Techworld

Business booms for cloud encryption provider after PRISM revelations

CipherCloud CEO said the company has opened an Australian office due to accelerated growth in the local market

Cloud encryption provider CipherCloud has seen accelerated growth in the wake of revelations by whistleblower Edward Snowden of the massive level of surveillance of Internet traffic by the US National Security Agency, according to the company's CEO, Pravin Kothari.

"We've seen a lot of growth specifically in Q2. When that announcement came out, it was at the beginning of June when Edward Snowden leaked his first piece of information around PRISM and our end of quarter is the end of July," Kothari said. In the wake of Snowden leaking documents that outlined the scope of PRISM, CipherCloud had "the best quarter in our history," Kothari said.

A survey conducted by the Cloud Security Alliance (CSA) found that 10 per cent of 207 officials at non-US companies cancelled contracts with US-based cloud service providers after Snowden's revelations.

CipherCloud provides an on-premise encryption gateway for enterprises. An enterprise retains control of its encryption keys, and data is encrypted before it's sent to a cloud service provider.

The subscription-based service, which can be installed as a virtual appliance or on hardware, includes plug-ins for a number of major SaaS offerings, including Salesforce, Gmail and Office 365, as well as support for private- and public-cloud-based databases and a framework, Connect AnyApp, that can be used with other third-party or custom applications.

CipherCloud senior vice-president Paige Leidig said that the gateway typically has a performance hit of under 2 per cent, and that in some cases, because of a static object cache incorporated into the gateway, users see better performance from some applications.

Growth in the last quarter was 200 per cent, but CipherCloud's growth in Australia was twice that, according to Kothari.

"I think we'll continue to see a lot of growth globally simply because more and more organisations at the enterprise level are continuing to adopt the cloud for all the advantages that the cloud providers.

"I don't think we're going see any particular area that's not growing, but we are seeing countries, specifically because of this [NSA PRISM] news, in Europe and here in Australia and New Zealand, that are growing very rapidly."

Globally the company's service has around 2 million users and encrypts some 250 million customer records. Customers in Australia include two of the big four banks and a health insurance company. Much of CipherCloud's growth has been in heavily regulated industries, such as banks and other financial services companies, health care and government.

Although CipherCloud has customers in the $250 million-$500 million annual turnover range, most of the company's customers have turnover of over $1 billion.

The company earlier this year established an Australian-based sales operation. "One of the reasons we're setting up shop in Australia is we can't meet demand," Kothari said.

"All the customers we have to date that are live with our product we actually sold through a sales rep based in New York City."

The local office currently comprises two sales reps, but Kothari said based on the level of growth CipherCloud was seeing in Australia it would "absolutely" set up a local customer support operation in the future. (Support is currently provided out of the US and a support centre in India.)

Kothari said that the company sees two future axes of growth for its product offerings. One is increasing the number of cloud-based applications CipherCloud supports 'out of the box' through plug-ins. "The other axis is around different security controls," the CEO said.

"So we provide AES 256 encryption capabilities. We also do tokenisation, we also do key management, we also do Cloud DLP or data-loss prevention, malware detection and activity monitoring. And you'll see us continue to grow along that dimension as well."

Tags securitycloud securityencryptionContent

More about AES Environmental Pty LtdCSADLPNational Security AgencyNSA

2 Comments

Crypto Skeptic

1

When a vendor introduces new encryption techniques with claims such as "military-grade, AES-based format and operations preserving encryption schemes", the industry expects independent cryptanalysis by well known cryptographers and experts. That's industry standard practice - and for very sound reasons. Unproven crypto has no place in regulatory compliance or data privacy. So where are the reports in this case?

In particular, how is function and format preserving encryption achieved? Regular AES (CBC) 256 bit encryption is not function and format preserving - not even close. There is one exception: AES-FF1 mode "Format Preserving Encryption" per Draft NIST 800-38G, a secure and proven new method of data protection. However, this method does not appear to be used by this solution. Its not clear at all what is used in fact, which is a big risk to adopters.

Questions about how any meaningful security is achieved are still unanswered, despite industry and crypto community requests and debate:

http://crypto.stackexchange.com/questions/3645/how-is-ciphercloud-doing-homomorphic-encryption

Until proven strong by relevant independent experts with open review of proofs, proprietary techniques have to be assumed to be weak and vulnerable, irrespective of vendor claims. DCMA take-downs on open debate on the topic only add more doubt to a skeptical security community. Established best practices in data security cannot be skirted at the expense of putting data at risk: the only winners then are the attackers. To them, data protected by unproven methods present ideal targets for sport and financial gain.

JT Reynolds

2

People all over the globe need to wake up to the fact that email is really a digital megaphone - A lot of people can hear what you're saying. But we can't just give up. We've got to use the tools we have left. Use Tails & TOR for browsing, Textcrypt for text messages and Cellcrypt for mobile phone calls. Then, take everything off of Dropbox, Instagram, iCloud, etc, and stash it all in a Cloudlocker (www.cloudlocker.it) which works just the same but stays in the house where they still need a warrant to get inside.

I'm sure we're going to seem more and better tools like these appear soon as good ol Yankee ingenuity revs up. But what a shame that it's come to this. The US Patriot Act justification doesn't wash anymore: "We're hunting terrorists. We don't need no stinking 4th Amendment."

Comments are now closed

Twitter Feed

Featured Whitepapers