Because Web 1.0 is many years behind us, we can all look back and laugh at the sorry state of application and database security in those days. When we look back at Cloud 1.0 in a few more years, we're sure to have another good chuckle.
New technology takes time to mature -- and even longer to secure, it seems. It may be years before cloud service providers natively deliver the stringent data protection and regulatory compliance capabilities that the most security-sensitive enterprises seek. In the meantime, we can expect those needs to be filled by third-party vendors.
Some of those third-party vendors, such as CipherCloud, will be new companies with new ideas. The maker of a data encryption gateway for cloud services and SaaS applications, CipherCloud announced today that it has received $30 million in funding from Andreessen Horowitz. In an interview with InfoWorld, company founder and CEO Pravin Kothari said the investment would be poured into expanding sales and marketing into a global presence, as well as further product development. The company currently claims more than 40 customers in banking, insurance, health care, and technology. It's looking to bring a cloud-based version of the solution to midmarket customers next year.
CipherCloud's encryption gateway sits behind the customer's firewall, between the users and cloud services such as Salesforce.com, Gmail, Office 365, and Amazon S3, encrypting any sensitive data users send into the cloud. The keys to unlocking the data remain with the customer, not the cloud provider, and the data will make sense only when accessed through the gateway. The data will appear to the cloud provider, and to anyone else who views it directly, as gibberish.
The secret sauce, Kothari said, is the ability to encrypt the data while preserving the data format and the operations of the application. "We don't break applications with our encrypted data," he explained. "We make sure that all the user's operations like searching, sorting, and reporting continue to work even when the data is encrypted in the cloud application."
Kothari added that the use of symmetric encryption keeps the processing overhead to a minimum, resulting in nearly zero latency. It's an important selling point that should lower the costs of data protection in customers' eyes -- at least until the day comes when the clouds provide the same level of data protection on their own.
This article, "Andreessen Horowitz bets big on cloud security," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.