Salesforce.com acquired Navajo Systems, a company that locally encrypts and decrypts corporate data via its VPS platform before it leaves the enterprise and goes into the cloud.
New encryption technology at
Salesforce.com may ease customer concerns about data security in the cloud.
The software as a service (SaaS)
giant quietly acquired Navajo Systems, an Israeli cloud security encryption
vendor earlier this month, Salesforce.com told eWEEK
Aug. 26. The company will announce the acquisition and
provide more details on its product plans next week at its Dreamforce
conference in San Francisco, according to the company's spokesperson, Rochelle
There are also reports that Salesforce
will announce another acquisition at Dreamforce, of Assistly, which makes an
application to add social media tools to customer communications. Assistly lets
organizations interact with customers via Twitter, Facebook, email and other
media via a single pane. "Salesforce.com doesn't comment on rumor or
speculation," Garner told eWEEK.
Customers are increasingly
wary of storing corporate data in the cloud and expect certain guarantees that
the data will be safe and protected when it is accessed, according to Jeff
Hudson, CEO of Venafi, a company that provides an automated way to manage
encryption keys. For many organizations, concerns about whether the data would
be stored securely may be a barrier to cloud adoption.
Recent studies have shown
that while organizations see the benefits of using cloud applications, they
remain very concerned about protecting privacy and preventing data breaches or
that," Hudson told eWEEK,
that "encrypting data has become the de facto standard" for
addressing customer concerns.
Founded in 2009, Navajo
Systems was one of the application vendors for Salesforce to provide encryption
services for customers. The Virtual Private SaaS (VPS) technology has been
available as either a cloud service or an appliance sitting on the Salesforce
customer's local or wide area network. All data going from the enterprise to
the cloud application has been transparently encrypted by VPS before it even
leaving the network. Users have been unaware of the process, and the sensitive
corporate data has been unreadable on the cloud provider's servers.
Organizations that didn't
want Salesforce to handle data security could use Navajo Systems, instead. With
VPS, the customer retained full control and was solely responsible for its data
security as the enterprise held all the encryption keys. Even if VPS was used
as a cloud service, the customer had exclusive VPN access to secure its keys.
"This acquisition has
the promise of providing greater customer assurance that the data in Salesforce
is effectively 'guaranteed' safe," Hudson said.
Salesforce's Garner did not
discuss any details of how the products will be integrated, and Navajo Systems
did not respond to queries. All the pages on the Website have been have been
taken down, and the site now displays a simple message: "Navajo Systems
has decided to pursue a different strategy." It's unknown whether
customers have been notified or how the acquisition will affect existing
partnerships, such as with IBM. Navajo Systems has supported Smart business
Development and Test on the IBM Cloud since March 2010.
It's also unclear if
Salesforce will continue working with other SaaS encryption providers.
The acquisition would help
Salesforce go after customers concerned about compliance and regulatory rules.
With encryption technology integrated into its service, customers can now
"check the box and say my data is encrypted at Salesforce," John
Pescatore, vice president and distinguished analyst at Gartner, told Dark Reading
earlier this week.
It's not enough to have data
encrypted before leaving the organization. It's also critical that the
encryption keys be stored and managed properly, Hudson said. It's important to
track keys so that they don't get lost or misplaced when employees leave the
company. If the key is lost, the encrypted data can no longer be accessed. The
more an organization relies on encryption, the more important key management
becomes, according to Hudson.
"At the end of the day,
the encrypted data remains unsafe if the keys to unlock it are not well
managed," Hudson said.