How to keep the feds from snooping on your cloud data

Virtual padlocks can keep storage providers -- and the government -- from accessing data in the cloud

1 2 Page 2
Page 2 of 2

Ensey and his wife used the cloud encryption tool during a recent refinancing of their house. Initially, the security-sensitive Ensey passed along sensitive financial data to his mortgage broker using a USB thumb drive, something that turned into a laborious process. With SafeMonk, the couple could securely share files quickly.

"At some point you get worried that email isn't something that is very secure. Anything you put in there is being indexed by Google," he said, referring to Gmail. "I like having more control over that.

"And [my wife] doesn't even realize it's there. It's transparent," he continued. "This product is really pretty approachable. I just point to a folder and tell her anything you put in this will be protected."

Ensey also said he'd like to see the tool expanded for mobile and Android OS use.

Other options

SafeNet is not alone in offering a virtual padlock for cloud-based data stores. Vendors such as Boxcryptor, Sookasa, TrustedSafe and PKWare with its Viivo offering, are also going after the same market, according Heiser. So is CipherCloud, which is expected to offer consumer cloud encryption protection.

Willy Leichter, senior director of product marketing for CipherCloud, said virtual padlocks for cloud storage is a nascent but "hot" area for his company, especially in light of the increase in government requests to vendors for access to customer data.

Through its CipherCloud Platform, the company currently offers cloud data encryption and data loss prevention (DLP) tools for Office 365, Salesforce, Gmail, and Amazon. CipherCloud recently announced a partnership with cloud storage and content-sharing service Box.com, offering DLP to users.

While Leichter said CipherCloud's cloud encryption business is "growing rapidly," he would not expound on whether his company plans to begin selling a consumer-class product anytime soon.

Businesses are acutely sensitive to government information requests because they're also beholden to privacy laws, such as HIPAA and the Gramm-Leach-Bliley Act. So, in highly regulated industries, such as financial services and healthcare, businesses must strike a balance between government oversight and consumer privacy.

"They feel they can't comply with local privacy laws and have their data subject to Patriot Act. We allow them to encrypt their data in the cloud and they keep the encryption keys," he said.

The U.S. Electronic Communications Privacy Act of 1986 came along in the early days of the Internet. The act did not require government investigators to obtain a search warrant for requesting access to emails and messages that are stored in online repositories.

In 2001, the Patriot Act further added to the authority of the federal government to search records under its "Library Records" provision, offering a wide range of personal material into which it could delve.

"You can argue that people shouldn't try to skirt around the Patriot Act, but they're also trying to comply with data privacy issues," Leichter said. "When some government agency requires information disclosure, most organizations I know would like to make that decision themselves and not have the cloud provider make it for them."

This article, How to keep the feds from snooping on your cloud data, was originally published at Computerworld.com.

Lucas Mearian covers storage, disaster recovery and business continuity, financial services infrastructure and health care IT for Computerworld. Follow Lucas on Twitter at  @lucasmearian or subscribe to Lucas's RSS feed . His e-mail address is lmearian@computerworld.com.

See more by Lucas Mearian on Computerworld.com.

Copyright © 2013 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon