Startup touts safe sharing of Office 365 documents

Startup Vera is rolling out support for securing Microsoft Office 365 documents no matter where they go using policies set by the businesses that create them.

Startup Vera promises to secure Microsoft Office 365 documents no matter where they go using policies set by the businesses that create them.

The company lets users restrict access to individual documents or parts of documents in order to keep the content secure even if devices that contain them are stolen.

Vera already supported Office documents, but now it can protect them within Microsoft's Office 365 software-as-a-service environment.

The platform has value when sharing confidential financial documents among business entities, says Sujit Banerjee, managing director at K1 Investment Management and a Vera customer. For example, he can share sensitive financial information among business partners with the assurance that only designated persons can access the unencrypted content.

Vera's CEO Ajay Arora describes it as a secure Snapchat for files and documents.

The platform consists of a client that encrypts documents at the time they are created and a server that stores security policies on each file as well as the keys to decrypt them.

Alan Lepofsky, an analyst with Constellation Research, says the benefit for businesses is that Vera can protect documents without significantly changing user behavior meaning a low learning curve and a likelihood documents will actually be protected. It's also not platform, vendor or device specific, meaning it can be used on a device. And it won't interfere with other security tools.

There is no key management for customers to perform, avoiding a complicated and potentially expensive infrastructure, he says.

To share a file securely, users identify the file, right click on it, choose "secure with Vera" and create a list of who gets access. This last can be done by designating individuals, an email list (email is used to include persons outside an organization) or Active Directory group, Arora says.

Vera allows restricting file use once it reaches an approved party. So it could allow or disallow viewing the document offline, allow or disallow copy, paste and printing, allow or disallow printing a screen or make the file available only for a defined time period, for example.

The platform can also track what people try to do with the data and can revoke permissions for accessing the files.

Vera works on a software-as-a-service model where the Vera server can be based in a cloud or within the enterprise. A desktop application encrypts documents using AES 256 encryption. The encryption key is provided by the server and sent encrypted via HTTPS. Once the file is encrypted the app deletes the key. The application puts a wrapper around the file that indicates its file type. This information plus the policies that should be applied to the file is shared with the server.

If a user tries to share a file, the server fetches the policies for it and the keys needed to decrypt it. The system stores symmetric keys per data element, so certain paragraphs could have different policies from the rest of a document. The keys are not stored on end user devices; the devices need to be granted access to them. For offline use, the key would be encrypted and stored on the device for a defined time period.

The app has a shim between the application opening the file and the operating system to enforce policies. If the application opening the file tries to access print-screen, for example, but the policy forbids it, the Vera app intercepts the call.

On the receiving end, users authenticate via Google Authentication, get the decryption key from the server and decrypt in their browsers. For users without clients, the server can decrypt the document and render it to the browser.

The company was founded in January 2014 with $4 million in seed money from Battery Ventures, which invested $10 million more in November of that year. The company has 35 employees, 10 in Bangalore and the rest at company headquarters in Palo Alto, Calif.

Join the CSO newsletter!

Error: Please check your email address.

Tags Office 365Constellation ResearchSnapChatMicrosoftsecurity

More about Battery VenturesGoogleMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place