CipherCloud’s Linux-based SSE product offers strong encryption for the cloud while allowing data to remain searchable
As organisations continue to deal with the implications of the US National Security Agency (NSA) and its Internet surveillance efforts, interest in and demand for cloud encryption has increased. Just because data is encrypted doesn’t mean that enterprises should not be able to find what they’re looking for, which is where new features from CipherCloud come into play.
CipherCloud on Monday announced its Searchable Strong Encryption (SSE) offering, which aims to balance the need for access with the need for security.
Pravin Kothari, founder and chief executive of CipherCloud, explained to eWEEK that SSE leverages his firm’s encryption gateway. The CipherCloud encryption gateway encrypts data in real time as it flows from the user into the cloud. The gateway is a Linux-based virtual software appliance that can be deployed in a customer data centre or on-site at the enterprise.
The new feature that is now landing in CipherCloud is the ability to search the encrypted data. Once data is encrypted, by definition, that data has been protected and is typically not searchable. What the CipherCloud SSE technology provides is a way to search encrypted data.
Kothari explained that what CipherCloud has done is to put a search index directly in the CipherCloud encryption gateway. What CipherCloud indexes varies depending on what the data is and where it’s going. CipherCloud integrates with online storage vendor Box with online storage vendor Box and for those users CipherCloud indexes the entire document. For Salesforce.com, whatever customer data is being transmitted can be securely searched.
“We have a plug-in for each application, so we know how search and sort are done,” Kothari said.
From a user access perspective, CipherCloud enforces access control policies for the searchable encrypted data. The CipherCloud gateway verifies with the given application that a particular user has the right level of authorisation to access a specific piece of data.
“We work with the applications on the back end to make sure that access control policy is followed before any results are returned to the user,” Kothari said.
CipherCloud uses 256-bit Advanced Encryption Standard (AES) cryptography to protect customer data on the gateway and in the cloud. Kothari explained that 256-bit AES is a symmetric encryption technology, which means the same key is used for encryption and decryption.
Getting data from the enterprise to the gateway and then to the cloud requires some form of encryption for the data in transport. CipherCloud uses standard Secure Sockets Layer (SSL) encryption from the gateway to the cloud, Kothari explained.
Among the revelations in the recent NSA leaks is that the agency has somehow managed to crack some SSL security as well. Kothari noted that CipherCloud recommends that customers use a cipher for SSL, known as Elliptic Curve Cryptography (ECC), which is fast and secure.
“If you look at the NSA disclosures in recent months, what has come out is that they are good at strong-arming cloud providers to get data in plain text,” Kothari said. “If you use strong encryption with strong key management, then the NSA is not able to get your data. There is no evidence in the last 10 years that AES has been cracked.”
Are you a security pro? Try our quiz!
Originally published on eWeek.