BitArmor Encrypts & Classifies

Startup BitArmor will emerge from under the radar next week with a product that claims to combine encryption and classification to secure data and manage it over its lifetime.

BitArmor will unveil BitArmor Security Suite Monday, which it bills as a "data security and data lifecycle management" product. It claims to encrypt and classify information as well as handle access control, authentication, key management, and automate data destruction and deletion.

Think of it as a combination data classification a la Abrevity, Arkivio, Kazeon, Index Engines, Njini, Scentric, and StoredIQ, Scentric and an encryption alternative to Network Appliance's Decru, NeoScale, and Maxxan. (See De-Classifying Data Classification, NeoScale Claims Speedy Encryption, and NetApp Buys Decru.)

At least, that's how BitArmor wants you to think of it. No one can be sure yet how well it works. BitArmor marketing VP Mark Buczynski says there are four companies using the software, but he won't name them.

"I have not talked with any of their betas, but on paper their stuff looks damn good," says one analyst who asked not to be named. "Assuming it works as advertised, I like it."

The Security Suite is made up of software and two key servers. The software loads on servers with applications you want to protect and desktops or laptops that access that data. Two key servers are used for redundancy.

It is priced as an annual subscription on a per seat, per feature basis. A small enterprise configuration of replicated key servers and full protection for five laptops would cost $10,495 a year for three years, while an enterprise configuration of replicated key servers, and full data protection and retention policy support for 500 desktops/laptops would run $65,495 per year for three years.

Of BitArmor's claims, perhaps the most impressive are that it can encrypt via software at wire speed and simplify key management. Buczynski says BitArmor doesn't use PKI for encryption, but has patent-pending cryptography and algorithms that accelerate AES and Triple DES out of band to eliminate bottlenecks.

The big knock on software-based encryption is that it takes up CPU cycles and slows performance. Analyst Richard Stiennon of IT-Harvest says that's no longer necessarily the case because newer processors can handle encryption on the server.

"Processors are fast enough to do it now," he says. "I expect software encryption to be the primary method for data at rest. At motion will have to be handled on hardware because there's so much data and so much motion."

As for key management, BitArmor uses key escrow devices to store retention and encryption keys separate from the key server. The key server does not encrypt data, but pushes it to the servers running the BitArmor software.

"They try to simplify something that's hard to do and hard to manage," Stiennon says. "The original layout for encryption meant storing keys and having revocation lists. BitArmor is sidestepping all that at the data level.

BitArmor is missing search -- an increasingly important classification feature -- but Buczynski says it is on the roadmap.

Analyst William Hurley of Data Mobility Group says BitArmor's plan is to attack the whole process of data security, rather than just a piece of it like most storage security products.

"Today you have the Dutch boy solution of trying to stick your finger into the hole with encryption on this device or that device," Hurley says. "They [BitArmor] try to strengthen the whole wall. They're bringing some necessary functions to storage -- encryption, access control, access management, and tying into ILM and directory architectures that people have in place."

BitArmor started in 2003 looking to develop a data security product, and added classification along the way. The Pittsburgh-based startup has $5 million in funding from angel investors and a Series A VC round closed in March.

Its biggest challenge is to convince companies to turn over data security to a startup, especially when major storage vendors are talking up security and laying out big bucks for acquisitions. In the last three months EMC paid $2.1 billion for RSA Security and IBM put down $1.3 million for Internet Seurity Systems (ISS). (See EMC Secures RSA for $2.1B and SBR's Summer Makeover.) Symantec spent $13.5 billion in 2005 to add Veritas' data protection to its security platform.

To underscore the importance of encryption, this week IBM and Sun rolled out tape libraries with encryption built in (See LVL7 Preps for IPv6 and Sun Encrypts Tape Drive.)

That means if BitArmor works as advertised, it will likely attract the attention of the major storage firms.

"These guys can be very attractive acquisition targets," Hurley says. "They can make a tremendous complement to the security technologies of the large vendors."

— Dave Raffo, News Editor, Byte and Switch