Startup Ionic Security takes the sweat out of securing documents

Well-funded startup Ionic Security controls access to the decryption keys needed to unlock documents so only those meant to access the data have the ability to decrypt it. In addition, the service sets policies on what can be done with the data once it's accessed.

Well-funded startup Ionic Security has launched a data-protection service that guards encrypted documents no matter where they go until access is authorized by its policy engine based in the cloud, making it possible to protect data even if the files that contain it fall into the wrong hands.

Ionic controls access to the keys needed to unlock encrypted documents so only those who are meant to access the data have the ability to decrypt it. In addition, the service sets policies on what can be done with the data once it's accessed.

The company's significant offering is that it takes on the entire burden of managing the keys, a huge undertaking that it has automated and that customers don't have to bother with, says Ionic's CEO Steve Abbott, who served a stretch as vice president of sales for public-key cryptography firm PGP Corp.

In addition, its policy engine allows controlling who gets the keys and under what circumstances. The keys are kept in the possession of customers, but Ionic's service takes charge of deciding whether a user's request for a key to decrypt a document is authorized. If so, the service signals the key server to release the key so the reader can access the plaintext data.

So if documents are stolen, they remain useless because the thief can't meet the policy requirements to get the key to decrypt them. The service makes it practicable to encrypt every important piece of data generated by a business, Abbott says.

This has been a problem not so much because it's hard to encrypt but because it's hard to make it possible for large numbers of authorized parties to decrypt, Abbott says.

The company's strength is that it makes PKI easy to use. A system to manage keys used for one-to-many communication is hard, and many-to-many is harder still, he says. Keys have to be distributed, kept up to date, revoked, redistributed and within a framework so partners trust them a gargantuan chore when large volumes of data are encrypted with separate keys.

Ionic's encryption scheme still calls for an enormous number of keys, managing them is automated and handled entirely by Ionic for its customers, he says.

The company has been pitching its service only to the largest corporations and tailoring it to their needs. Abbot says Ionic has half a dozen Fortune 100 companies signed to three-year contracts, which represents 1.5 million seats. He wouldn't name any. When the service is generally available it will be sold in one-year contracts, and pricing hasn't been set, he says.

The platform encrypts content at the time it is created and supports iOS, Android, Mac, Windows and Linux operating systems. Policies set on the encrypted files can control where and when data is accessed and by whom. So a policy could restrict access to a document only to C-level executives who are connected to the Wi-Fi in the executive board room, for example, and only after a certain time on a certain day.

It can further encrypt and set policies on data within files, he says. So if a document contains historical sales data as well as projected sales, a policy could allow the document to be shared with and opened by the entire sales team, but with only sales executives able to read the projections.

The platform keeps logs on who uses what data and can generate reports. So it could be polled to find out which department generates the most data and who's reading it.

The encryption keys are stored in a server called a key grid on customer premises. The cloud service authenticates users trying to access documents and lets the key grid release the right key to them if they meet all the requirements set by user policy.

The system could be used to help thwart insider threats by tracking, for instance, who accesses documents containing the word "proprietary".

Customers can set policies on what is encrypted. So a rule could say that when users belonging to an Active Directory group, say Finance, write a document containing the words private or confidential or classified, it gets encrypted. The decryption policy for those documents could be that only people with a confidential rank can see them.

Further, users could highlight different segments of documents in different colors that indicate separate categories of users who would be able to read those sections. So a document about new hires including their salaries could be accessible to board members, and the same document could be accessible to the entire staff but with the salaries redacted because they would not be authorized to get the key for that section of the document.

Key requests come from agents on endpoints and are handled in Ionic's cloud, which is located in a variety of commercial clouds including Amazon Web Services. If a key is issued to the endpoint from the key server called the key grid the document is decrypted on the endpoint.

The service is sold with company-wide licenses to customers for three-year terms. The actual charge can be determined on a per-transaction basis or it can be a flat fee for unlimited transactions.

The company has been in stealth mode since 2011, and has already undergone a name change from Social Fortress to Ionic. Ionic was chosen because in chemistry it represents the strongest type of bond, and the company wanted to express that kind of strength, Abbott says.

Abbott says he was introduced to the company's founder and CTO Adam Ghetti by Phil Dunkleberger, cofounder of PGP Corp. Abbott says that within three or four minutes he decided to go in with Ghetti. The company has raised $78.1 million from the likes of Kleiner Perkins Caufield & Byers, Meritech Capital Partners and Google Ventures.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about Amazon Web ServicesByersCustomersGoogleLinuxPGP

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts