Egress Secures Data Exchange to Prevent Enterprise Data Breaches

Egress Software Technologies is using a SAAS model to help enterprises protect and control access to the data they share. With Egress Switch, enterprises can set strict access policies over who can access e-mails or data downloaded to CDs and other media even after the data has been sent.

Many data breach notifications start with a story like this: An unencrypted CD with customer information has gone missing.

But what if the CD were not only encrypted, but for that encryption to be broken, the person had to authenticate and get the encryption keys from the cloud? This is the question data protection vendor Egress Software Technologies is answering with Egress Switch, a new cloud-based security offering the company hopes will penetrate both the consumer and enterprise markets.

The product is designed to give organizations tighter control of who accesses information being shared. The company's software uses AES 256-bit encryption to encrypt data on any type of media, from e-mail attachments to CDs and USB sticks. Once the selected data is packaged and encrypted, the package is assigned an identity and can be sent electronically.

In order to decrypt the data, the intended recipient would have to sign up for an Egress Switch ID, which for them would be free. The encryption keys are kept securely in the cloud and are handed over to the recipient's computer only after that person has been authenticated to access the secure package.

This is meant to allow the sender of the information to exert access control over the data. With Switch, the sender can set or change access policies in the cloud. For example, if the sender only wants a certain person to be able to decrypt the data for a certain amount of time, the sender can set a policy to reflect that.

"Individuals and organizations that share information must consider the ramifications if their data ends up in the wrong hands," said Richard Stiennon, chief analyst and founder of security research firm IT-Harvest, in a statement. "If there is a need to stay in control, even after the information has been shared, a simple and affordable secure data exchange solution makes a lot of sense as part of a comprehensive data protection strategy."

Right now, there is no feature included in the software where the technology can detect when information that should be encrypted is being shared. That capability, however, is on the road map for the fourth quarter, officials at the company told eWEEK. Bob Egner, president of U.S. operations at Egress, said the hope is that use of the product will spread virally, starting with businesses and extending into the consumer market.

"Even though controlling your own data sounds simple, most organizations still struggle with this issue and turn to data protection offerings such as encryption and data leak prevention to help them keep their information secure," Egner said in a statement. "While those tools are important, they offer no guarantees about who is accessing data once it has left a user's hands. We believe that our Switch solution addresses a major gap in today's data protection offerings allowing any organization or individual that needs to share information externally to do so safely and affordably by using this simple tool."

The product currently supports Microsoft Windows Vista and XP. Pricing for individual users starts with a monthly subscription at $9.49 per month, while annual subscriptions for businesses begin at $34.00 per year.