Gazzang's core products are zNcrypt and zTrustee, both launched in 2012. ZNcrypt provides highly scalable transparent encryption of data-at-rest (file, directory and block-level) that doesn't require modifications to existing applications and comes pre-configured for most big-data platforms such as Hadoop, Cassandra and MongoDB. ZNcrypt also includes process-based access controls for restricting access to encrypted data only to authorized system functions. For example, a file on Hadoop can be restricted to interacting only with the Hadoop Distributed File System (HDFS) to prevent admins from gaining unauthorized access. An encryption strategy is only as good as its key management capabilities. Gazzang's answer is zTrustee, a software-based key management server, or what the company refers to as a 'virtual hardware security module (HSM).' ZTrustee is essentially a vault that can securely store any digital asset – encryption keys, SSH keys, keys for third-party crypto modules, user names and passwords – that can be pulled down as needed at runtime (though the company is careful to point out that zTrustee is not a high-speed token vault). ZTrustee enables granular and configurable policies for controlling access to encryption keys, which can be based on time of day, geo-location, etc.