The Edward Snowden leaks about widespread governmental surveillance of individuals has led to a huge growth in awareness about encryption. Only a few years ago encryption was a term known only to security staff, conspiracy theorists, and researchers. Today, every man, woman, and their dog has at least some idea about what encryption is and does.
But at the same time there have been a few blockers to more widespread adoption of encryption. The rise of cloud-based file sharing has been a boon for collaboration, but in order for that collaboration to be really effective, all parties need to be able to view and search the files they have access to. And in order to search files, they obviously need to be in clear type.
Or do they?
A new patent that has just been granted to Bitglass challenges that assumption. Bitglass is one of a growing number of so-called cloud access security brokers. What that means is that Bitglass (and its competitors CipherCloud, Netskope and Skyhigh Networks) all help customers of cloud services ensure that their data is safe. They secure access to data from cloud services, on mobile devices, and on the network.
The company has secured a patent for searchable, full-strength AES-256 bit encryption for cloud applications. What that means for those not well-versed in the minutiae of encryption is that organizations can leverage 256-bit AES (read: really hard to crack), but still enjoy full application functionality and searchability.
What this means, beyond significant excitement and interest from the more technical among us, is that enterprises can deploy public cloud applications such as Office 365, Salesforce, and Box while keeping sensitive data encrypted in a secure private cloud environment and retaining sole custody of encryption keys. This is important since many cloud services offer encryption, but only when the vendor has access to the encryption keys - the reasons are obvious, vendors drive their storage efficiencies by deleting duplicate files. If I have a song stored in iTunes, for example, and 1,000 other people have the same song, only one copy of the actual file needs to be kept. With encrypted files, however, vendors can't "see" into the file to delete duplicates, thus reducing their efficiencies.
"Prior approaches to searchable encryption came in two flavors, weak cyclic ciphers from the Roman empire, or currently impracticable homeomorphic approaches that propose new algorithms from scratch," Bitglass CEO Nat Kausik said. "The Bitglass system uniquely delivers full-strength searchable encryption on top of established cryptographic standards such as AES."
With this technology, sensitive corporate data and an encrypted search index are pulled out of cloud applications like Salesforce, Office 365, and Box and stored encrypted in the organization's private cloud. This combines the security of a private cloud with the flexibility of public cloud applications. Bitglass' technology simultaneously maintains security (FIPS 140-2 Certified 256-bit AES encryption with 256-bit initialization vectors) and application functionality (including sorting, wildcard search, auto-complete, etc.).
This is actually pretty cool and delivers two things that we thought were mutually exclusive. "Until now, enterprises with sensitive data have faced the seemingly impossible task of making that information available to employees anywhere, anytime while ensuring that the data is secure and meets increasingly stringent compliance requirements. Bitglass' solution enables enterprises to achieve the best of both worlds," Martin Hellman, a security expert best known as the co-inventor of public key cryptography, said.
Delivering strong encryption is a hugely positive move and keeps individuals and organizations safe. To do so while still allowing for full application functionality is exciting.
This article is published as part of the IDG Contributor Network. Want to Join?