In tiCrypt, each file or user drive gets encrypted with a unique AES-256 key. Each of these keys is then encrypted with the public keys of the users (and groups) that have access to the file. The system uses end-to-end encryption, meaning the encryption is performed before moving any data onto the server and the decryption takes place at the destination. All data and keys on the server are encrypted. Since a file has to be shared to be available to another user, access to the data can be carefully controlled by the data owner.

For security reasons, virtual machines in tiCrypt cannot be accessed using traditional methods. In particular, direct connections to the VM console, SSH logins, or other remote server technology is not allowed since it can be controlled by the admins, and thus by hackers impersonating them. The only means of communication is through a FIPS-compliant tunnel that only the owner or trusted users of the VM can connect to via proxy within tiCrypt.

While it is important to protect files against rogue employees and outside attacks, it is equally as important to provide an audit trail of who accessed what information. While basic audits are mandated by most regulatory agencies, tiCrypt goes beyond this minimum requirement and offers detailed, secure audits combined with forensic tools to analyze the logs. Using secure hashing (SHA-256), log entries are chained much like Bitcoin transactions. Because the hash values are known, the system ensures that the history cannot be changed or forged by admins or hackers. Should anybody change the log entries, the hash of the modified block will have a discrepancy, making the change detectable upon running a log audit.