Vendors tap into cloud security concerns with new encryption tools

Products let enterprises retain control over key management functions

A handful of vendors have begun rolling out new technologies designed to let companies take advantage of cloud computing environments without exposing sensitive data.

One of these vendors, CipherCloud, a Cupertino, Calif.-based start-up, on Thursday launched a virtual appliance technology that companies can use from within their premises to encrypt or to mask sensitive data before it hits the cloud platform.

Unlike the case with encryption services offered by cloud providers, CipherCloud's technology lets enterprises have complete control over the encryption and decryption process, said Pravin Kothari, CEO and founder of the company. The only set of encryption keys resides with the enterprise and not the cloud provider, ensuring that only authorized users can view the data, Kothari said.

CipherCloud's algorithm works in a way that encrypts data without fundamentally altering the data format or function, said Kothari, whose previous start-up was ArcSight , a company acquired by Hewlett-Packard last year for $1.5 billion.

CipherCloud's technology also supports a tokenization feature that replaces sensitive data entered into a cloud application with anonymous dummy values. The tokenization feature, like the encryption technology, lets companies mask sensitive data while ensuring that they still retain the ability to sort, search, validate and generate reports with it, according to Kothari.

CipherCloud's technology is designed to work with any cloud provider, although the launch version works only with's cloud platform.

CipherCloud is not the only company offering such products. Another vendor offering a similar cloud encryption technology is Vormetric , which on Wednesday rolled out an encryption product for use within Amazon's Web Services platform. The Vormetric product also lets enterprises encrypt sensitive data that is stored in the cloud, while allowing them to retain full control over encryption key and policy management functions.

Voltage Security and Navajo Systems offer technologies that are similar in approach and function to CipherCloud's product. Like CipherCloud, Navajo has an offering for's cloud computing platform.

Such technologies give companies an immediate way to protect data in their existing cloud applications, said Richard Stiennon, a security analyst at IT-Harvest. They also can help mitigate the data residency issues that can sometimes crop up when companies move data to the cloud, he said. Companies in certain industries for instance, can face restrictions when it comes to storing their data outside certain geographic borders. The data masking and cloud encryption tools that are becoming available today can offer a way around such issues, he said.

One example of an organization that plans on using such technology to get around data residency restrictions is the New Democratic Party (NDP) of Canada, which is a beta tester of the CipherCloud product. The NDP wanted to move its applications to but was concerned about having its database of 24 million voters stored on servers in the U.S.

"We really liked the product, but we were highly reluctant to have our data stored in the U.S and being prone to the Patriot Act," said James Williamson, IT coordinator at the NDP. "Also, being a political party, our members our highly sensitive to storing their [personal data] in the U.S," he added.

Initially, the NDP considered the encryption services offered by but decided not to pursue that avenue because the encryption keys would also be held by the provider. "If the Patriot Act was invoked, they would hand over the key, so there really was no protection," Williamson said.

At the recommendation of, the NDP tried one other vendor that offered a similar encryption approach before trying out CipherCloud. So far, the experience has been positive, Williamson said. CipherCloud's technology has allowed NDP to encrypt and decrypt data on the fly, with no noticeable impact on performance, he said. The fact that key management functions are under the control of the NDP has lessened the risk of NDP's voter data being accessed in an unauthorized fashion, he said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is .

Read more about security in Computerworld's Security Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags data securitysecuritycloud computinginternetdata protectionHewlett-Packardarcsight

More about Amazon Web ServicesArcSightHewlett-Packard

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place