CipherCloud Ratchets Up Security for Box Cloud Storage

CipherCloud enables only users to access encryption keys, so nobody else--not even the NSA or hackers of any type--can see the data.

With the U.S. National Security Agency causing international concern with revelations of how it maneuvers around encryption and gets into files transported over the Internet that previously were thought to be secure, this news story may be of interest to many people.

CipherCloud revealed Sept. 16 that it has added AES (U.S. government-level Advanced Encryption Standard) 256-bit encryption to its cloud data loss protection offering for Box, which will enable the cloud storage and collaboration provider's 180,000 customers to refine their policy controls and add much more protection over their files.

The most important value-add here is that with a CipherCloud option, only the user has the encryption keys, so nobody except the user—not even the NSA or hackers of any type—can get their hands on the data.

While files are encrypted in Box, they can still be easily accessed and decrypted by authorized users from anywhere and on any device, CipherCloud founder and CEO Pravin Kothari told eWEEK.

"If you look at collaboration vendors like Box and Dropbox, server-side encryption doesn't help much," Kothari said. "Their encryption within storage is there, but you still have all the problems of cloud because they [the cloud provider] have your information. The system admin or DBA can see your data, they are controlling your [encryption] keys, and if you are sending data out of your country, it could get hijacked.

"This is because as you log in, the server-side encryption doesn't check who logged in, whether you are the end user or not."

CipherCloud encryption addresses all those issues by transparently encrypting the data without any impact on the application, Kothari said. Box has a large set of client application options, including its own BoxWorks and integrations with Google Docs and Microsoft Office 365 that handle encrypted data in Box's storage. The connections between these apps and Box are the potential entry points for intruders scouring for data in illicit ways.

"We support all the ecosystems that are in Box," Kothari said.

Based on a customer's preferences, CipherCloud can enforce a range of actions including alert, block, restrict sharing, quarantine or automatically encrypting sensitive files. All actions and alerts occur through the familiar Box interface along with preserving the ease-of-use that makes Box a popular cloud service.

CipherCloud also provides visibility for a customer into their Box usage with drill-down reporting and security dashboards that track user activity, file content, DLP violations and security anomalies, Kothari said.

CipherCloud is now integrated to Box and completely transparent to users while preserving the standard benefits of Box, and assuring that no third parties can gain unauthorized access to an enterprise's information.

The package uses Box APIs to scan content in real time as it is uploaded and detects sensitive information based on the organization's policies, including industry and country regulations, such as the Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), the EU Data Protection Act, U.K. Information Commissioner's Office (ICO) guidance, the Australian Privacy Amendment Act and U.S. state privacy laws.

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 15 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...