A couple of recent discussions in a few board threads contributed to by our competitors have questioned CipherCloud’s approach to delivering cloud information protection.
Most of the comments and posts were based on very limited publically available information, some of which was outdated. As a result I thought I would take a few minutes to provide some clarity on this topic.
To start off, I wanted to provide some clarity to the question of whether CipherCloud uses homomorphic encryption. The answer is NO. Homomorphic encryption is far from ready for practical usage due to performance and lack of capabilities.
But, CipherCloud does use publicly available, well researched, and NIST validated cryptographic algorithms that have been implemented in compliance with FIPS 140-2 standards. We also leverage our reverse proxy architecture, which is always in the data path, and incorporates in-depth knowledge of cloud applications for in-line processing and transformation of data on-the-fly to support common operations including search and sort.
CipherCloud, also to be rather direct, and address some of the concerns that were raised in the threads, does NOT implement 1:1 mapping or ECB mode for any customer deployments.
The cited CipherCloud product demo in the board threads (which is quite outdated) was focused on highlighting our reverse-proxy concept for cloud information protection to organizations using cloud applications. Some of the fundamental security features made available today (e.g. full field encryption, randomization through IVs, etc.) were either disabled because we were not comfortable sharing such IP on the internet while our patents are still pending, or not available at the time of recording. I’m sure most of you will appreciate that cloud information protection is one of the most desired spaces for investment, and many competitors are attempting to replicate CipherCloud’s success. CipherCloud continues to invest significantly on R&D efforts to offer ongoing security improvements to customers with each new release of the product.
In addition to having conducted independent third-party cryptographic design reviews, CipherCloud is currently in the process of obtaining our FIPS 140-2 certification, which can be verified by visiting the following NIST website: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdf. All of our customers, that I know of, have selected our solution as the recognized standard for cloud information protection after a thorough evaluation, testing, and scrutiny of our product’s design and implementation by their cryptographers and key management experts.
As to the DMCA Notice sent to a site hosting images from a CipherCloud video, CipherCloud’s legal team like most other companies actively regulates the usage of our intellectual property, including copyright. But, based on feedback from the community, we are implementing a modified policy to avoid such incidents going forward and wholeheartedly apologize for the temporary disruption to the discussion threads on the internet.
I understand and appreciate the interest in the market to better understand our technology, and I am happy to discuss additional details around our encryption implementation with our customers, prospects and partners. If you are interested in learning more, please contact CipherCloud directly via our website at firstname.lastname@example.org