Cloud
5/9/2013
11:28 PM
Connect Directly
RSS
E-Mail
50%
50%

Startups Tackle Secure Corporate Data Access From Personal Devices

With employees wanting to use data both inside and outside the company, cloud security startups have focused on two models: protecting data in third-party cloud services and protecting data on the endpoint

As cloud services gain popularity and employees increasingly work from a variety of personal devices, workers expect to be able to access their data from anywhere.

Yet the trend poses security risks for business data, which typically ends up in one of two places outside the corporate network: stored in a cloud service or saved on an employee's device -- and with file-sharing services, it can be both. Because securing data in the cloud means protecting it wherever it is, a bevy of young firms and startups have focused on the problem of protecting data while allowing employees easy access to business information.

Two complementary approaches have evolved to handle these needs for companies. On one hand, companies that want to use cloud services but not lose control of their sensitive data can use a cloud-security gateway to encrypt sensitive data as it leaves the network to be stored in the cloud. On the other, companies can allow employees to work with sensitive data from their devices without losing control by using secure containers to protect and limit the use of the information.

"Both approaches are nearby stops along the evolutionary train," says Suresh Balasubramanian, CEO of Armor5, a year-old startup that has created a technology for offering access to enterprise applications through a protected cloud service.

The two approaches tackle the most common security issues that concern company executives moving parts of their businesses to the cloud. They also represent two legs of the triangle between corporate data, cloud services, and work-anywhere users. Business data can be protected inside cloud services and remote employees can securely access sensitive data without the business losing control of the data.

Businesses need to evaluate where they believe their risks lay in using cloud services, but may need both types of services to best cover the worst threats to their data.

"The immediate demand for data outside the enterprise comes from the mobile workforce, who want to access it on their devices," says Balasubramanian. "The first step is to plan to secure the data and not to just throw it into the cloud."

Companies that worry about the privacy and security of their data as well as complying to a particular nation's laws can use a cloud-security gateway, called a broker, to modify sensitive data as it leaves the corporate network, encrypting or tokenizing it for protection. The technology adds a layer of security that the company can control without relying on their cloud provider to keep their data secure, and makes the use of the data auditable, satisfying compliance mandates. At the same time, the company wants to be able to continue to allow some functions, such as search and report generation, which frequently are lost when data is encrypted.

[An original aim of the cloud was to simplify corporate infrastructure, but having a multitude of services has made networks complex and hard to manage. Can adding a third party make the cloud more secure? See Cloud Brokers Seek To Simplify, Secure Services.]

"It's a hard problem to solve because you have to make sure that you provide that robust security -- it has to be a vetted encryption and tokenized solution -- but you also have to preserve the application functionality, and that is a really hard thing to do," says David Canellos, CEO of cloud-security service provider PerspecSys.

On Thursday, the year-old startup closed a second round of funding for $12 million. PerspecSys and 2-year-old rival CipherCloud have both seen demand for their cloud-security gateways.

If businesses are not storing sensitive data in the cloud, but are losing track of documents and other data among the plethora of mobile devices, then using a cloud-security broker to securely access corporate data can help reign in unrestricted sharing. The danger is that employees may not understand the dangers of sharing and syncing through the cloud, says Armor5's Balasubramanian.

Many cloud services "are in the business of syncing everything, and now they have just transported your documents onto all these devices, even ones that you might have only incidentally used," he says.

Armor5 and rival Watchdox, founded in 2007, take slightly different tacks to secure data. Armor5 offers a portal -- or the technology for a company to set up its own portal -- through which remote employees can securely access data, but not leave any resident on whatever device they are using. Watchdox uses encryption, key management, and a virtual container on the device to restrict access to documents.

"It's about securing the last mile," says Balasubramanian.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Robert Lemos is a veteran technology journalist of more than 16 years and a former research engineer, writing articles that have appeared in Business Week, CIO Magazine, CNET News.com, Computing Japan, CSO Magazine, Dark Reading, eWEEK, InfoWorld, MIT's Technology Review, ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2021
Published: 2014-10-24
Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.4.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name.

CVE-2014-3604
Published: 2014-10-24
Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVE-2014-6230
Published: 2014-10-24
WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header.

CVE-2014-6251
Published: 2014-10-24
Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overflow with a mining.notify request.

CVE-2014-7180
Published: 2014-10-24
Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.