A cold wind blew across cloud software companies and cloud resellers after analyst Edward Snowden first lifted the lid on his former employer, the National Security Agency. The US’s digital espionage department has been constantly in the headlines as its overreach was gradually exposed; for scooping up email addresses and other internet traffic, stealing contact lists and apparently customer data from major cloud providers.
But at least one vendor is cheering. “Before [the NSA revelations], we were reacting to hacking sponsored by the Chinese government,” says Paige Leidig, chief marketing officer for CipherCloud.
“That seems to have fallen out of the front page and every other week we’re hearing about [US surveillance program} Prism and the NSA. It’s helping our business grow like a rocketship.”
CipherCloud is one of several cloud security companies whose fortunes have ballooned on the back of the NSA’s indiscretions. In just a few months CipherCloud claims to have grown from 1.2 million to 2 million customers.
So what exactly does CipherCloud do? Its software, running on a server or a virtual machine in a company’s premises or a hosted data centre, encrypts all traffic to popular cloud services such as Salesforce.com, Google Apps, Microsoft Office 365, and others. The company retains the encryption keys, not CipherCloud, so no-one else is able to decrypt the data.
It seems hard to believe that there would be no impact on performance if data sent to and from a cloud app was passed through an encryption server. Not to mention the challenges of ensuring a cloud app was 100 percent compatible with the encryption.
But Pravin Kothari, founder and chief executive of CipherCloud, claims there is no impact on speed or functionality. “We have ensured that the entire cloud app works,” Kothari says.
CipherCloud doesn’t work with any cloud service. It must be programmed to work with each one, so only the most popular are represented. But it automatically solves the biggest concern companies have about the NSA - that Google, Microsoft and other cloud vendors will hand over their data to government agencies without the user’s knowledge or permission.
US cloud providers will turn over data to the government irrespective of whether the business is American. But there’s no point turning over data that’s unreadable, Leidig says.
“Now the government can’t just go to Google and Microsoft and get the information. They have to go to the business,” Kothari says.
“Our technology allows the customer to hold onto the keys so only they can open the data. In the event that the US government asks for access to that data, the cloud provider can’t turn it over because all they’ll see is gibberish,” Leidig says.
Because US cloud providers will hand over any data requested to a government agency, even data that belongs to non-US companies, giving control back to the owner of the data reinstates the jurisdictional boundaries.
“If it’s a US business they have to comply. But if it is an Australian business then they don’t need to comply. That’s the way it works today, and that’s the way it should work in the cloud,” Kothari adds.
Enterprise CIOs have never been keen on the cloud because it inherently has a problem with visibility and control, Kothari argues. Business executives typically overruled these concerns to get their hands on the latest productivity software.
But Prism has got boards and CEOs nervous. They don’t want data to go the cloud without proper protection. Cue the new breed of security vendors.
The NSA revelations have slowed the advance to the cloud, Kothari says. “We are getting messages from our cloud providers that businesses with large enterprises outside the US has come to a grinding halt. Even existing customers are asking for more control,” he says.
“This is one reason our business is growing extremely fast. Cloud providers are giving us all their relationships.”
Cloud security is one of the hottest areas in tech. Whether you look at number of companies, capital raised or innovation, the scene is jumping. Companies are adopting cloud apps at an increasing rate, and simultaneously, governments and industries have released regulations requiring companies to protect customer data stored in the cloud.
These two trends were in full effect before the NSA gave security another boost. Industries most interested in encrypting their cloud data included banking, insurance, high technology, retail, pharmaceutical, agriculture and government, Kothari says.
The most popular apps to encrypt include CRM (in particular Salesforce.com), ServiceNow, Jive, Box, NetSuite, SuccessFactors, Google Apps and Office 365.
CipherCloud also supports Amazon Web Services, which should be a winner considering the enormous impact the bookseller’s cloud division is having locally.
Cloud security should get resellers cheering too. It’s a perfect entree to selling higher margin services that can make up for the paltry margins on Google Apps, Office 365 and other cloud apps. CipherCloud has more than 50 partners including system integrators, Salesforce.com resellers, Gmail resellers and others.
“There’s a huge ecosystem of these general partners who are selling cloud and they are facing the same problem – that enterprises don’t want to move to the cloud. So they come to us,” Kothari says.
He claims that almost two thirds of CipherCloud’s sales come from channel partners. In Australia its partners are all at the upper end of the scale; Deloitte, Wipro, Accenture, Cloud Sherpas, BlueWolf.
Sales drivers in Australia are security, privacy (a globally leading area for Australia, Kothari says), regional compliance and data sovereignty.
Kothari and Leidig were in Sydney recently to open the firm’s local office, which they said is part of a plan for “rapid expansion in Australia and New Zealand and across the Asia Pacific”.
They claim to have two of the big four banks as customers as well as representatives from financial services, healthcare, government and retail. Australia is CipherCloud’s fastest growing market, followed by Europe and North America.
“Like many countries around the world, Australian organisations want to capitalise on cloud applications in a secure way,” says Kothari.
“At the same time, policies such as the Australian Privacy Act, Australian Privacy Act Amendments and New Zealand’s Privacy Act are driving organisations to address data privacy and regulatory compliance. As result, CipherCloud has seen 175 percent year-over-year growth.”
Adding to this, CipherCloud’s regional director in Australia, Iman Ghodosi, said: “The opening of our Asia Pacific headquarters doors is recognition of the amazing growth we’ve achieved in a very short time.
“We look forward to helping organisations in Australia and New Zealand adopt cloud applications, while ensuring that their sensitive information is fully protected and in compliance with data privacy guidelines.”
It’s interesting to see how the biggest security companies have taken a back seat to developing new products. Cloud and mobile security are white hot and yet many big names can’t provide anti-virus security for mobile devices, for example.
“Big companies don’t move very fast,” Kothari says. “Even if they don’t, the market certainly will.“
Sholto Macpherson is a journalist and commentator who covers emerging technology in cloud software and services.