Solving root causes rather than treating symptoms.

The security industry has spent decades building better locks on doors that shouldn't exist. Firewalls, SIEMs, and endpoint agents assume a fundamentally exposed architecture and work to contain the damage. eCora removes the exposure before deployment — so there's nothing to detect, patch, or respond to.

The shift is architectural. When a workload is sealed in hardware-encrypted memory before it leaves your control, entire categories of threat — cloud admin access, insider risk, memory extraction — stop being relevant. Security becomes a property of the workload itself, not a perimeter built around it.

But the workload is only one part of the runtime environment. The same principle extends further: the network endpoints that negotiate connections, the devices that join your infrastructure, the servers that host your workloads, the groups and organisations that form your trust boundaries. eCora's goal is to bring hardware-rooted identity and attestation to every layer of the runtime stack — replacing software assertions with cryptographic proof at every point where trust is assumed.

The people behind eCora.

David Chan and Tom Whelan have spent their careers building large, complex systems — and watching the same security problems resurface at every layer. Rather than apply another layer of tooling on top, they began studying the latest advances in security, scalability, and resilience to find a better starting point. The goal was straightforward: fundamentally change the way security is done by improving it at the application runtime level — not above it.

David Chan

CEO & Co-founder

Tom Whelan

CTO & Co-founder