Virtru Brings Cloud Encryption Management On-Premises

New Customer Key Server (CKS) enables organizations to manage their own cryptographic keys for Virtru's cloud email encryption service.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Encryption vendor Virtru launched a news service on Nov. 30 that enables its customers to keep encryption keys for cloud email services in an on-premises key server.

The new Customer Key Server (CKS) extends the usability of Virtru's so-called 'zero-knowledge' email encryption platform by giving enterprises control over encryption keys. Virtru provides a cloud-based system that enables organizations and individuals to easily encrypt email.

"With the Virtru CKS there is true zero-knowledge and the enterprise has exclusive control over who and what systems are accessing content," John Ackerly, co-founder and CEO of Virtru, told eWEEK.

From a technology perspective, Ackerly explained that Virtru uses a symmetric key model and the enterprise controls the public-private key pairs. As such, all of the decryption happens on the enterprise CKS which can be deployed on-premises. The CKS can also be deployed by enterprises in an organization's own cloud instances.

Virtru as a company makes use of open-source and open standards as part of its overall engineering efforts. A key standard used by Virtru is the Trusted Data Format (TDF) which is an open format. The actual CKS technology is however proprietary code.

"The overall system is not open-source, but the underlying encryption standards and TDF are all based on open formats," Ackerly said.

Aside from the complexity of managing keys, often a barrier to the adoption of encryption technologies is the impact on performance. Ackerly emphasized that with Virtru CKS, latency is not an issue.

"The unwrap of the encryption keys that Virtru manages happens at the enterprise with CKS," Ackerly said. "So it's a simple transaction where the symmetric key that is wrapped in the enterprise's public key gets decrypted with the private key that they always maintain."

Earlier this year, Virtru added search capability to its encrypted email platform. With the new CKS, search will still work in the same way, even as the enterprise controls the encryption keys. The CKS will also work with Hardware Security Modules (HSMs) which is a physical device used by some organizations to manage and secure cryptographic keys.

The Virtru service works with cloud systems including Google's G Suite and Microsoft's Office 365.

"Google customers were actually an early driver for us building the CKS offering," Ackerly said. "Google users in regulated industries need this capability."

Virtru is a privately-held company and publicly announced in August that it had raised $31 million in Series A funding, some of which was used to help fund development of the CKS technology. Ackerly noted that the funding is being used to innovate email encryption efforts as well as to extend Virtru into other use cases.

"We're going to leverage our key management architecture to link encryption to hardware roots of trust," Ackerly said. "When you move beyond thinking about human to human interaction to machine to machine with IoT, it's a place where our architecture will play very well."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.