Routine Data Encryption Is the Way to 'Embrace Chaos' in the Cloud

NEWS ANALYSIS: Nick Stamos, founder and CEO of nCrypted Cloud, argues that routine encryption is the best way to secure data streaming to cloud-application services.

Let me add another acronym to the enterprise-computing lexicon: ETC. ETC stands for "Embrace the Chaos," and the topic came up during an interview last week in Boston's Innovation District while I was visiting with Nick Stamos, the founder and CEO of nCrypted Cloud.

Nick is a startup veteran with several successes, including Phase Forward (bought by Oracle in 2010) and founder of enterprise-data protection company Verdasys. He made (much) earlier stops at Wang and Lotus and is a great example to refute those claiming that all the smart techies leave Boston for Silicon Valley at the first sign of snow.

In any case, this time around Nick is working on a problem so prevalent in the modern enterprise that he cooked up his own name for it—that would be ETC. Here's the genesis of the problem: Companies need to keep their secrets secret.

At the same time, those companies need to share their information with customers, contractors and their employees if they intend to get any work done. Now the ability to keep secrets might have been a bit easier in the days when CIOs could keep the enterprise systems locked down and make sure that document management was confined to specific servers, storage and users. Controlling user access was achievable because, well, really there weren't that many users.

I say the ability to keep secrets safe might have been a bit easier in the old days except I remember doing lots of reporting about corporate secrets walking out the front door as copies in briefcases or faxes transmitted during off-hours.

But this isn't about the old days. Today corporate systems are not locked down. The rise of cloud-based storage systems including Box, Dropbox and Microsoft's recently renamed OneDrive (formerly SkyDrive) means there are lots of ways to move documents, photos and files to places outside of the corporate confines.

The Wall Street Journal recently covered a report by research firm Netskope that found that "enterprises have an average of 397 cloud apps running that are used by employees." CIOs or CSOs who think they can rein in cloud app usage through dire-sounding edicts often including the corporate equivalent of a beheading are living in a fantasy world.

Here's where nCrypted comes into the picture. Let's start off with the idea that every document, file and photo begins and ends life in an encrypted state. Once encryption was shunned because it was thought to put too much of a computing burden on servers and was simply too complicated for normal human beings.

Now that Google, Amazon and Yahoo are all encrypting their content, the idea that encryption is too difficult and won't scale is obsolete. And all those startling government snooping revelations by National Security Agency document purloiner Edward Snowden will assure that any service that doesn't encrypt will find itself getting a thumbs down from consumers.

So, encryption is a given. But who should manage the encrypted flow of documents among employees, contractors and customers? How about the people who actually use those documents?

This is where Stamos has added the secret sauce. By allowing users to manage document flow while adding a corporate view into where those documents are going, he addresses a couple of compelling issues. Users can have multiple roles both in personal life and corporate life, and management—traditionally the other big problem in encryption scenarios—needs to acknowledge those roles.

Corporate management also needs the right to find and yank corporate privileged information and remotely wipe documents when someone gets fired or quits, without messing up the personal files and documents.

I'd say this technique of allowing users to control document flow while affording some corporate oversight falls into the technology equivalent of trust but verify. That's what nCrypted does by adding a security layer that can be used in conjunction with outside services, but is not part of those services and remains under the customer control.

They've recently added an enterprise edition. The next time you are in your corporate meeting and the CISO starts going on about the need to block all those outside cloud-based services, try responding by saying, "What we need to do is embrace, not block, the chaos."

Eric Lundquist is a technology analyst at Ziff Brothers Investments, a private investment firm. Lundquist, who was editor-in-chief at eWEEK (previously PC WEEK) from 1996-2008, authored this article for eWEEK to share his thoughts on technology, products and services. No investment advice is offered in this article. All duties are disclaimed. Lundquist works separately for a private investment firm which may at any time invest in companies whose products are discussed in this article and no disclosure of securities transactions will be made.