CipherCloud Launches Cloud Encryption Offering

As organisations continue to deal with the implications of the US National Security Agency (NSA) and its Internet surveillance efforts, interest in and demand for cloud encryption has increased. Just because data is encrypted doesn’t mean that enterprises should not be able to find what they’re looking for, which is where new features from CipherCloud come into play.

CipherCloud on Monday announced its Searchable Strong Encryption (SSE) offering, which aims to balance the need for access with the need for security.

Encryption gateway

Pravin Kothari, founder and chief executive of CipherCloud, explained to eWEEK that SSE leverages his firm’s encryption gateway. The CipherCloud encryption gateway encrypts data in real time as it flows from the user into the cloud. The gateway is a Linux-based virtual software appliance that can be deployed in a customer data centre or on-site at the enterprise.

The new feature that is now landing in CipherCloud is the ability to search the encrypted data. Once data is encrypted, by definition, that data has been protected and is typically not searchable. What the CipherCloud SSE technology provides is a way to search encrypted data.

Kothari explained that what CipherCloud has done is to put a search index directly in the CipherCloud encryption gateway. What CipherCloud indexes varies depending on what the data is and where it’s going. CipherCloud integrates with online storage vendor Box with online storage vendor Box and for those users CipherCloud indexes the entire document. For Salesforce.com, whatever customer data is being transmitted can be securely searched.

“We have a plug-in for each application, so we know how search and sort are done,” Kothari said.

From a user access perspective, CipherCloud enforces access control policies for the searchable encrypted data. The CipherCloud gateway verifies with the given application that a particular user has the right level of authorisation to access a specific piece of data.

“We work with the applications on the back end to make sure that access control policy is followed before any results are returned to the user,” Kothari said.

AES cryptography

CipherCloud uses 256-bit Advanced Encryption Standard (AES) cryptography to protect customer data on the gateway and in the cloud. Kothari explained that 256-bit AES is a symmetric encryption technology, which means the same key is used for encryption and decryption.

Getting data from the enterprise to the gateway and then to the cloud requires some form of encryption for the data in transport. CipherCloud uses standard Secure Sockets Layer (SSL) encryption from the gateway to the cloud, Kothari explained.

Among the revelations in the recent NSA leaks is that the agency has somehow managed to crack some SSL security as well. Kothari noted that CipherCloud recommends that customers use a cipher for SSL, known as Elliptic Curve Cryptography (ECC), which is fast and secure.

“If you look at the NSA disclosures in recent months, what has come out is that they are good at strong-arming cloud providers to get data in plain text,” Kothari said. “If you use strong encryption with strong key management, then the NSA is not able to get your data. There is no evidence in the last 10 years that AES has been cracked.”

Are you a security pro? Try our quiz!

Originally published on eWeek.

Sean Michael Kerner

Sean Michael Kerner is a senior editor at eWeek and contributor to TechWeek

Recent Posts

OpenAI In Talks With California Over For-Profit Shift

OpenAI reportedly begins early talks with California attorney general over complex transition from nonprofit to…

39 mins ago

EU To Assess Apple’s iPad Compliance Plans

European Commission says it will review Apple's iPad compliance with DMA rules as it seeks…

1 hour ago

James Dyson Says ‘Spiteful’ Budget Will Kill Start-Ups

James Dyson delivers most high-profile criticism so far of Labour's first Budget that raises £40bn…

2 hours ago

Nvidia, Meta Ask Supreme Court To Axe Investor Lawsuits

Nvidia, Meta bring cases before US Supreme Court this month seeking tighter limits on investors'…

2 hours ago

Nvidia To Replace Intel On Dow Jones Industrial Average

Nvidia to replace Intel this week on Dow Jones Industrial Average after years of turmoil…

3 hours ago

Toyota-Backed Joby Flies ‘Air Taxi’ In Japan

Joby Aviation and Toyota Motor complete demonstration flight in Shizuoka as companies prepare to bring…

3 hours ago