Ionic Emerges From Stealth With Data Protection Platform

Ionic Security's platform is designed to protect data with encryption that is easy to deploy and maintain.

Ionic's data protection

Officially exiting from stealth mode, Ionic Security is now publicly discussing its data protection platform—which has been in various stages of development for nearly four years. Ionic has raised $78.1 million in funding, with its most recent Series C round bringing in $40.1 million in January 2015.

The basic idea behind Ionic's platform is to protect data with encryption that is easy to deploy and maintain. Adam Ghetti, founder and CTO of Ionic Security, explained that the platform is a data protection platform-as-a-service offering. The company isn't just announcing that it is existing stealth, but also that it already has a significant user base, he added.

"We have over a million and a half licenses sold across about a half-dozen Fortune 100 enterprises," Ghetti told eWEEK.

Ionic's goal is to help organizations not fear a network breach, because the actual data itself is all protected, Ghetti said. The promise of Ionic is a data protection layer that focuses on the actual data. Typically, data encryption today is done with public key infrastructure (PKI) that has the challenge of key management when data use scales.

"With Ionic, we have found a way to reliably scale distribution of symmetric keys across untrusted infrastructure," Ghetti said. "We create a unique 256-bit symmetric key pairing for each logical object protected by our platform."

A logical object could be a document, or it could even be as granular as a single sentence in a document that is cryptographically protected. Ghetti explained that no single individual key is ever used more than once. As such, if any one individual key was somehow cracked by an attacker, only one logical object would be at risk.

Even at this stage of its development, Ionic is already managing trillions of cryptographic keys on behalf of its customers, Ghetti said. Being able to manage and deploy the symmetric keys is part of the core intellectual property of Ionic.

For example, if a document protected by Ionic is sent to a user, the user's machine will request the right to see the document. The actual document stays encrypted the whole time while resident on the user's machine.

"Ionic's protocol negotiates the rights with Ionic service to see the object, but part of the negotiation is understanding the current consumption context," Ghetti said. "That means understanding what applications are running, the operating system and the network."

The policy engine for the Ionic platform can govern the conditions under which an object is allowed to be consumed. So, for example, if a document includes personally identifiable information like a Social Security number, the Ionic platform user can choose to place specific conditions that need to be met before data can be viewable. If the context changes for the user—for example, if the user is not in his or her office environment (which is allowed under policy) but moves to a coffee shop (which is not allowed)—the encrypted data object will no longer be viewable.

While the Ionic platform provides very granular control for securing data, there is one problem that it can't stop. "We can never stop someone from writing something down," Ghetti said. "And you can't stop someone from taking a photo of a screen with their phone."

From a deployment perspective, Ionic can be thought of as a protocol, he said. As such, every device that needs to view encrypted content will need to be able to understand the Ionic protocol.

"Today, we're a young company, so we have plug-ins for Microsoft Internet Explorer, Google Chrome, Mozilla Firefox and the Microsoft Office Suite," Ghetti said. "There are also libraries for Android and iOS to protect enterprise apps."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.