Encryption startup Vera locks down transferred documents

The company's software applies a strict regime of rules over who can open a file

In Silicon Valley, the recruiting game is extremely competitive, according to Ron Harrison, founder of Jivaro Professional Headhunters, a specialist in placing technology candidates.

In some cases, Harrison said the difference between getting nothing and a US$30,000 fee has come down to the few slim minutes between when one recruiter sent a resume to a company and a competing recruiter did.

"It's a dirty business," Harrison said in a phone interview.

Recruiting is complicated by the fact that companies may share resumes, even if the receiving company isn't a client of the recruiter. Essentially, it means a recruiter loses its intellectual property through a gaping hole: an unencrypted document can be sent to anyone.

But Harrison's company is one of 10 trying software from a startup named Vera that aims to lock down documents transferred over email or other file-sharing services such as Box or Dropbox.

Cofounder Ajay Arora said Vera addresses a common enterprise problem: once a document leaves a company's network, it's just out there for anyone to see who receives it -- or intercepts it.

While there is a lot of software out there that tackles this problem, Arora said he wanted to create a product that is very easy to use and doesn't interrupt the workflow of employees. Harrison, for example, said he was up and running in a few minutes with Vera, and it was easy for his employees to use.

With a right click on a file, a set of policies can be attached to, for example, a resume. The resume is encrypted, with the decryption key passed only to the authorized recipient, who doesn't have to install Vera's software.

The document won't open if it is forwarded to someone else. It can also be "time-bombed," or locked up after a predetermined amount of time, or blocked from being printed. Copy-and-pasting can also be stopped.

Vera uses AES 256-bit encryption to scramble a file, and then puts a metadata wrapper around it that contains the policies attached to it. The metadata wrapper phones back to Vera's servers to make sure the authorized recipient is opening it, and then a symmetric key is securely transferred from Vera's servers to the recipient to decrypt it, Arora said.

Vera works with Windows and Mac and as well as iOS and Android. The company hasn't released pricing details, but the software will be charged per user per month.

Vera's cloud-based approach is likely speedier than other data leakage prevention products on the market, which are heavy programs that offer strong encryption but may suffer performance issues during decryption, said Jan van Vonno, senior research analyst with analyst IDC.

"This is one very obvious advantage: it does not require the latest and greatest technology to use effectively," van Vonno wrote via email.

But file-sharing vendors are also promoting their own layers of security, said Alan Lepofsky, vice president and principal analyst with Constellation Research. And there are also a variety of other encryption products designed to place nicely with Dropbox and other file-storage services.

Vera's differentiator is a high level of control over files. Another advantage is that administrators using Vera's portal can see who opened what file and when.

That was a key point for Harrison, whose firm is sometimes marketing candidates who are also signed up with other recruiters. Although he can see timestamps for when an email with a resume was sent, seeing exactly when a company opened a resume is crucial, as it strengthens his argument if his firm should get the fee if a person is hired.

"I know when it [the resume] was opened," Harrison said.

In two of three cases, Vera's reporting helped Jivaro get its fees. The third case was moot since the candidate wasn't hired, he said.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the CSO newsletter!

Error: Please check your email address.

Tags VeraConstellation ResearchIDCsecurityencryption

More about Dropbox

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place