Box users to benefit from CipherCloud encryption
Encryption specialist to offer additional layer of security for business file sharing service, Box
The product provides an additional layer of security that will extend data privacy, residency, security and regulatory controls to organisations using the Box cloud-based collaboration platform, the company said.
As a document is sent by a user into the cloud, CipherCloud for Box carries out a data loss prevention (DLP) scan to identify and protect sensitive information, encrypting as necessary.
Pravin Kothari, CEO and founder of CipherCloud, told Cloud Pro: “The advantage of doing this is CipherCloud is common for all the employees in the organisation, so you can share sensitive information with other employees via a cloud platform like Box, because we encrypt as it goes out and we decrypt as it comes back in the enterprise, so users will not see any difference.”
Kothari said CipherCloud adds a layer of security, the value of which can be demonstrated in the Dropbox hack that took place last year.
“Both Dropbox and Box will tell you they encrypt the document on the server side, but the issue with server-side encryption became very clear last year when Dropbox was hacked: even though the documents were fully encrypted on the server side, it was useless because if I log in as someone nothing stops me from getting the information.
"[When] encryption is done on the server side, where the keys are also with the server, is not considered compliant or secure – it is a false sense of security. You have to give the encryption key to the customer, so that hackers cannot get to their document in the cloud. So by putting CipherCloud in the middle, near the enterprise, [they] now have full control of the information that goes to the cloud,” said Kothari.
As well as being included in CipherCloud for Box, the firm is also now including DLP in its Open Platform service, which the company claims is a first in the cloud.
“This approach enables organisations to effectively solve multiple security issues – including data privacy, residency, security and compliance – through a single gateway, by bringing a previously unavailable level of security to cloud applications,” said Kothari.