Encrypted and still searchable

Encrypted data out in a cloud service may be safe, but is unusable to the business until decrypted, a problem that CipherCloud has solved with searchable data encryption

  • 11 years ago Posted in

 Encryption, like most other things in life, has a trade-off built into it, which has traditionally been that while the technology can stop anyone else understanding the valuable information any business is using, even if an unauthorised access is possible, it can also make it just as difficult for staff of that business itself to work with the data.

That can take several process steps – such as downloading the data from storage, decrypting it, working with it, re-encrypting it again, and then uploading it. If it was possible to cut any of those steps it could be helpful, not just in shortening the time taken to achieve something, but also allow staff to stick more closely to their core tasks, rather than be involved in managing `IT’ functions.

That is what lies behind the latest development to pop out of encryption and information protection specialist, CipherCloud. In essence, its answer has been simple – make encrypted data searchable by the business that owns it, and its authorised partners and collaborators, without having to first decrypt it. 

This Searchable Strong Encryption (SSE) solution is aimed primarily at users looking to exploit the growing range of cloud-delivered services such as Box for data storage and collaboration services, and Salesforce.com. As SaaS services like these become more mainstream for more businesses and organisations, the need to keep the information process chain both as secure and as short as possible becomes more and more important.

“Business users demand security to be transparent,” said Pravin Kothari, founder and CEO of CipherCloud. “Applying strong encryption, AES 256-bit, to data while keeping it entirely searchable has been a long-standing challenge. CipherCloud has now raised the bar by enabling the full usability of encrypted data in the cloud, without compromising security or performance.

“Searchable Strong Encryption allows customers to search their encrypted data while it is out in the cloud, and it can be unstructured and full text data. Typically, there is a trade-off required between the level of protection available and usability when trying to build system that is able to work with natural language. But we can offer the maximum level of protection that others can, and the full usability.” 

CipherCloud has already formed partnerships with many of the leading providers of cloud data services, including Salesfoce.com, Box, Microsoft Office 365 Google Mail and Amazon Web Services. Additionally, CipherCloud for Any App and CipherCloud for Databases enable organisations to extend data protection to hundreds of third-party cloud and private cloud applications and databases.

The company’s SSE technology uses its gateway architecture to provide secure local index and search operations while sending the strongly encrypted data to the cloud and protecting it from external threats. This solution enables natural language, wild cards and Boolean searches of AES 256-bit encrypted data. Other available techniques on the market lack searchability or require complex deployments of local databases or rely only on partial data encryption.

The solution also enables organisations to comply with government regulations and industry mandates including – GLBA, PCI, HIPAA and HITECH, the EU Data Protection Act, UK ICO guidance, the Australian Privacy Amendment Act and US State Privacy laws.  

Its key capabilities include a comprehensive Protection Platform which delivers advanced searching of strongly encrypted data while preserving security, usability and performance. It allows users to select a preferred protection scheme for each individual field for maximum security and usability.

An Intuitive Search system supports flexible search terms, such as `starts with’ and `ends with,’ wild cards, natural language matching and Boolean phrases, compatible with today’s Internet search conventions. It also features AES 256-bit encryption, robust Key Management that complies with NIST SP 800-57 standards, and FIPS Certification. CipherCloud claims it is the only vendor in the cloud information protection market that has completed certification testing by an independent NIST-certified testing lab as part of the FIPS 140-2 certification process.

Talent and training partner, mthree, which supports major global tech, banking, and business...
On average, only 48% of digital initiatives meet or exceed business outcome targets, according to...
GPUaaS provides customers on-demand access to powerful accelerated resources for AI, machine...
TMF Group, a leading provider of critical administrative services for global businesses, turned to...
Strengthening its cloud credentials as part of its mission to champion the broader UK tech sector...
Nearly all UK IT managers surveyed (98%) state cloud investment is an organisational priority for...
LetsGetChecked is a global healthcare solutions company that provides the tools to manage health...
Node4 to the rescue.