracias was built so that none of them can: data is encrypted before it ever leaves the client, and the keys never leave the client’s control.

The hard part is doing that across three clouds at once, while still letting people store, retrieve, and share data as easily as they would on any single platform. Security that’s unusable gets switched off; this had to be both airtight and effortless.

The challenge

Could data be stored and shared securely across Azure, Google Cloud, and AWS simultaneously, with strong, client-side encryption and zero knowledge on the cloud’s part, while keeping storage, retrieval, and sharing simple enough that people actually use it?

The approach

We built Coracias on a zero-knowledge model: data is encrypted on the client with keys the client alone holds, then replicated across the three clouds as ciphertext. Sharing happens through cryptographic key exchange, so a recipient gets access without any cloud, or Coracias itself, ever handling plaintext.

01
Client-side, zero-knowledge encryption
Data is encrypted with AES-256 before it leaves the device, and the keys stay with the client, so no cloud, and not Coracias, can ever read it.
02
Replication across three clouds
Ciphertext is stored and synced across Azure, Google Cloud, and AWS, giving resilience and avoiding lock-in without widening the trust surface.
03
Secure sharing by key exchange
Sharing data with another party is handled through cryptographic key exchange, granting access to the recipient without exposing plaintext to any intermediary.
04
Key management & rotation
A robust key-management layer handles generation, rotation, and revocation, so security holds up over time and a compromised credential never means compromised data.

Encryption you can switch off isn’t security. We made it the default, the floor, and the part no cloud can see around.

The outcome

Coracias now stores and moves data across all three major clouds with nothing but ciphertext ever leaving the client. A breach of any single cloud exposes zero readable data, sharing is seamless through key exchange, and clients keep complete control of their keys, and therefore their data.

Multi-cloud usually means multiplying who you trust. Coracias means trusting none of them.

The same zero-knowledge core extends to new clouds and data types as they’re added, a fourth provider or a new sharing workflow attaches to the existing encryption and key-management layer without weakening the guarantee that plaintext never leaves the client.