CipherCloud encrypts data across multiple cloud apps

CipherCloud has released technology that lets government agencies and enterprises quickly deploy and manage encryption across multiple cloud applications with a single system, potentially saving time and money while locking down applications in a multi-tenant environment.

The company's Connect AnyApp encrypts data in transit, in use and at rest for public and private cloud Web applications without reducing application functionality, CipherCloud officials said. This includes Infrastructure-as-a-Service, Software-as-a-Service, and Platform-as-a-Service Web applications along with intranet applications behind the firewall used to manage sensitive data in enterprises.


Related coverage:

They send sensitive data to cloud, even if they don't trust security

Moving storage to the cloud? Don't forget about security


The CipherCloud Platform secures multiple cloud applications, including Salesforce.com, Force.com, Chatter, Google Gmail, Microsoft Office 365 and Amazon Web Services – cloud applications and services used by federal, state and local government agencies.

"Cloud encryption gateways that can be configured to encrypt or tokenize data are needed to reduce risk and allow businesses and governments to go beyond the firewall and adopt public and private clouds applications," said Lawrence Pingree, research director at Gartner, Inc.

CipherCloud Connect AnyApp

Prior to CipherCloud Connect AnyApp, enterprises were faced with complex or costly options to use encryption or tokenization with SaaS, cloud and Web applications, company officials said.

Enterprises could attempt to add encryption or tokenization to middleware or databases. However, this approach requires extensive development and integration and is not possible for SaaS or PaaS applications where code changes or database access is not allowed, officials noted.

Organizations could consider desktop software plug-ins or special mobile apps, but these approaches take time to deploy, don’t work across mobile devices and are frustrating for users, leading to low adoption rates.

Finally, enterprises could use cryptographic toolkits to develop custom integration or applications. However, preserving critical functionality like search, sort and format are nearly impossible with all of these approaches, officials said.

With Connect AnyApp, administrators simply specify fields on Web pages to be encrypted. Like other CipherCloud encryption gateway applications, there are no application changes or client software required. Enterprises can select from multiple encryption and tokenization options that preserve data format and operations, including search and sort, company officials said.

The company said securing data stored in Web applications is now as simple as:

    1. Installing the CipherCloud virtual appliance, which automatically generates an organization’s encryption keys.

    2. Specifying URLs of the public and private cloud applications to be encrypted.

    3. Using point-and-click functions to create policies to encrypt or tokenize one or more fields.

    4. Once a policy is enabled, data entered for the web application is automatically encrypted or tokenized using CipherCloud’s format and operations preserving technology, company officials said.

Reader Comments

Thu, Sep 6, 2012 CryptoPunk the ether

Looking at the NIST site, it appears that CipherCloud does not have a FIPS 140-2 certificate for their encryption. If that is the case, how can agencies buy the product? NSTISSP 11 mandates that only FIPS 140-2 modules can be purchased to protect even SBU data in the government.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above