A gateway to encryption heaven

Opinion by Dan Raywood

The problem I have come across a number of times when discussing encryption is the dilemma of 'encrypting everything'.

The problem I have come across a number of times when discussing encryption is the dilemma of 'encrypting everything'.

This is especially apparent when it comes to email, but even more so when it comes to documents and data that is stored off-site. This week I spoke with CipherCloud, whose mantra is about ‘encrypting data in real-time'. Its vice president of marketing Kevin Bocek said that encryption is often seen as a ‘clunky process' and that it only really works on a desktop.

He said: “So we focused on encrypting data in real-time so what was stored on a server or SalesForce of Gmail was encrypted by the user going through a gateway.”

He explained that from an organisational perspective, data that is in the cloud and is out of reach can often be unknown, but if it is encrypted then no one can get to it. The CipherCloud approach is to go through a gateway with an on-premise appliance allowing access to the web.

Bocek said: “You put it on site, as you put data in the cloud or allow a third party to run it for you. It is important to have control of your data that is in the cloud if you are attacked, as then you have the keys to the data.

“The gateway has the encryption keys but nothing is stored in the gateway, it manages them and it decrypts the data. For the user, they will never know that they are using encryption, as there are no certificates or keys needed, everything is managed for you.

“You cannot tell Microsoft or SalesForce to install the stuff you want on their servers and you cannot tell your SaaS provider to install an encryption platform for you, so the gateway sits in the middle between the user and the cloud.”

An Office 365 product was launched this week to transparently encrypt all email messages, calendar and contact data stored in Microsoft's Exchange Online and third party Hosted Exchange.

Bocek said that this was designed in order to provide protection for data hosted outside of Europe to fit within local regulations, as it removes data security, residency, privacy and compliance barriers and allows control over cloud-based data. He also said that this was about encrypting "what the customer uses and what regulators ask for".

Connectors are added to the gateway for each platform, with each user able to add as many connectors as they choose. In terms of authentication, Bocek said that it is agnostic to technologies in order to allow users to choose what they already have in place.

Created by ArcSight co-founder Pravin Kothari in 2010, Bocek said that CipherCloud was built on a realisation that data was being moved to the cloud and that there was no easy way to encrypt that data once it was in the cloud. This led to development on transparency and working across multiple clouds.

“On your laptop the operating system is encrypted, but is data encrypted by a third party? So that is why we put the ability to encrypt data in the cloud and the first service that we supported was SalesForce,” he said.

The encryption market is arguably strong because regulators demand its use, and vendors are there to provide solutions. Where the challenges lie is in deployment and ease of use for end-users, but if things are done automatically and the issue of off-premise storage is also addressed, then CipherCloud may be on to something.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events