Cloud Computing Security

Has CipherCloud Got the Answer to post-PRISM IT?

The long-tail fallout from the NSA/PRISM/Edward Snowden affair was always going to include a wave of security companies touting their wares, but CipherCloud is in a more privileged position than almost any to talk about IT in the post-PRISM world.

The San Jose company’s softly-spoken, India-born CEO Pravin Kothari has form in the security and risk area, having helped set up Agiliance and ArcSight. His latest company is causing a buzz in Silicon Valley because it is a match for today’s business-technology zeitgeist where cloud adoption, data privacy, data residency and governance are all high on the agenda. CipherCloud provides a set of tools for securing cloud applications and services without affecting their usability. It does this by encryption, scrambling data before it gets to the cloud, so it is useless to any organisation demanding crypto keys from cloud service providers or any malicious attacker. (Another benefit is that real corporate data no longer travels across cloud datacentres so data residency concerns are negated.)

If there is no answer to security and data governance in the cloud then buyers could delay moves, pull out of current investments and the US cloud sector will suffer. The Information Technology & Innovation Foundation think-tank has suggested PRISM could cost US cloud service providers up to $35bn in lost revenues over the next three years alone. Enter CipherCloud.

“We have the solution to PRISM and enquiries have tripled since the affair,” says Kothari. “C-level commandments are coming down to sort this out.”

Think of CipherCloud as a Switzerland that is located between the attractions of the cloud and the comfort factor of behind-the-firewall data control. And, since security, governance and related issues represent some of the biggest gating factors to cloud adoption, it’s unsurprising that the company is generating interest among tech thought-leaders. And all this before its third birthday.

Marc Andreessen, certainly one of the most prominent tech thinkers today, calls CipherCloud “the missing link between full-scale enterprise security and compliance and then full adoption of the cloud, because you don’t have to make the trade anymore of having unencrypted data running around the network…  If CipherCloud had been around 10 years ago, the cloud would already have been comprehensively adopted everywhere”.

Almost like Victor Kiam, of Remington shaver fame, Andreessen liked the company so much he bought (into) it, in this case to the tune of $30m via his Andreessen Horowitz fund. That funding, with investments from other blue-chip VCs, is helping the company to go international and forge relationships with premier-league cloud outfits like Box, Google (for Apps), Amazon Web Services, and ServiceNow, as well as an army of consulting partners.

It’s a classic tech startup rocket-ship story and there’s no doubt that with its two million business users, 300 staff and presence in 14 countries, CipherCloud is moving fast. Non-US sales, perhaps understandably given the post-PRSM environment and the power base of US cloud companies, is a larger than usual slice of the pie.

“Fast-forward two or three years and enterprise data traffic will be more than 50 per cent cloud but all the investment is in network monitoring and they are not addressing enterprise cloud threats,” says Kothari. “CIO, CISO and CTO customers said to us that the number one problem was rogue IT - shadow IT, people swiping the credit card and signing up for services - and they wanted to get control back.”

CipherCloud is a way to regain that control, he argues.

Not everybody buys the whole CipherCloud story, of course. A Wall Street Journal report questioned whether highly sensitive data such as defence information could be stored in the cloud. The company also caused a kerfuffle when it filed a takedown notice on a technical discussion board where CipherCloud’s underlying technologies were being discussed. And there is no telling what future regulations might demand of information storage and transit strategies.

But CipherCloud undoubtedly has an interesting proposition. Having already enjoyed one big exit with ArcSight, Kothari’s ambition is to go further and he thinks his latest company has the legs to be much bigger even than ArcSight, which sold to HP for about $1.5bn in 2010. The plan is to build an iconic company like Apple and Salesforce; with the cloud and IT security going through such disruptive times, he might just do it.


By Martin Veitch, Editorial Director, IDG Connect



« The CMO Files: Craig Beddis, CMO, Automic Software


"Bangalore Calling": IT Enclaves vs. the Rest of the City »
Martin Veitch

Martin Veitch is Contributing Editor for IDG Connect

  • twt
  • twt
  • Mail


Do you think your smartphone is making you a workaholic?