Encryption Vendor Offers No-Breach GuaranteeEncryption Vendor Offers No-Breach Guarantee

What if your security vendor gave your company a refund in the event it suffered a data breach? That's what encryption software vendor BitArmor is now offering customers should an attack crack its product's security controls.

BitArmor, which sells software that encrypts data at the file level and not just at the device, announced today that it will guarantee its DataControl software by giving customers of the product a full refund if their data is compromised in a breach. "[But] we're not claiming our product [is] unbreakable," says Patrick McGregor Ph.D., CEO of BitArmor. "We just do a better job at preventing a breach. If a customer does encounter a breach and [our] controls don't work, they get their money back."

McGregor says a forensics expert would determine whether the breach was a result of DataControl getting hacked. "We're the first encryption vendor to guarantee the security of the encryption solution," he says.

Some security experts have long called for vendors to offer some sort of breach guarantee. Experts say this type of offer could eventually become the norm for security products, especially in an increasingly competitive market.

"I think that other DLP [data loss prevention] vendors will feel pressured to do this," says Nick Selby, vice president and research director at The 451 Group, although BitArmor is in a different category since it's an encryption company. "The BitArmor no-breach guarantee might sound gimmicky, but after thinking it through, it's quite a bold statement about its confidence in its product."

BitArmor's DataControl software's Smart Tag technology basically enforces "persistent" file encryption policies for data as it travels from a laptop, file share, USB, email attachment, and backup tapes, according to the company.

"Our approach is data-centric: We attach Smart Tags to the data itself, so it remains protected wherever it goes," McGregor says.

McGregor says he's not worried that the guarantee will serve as a challenge for hackers; so far, he adds, none of BitArmor's customers has experienced an attack that cracked its product.

"We think this guarantee is going to encourage others to offer similar ones. Bruce Schneier has been calling on the industry to do something like this for a long time," he says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message