Comments:"Responding to the Myths about CipherCloud’s Encryption Technology | CipherCloud Blog"
URL:http://blog.ciphercloud.com/responding-to-the-myths-about-cipherclouds-encryption-technology/
A couple of recent discussions in a few board threads contributed to by our competitors have questioned CipherCloud’s approach to delivering cloud information protection.
Most of the comments and posts were based on very limited publically available information. Most contributors basically admitted that they really didn’t know the facts of our functionality or approach. As a result I thought I would take a few minutes to provide some clarity on this topic.
To start off, I wanted to provide some clarity to the question of whether CipherCloud uses homomorphic encryption. The answer is NO. Homomorphic encryption is far from ready for practical usage due to performance and lack of capabilities.
But, CipherCloud does use publicly available, well researched, and NIST validated cryptographic algorithms to store data in the cloud. We also leverage our reverse proxy architecture, which is always in the data path, in-depth knowledge of cloud applications for in-line processing and transformation of data on-the-fly to support common operations on data including search and sort.
CipherCloud, also to be rather direct, and address some of the concerns that were raised in the threads, does NOT implement 1:1 mapping or ECB mode for any customer deployments.
The cited CipherCloud product demo in the board threads was focused on highlighting our reverse-proxy concept for cloud information protection to organizations using cloud applications. Some of the fundamental security features made available (e.g. full field encryption, randomization through IVs, etc.) were disabled because we were not comfortable sharing such IP on the internet while our patents are still pending. I’m sure most of you will appreciate that cloud information protection is one of the most desired spaces for investment, and many competitors are attempting to replicate CipherCloud’s success.
In addition to having conducted independent third-party cryptographic design reviews, CipherCloud is currently in the process of obtaining our FIPS 140-2 certification, which can be verified by visiting the following NIST website: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdf. All of our customers, that I know of, have selected our solution as the recognized standard for cloud information protection after a thorough evaluation, testing, and scrutiny by their cryptographers and key management experts.
As to the DMCA Notice sent to a site hosting images from a CipherCloud video, CipherCloud’s legal team like most other companies actively regulates the usage of our intellectual property, including copyright. But, based on feedback from the community we are implementing a modified policy to avoid such incidents going forward.
I understand and appreciate the interest in the market to better understand our technology, and I am happy to discuss additional details around our encryption implementation under NDA with for business needs. If you are interested in learning more, please contact CipherCloud directly via our website at info@ciphercloud.com