Security Start-Up CipherCloud Lands Central Government Contract

Safe cloud computing concept- Fotolia
0 0 1 Comment

Firm secures contract in UK government and thinks it can ease security concerns around cloud

CipherCloud, the US-based company that believes it has the answer for cloud security issues, has landed in the UK and is already working with a central government department.

The company, which launched its first product in May 2011, would not say which department it had scored a contract with, but told TechWeekEurope it was helping secure a deployment. Salesforce is one of CipherCloud’s key strategical partners.

There are concerns around the fact that still does not own a data centre in the UK or Europe, despite its plans to build one. CipherCloud appears to have eased such worries at the government department it is working with.

CipherCloud’s product is a gateway, which lets IT teams choose what cloud-destined data, on a per-word basis, is protected with AES 256-bit encryption. It’s an agnostic service, meaning it doesn’t matter what Software-as-a-Service (SaaS) application is being used, the encryption will work across all of them, according to CEO of the company Pravin Kothari.

CipherCloud breaks into London scene

But Kothari, who founded security firm ArcSight that was sold to HP for $1.5 billion in 2010, told TechWeekEurope the company is planning on expanding the product to include malware detection from a partner plug-in, whilst building up a SaaS version of its gateway. That way it will become a true cloud company.

“We can rebuild the entire security for the cloud… a lot can be done,” Kothari said. “We want to bring many more out-of-the-box solutions.”

As for its EU play, Kothari said that despite the fact that 80 percent of its employees are technicians, for now, the European team will focus on sales and marketing. It will have an office in Oxford, but most work will be carried out from the HQ in London.

The company believes that its services will ease governments’ and private firms’ fears around where their data resides. In the UK, it is believed companies such as Amazon and Google have not been able to get onto the government’s G-Cloud framework due to their data centre infrastructure.

If organisations can encrypt their data before it is shipped off to foreign lands, they shouldn’t have to worry about it so much, says Dev Ghoshal, senior vice president of field operations.

One of the key selling points for CipherCloud  is that the single key used in its deployments resides with the customer, he explains. “This allows organisations to have a say over their data,” explains Ghoshal.

But AES 256-bit encryption can, in theory, be cracked. The US government itself owns massive data centres used to break encryption. Given the US Patriot Act, which allows US law enforcement to access foreign data, fears may not be allayed by encryption as easily as CipherCloud hopes.

Nevertheless, the rise of the company has been little short of spectacular, indicating businesses are convinced by the CipherCloud model. The company claimed it had seen 500 percent year-on-year growth, and has gained some significant customers in its brief existence.

Of the 40+ contracts signed so far, two have been with two of the biggest banks in the world, Ghoshal notes, unable to offer names due to the sensitive nature of the deals. One of those is using the gateway for a mortgage application service being delivered via the cloud.

The company also announced yesterday it had secured $30 million in funding from Andreessen Horowitz. Deutsche Telekom is already an investor.

Are you a security expert? Find out with our quiz!

  1. I wish they would post the name of the government entity with which they are working. It would be helpful to better understand the criteria on which they were selected. As this article mentions, AES encryption by itself may not provide the required level of security. Poor implementations of any encryption algorithm can be cracked. So, the question is: Is Ciphercloud’s implementation secure? If so, then who has certified it?

    I ask because after I read this article I did some research and after a few Google searches, I found several instances of people questioning the marketing of Ciphercloud’s encryption as “military grade” given that they appear to lack even the minimum certifications in the USA to meet military standards.

    One post (on <a href="; title="StackExchange") even attacks the security of "searchable encryption" with a pretty detailed description of how Ciphercloud would have to implement this, based on the certifications they have on their encryption engine. (A disgruntled insider, perhaps?)

    At any rate, the entire cloud computing market is awash with hyperbole and spurious claims, so one would do well to investigate in depth before implementing (yet another ) costly IT security solution that has little or no real security benefit.