Bitglass boosts security for data in public-cloud apps
The company has received a U.S. patent on the technology it is using to deliver the searchable encryption and that is now available through its security-brokering service.
The service is designed for corporate customers who want to use cloud software as a service (SaaS) but who don't want their data stored unsecured in the cloud.
A gateway on customers' sites encrypts data that is headed to the cloud, then uploads only an encryption prefix or handle to the cloud itself. When an authorized person wants to use the cloud app, the app sends down the handle to the gateway. The gateway uses the handle as an index to find the full version of the encrypted data and decrypts it.
This method removes the barriers of slow search for full versions of data in the cloud that has been encrypted and it makes the data less susceptible to statistical attacks. Even if the handles that are stored in the cloud were to be stolen, they would be useless without being linked to the full data they represent. That link can be made only via the gateway, which is protected inside the corporate network, says Anurag Kahol, the CTO of Bitglass.
The problem with this type of service has been that the stronger the encryption, the slower it is to search it and decrypt it. When the encryption is less strong the search is faster but the security is weaker.
Bitglass, based in San Jose, Calif., is 2½ years old, has $35 million in venture funding in two rounds and has about 50 employees.