Skyhigh announced today that it has received a patent for its technology, which moves that encryption gateway into a hosted environment.
Enterprises looking to protect sensitive data stored in cloud services can funnel user traffic through on-premises encryption gateways that allow them to keep control of their encryption keys.
Moving the encryption process to Skyhigh's servers allows for easier access by remote employees, mobile users, business partners, or customers, said Rajiv Gupta, Skyhigh's CEO. He says the company offers these encryption gateways in various locations, allowing customers to comply with data residency and privacy laws.
Gupta said that his is the only company offering such services, and dismissed concerns that the patent was too broad, or not new.
"In this case, there is no prior art," he said. "It hasn’t been done before and certainly wasn’t before we filed for the patent."
He added the company will not be using the patent aggressively.
"We will not be patent trolls," he said. "For us, this patent primarily is defensive so that we are not impeded from addressing our customers’ needs."
The patent also discusses the process by which customer-controlled master keys are used to create derived keys that are, in turn, distributed to the proxies, where they are used for the encryption and decryption process but are never stored.
"The master keys never leave the customer premises, the derivation happens on premises," said Kaushik Narayan, Skyhigh's co-founder and CTO. "And we have all kinds of protections on our proxy so that you can't dump memory, you can't inspect memory."
Skyhigh's Cloud Access Security Broker currently supports Salesforce, Office 365, ServiceNow, Google Drive, Box, and Dropbox.
Some security experts say that Skyhigh's hosted encryption gateway is neither new nor unique.
"There is no shortage of prior art," said Dave Lewis, global security advocate at Cambridge, Mass.-based Akamai Technologies Inc. "I'm actually surprised that they got the patent. There's really nothing new here."
Lewis pointed to a book titled "IT Security Risk Management" by Tobias Ackermann, currently CTO at Casamundo GmbH, based in Germany.
"It came out two years before they applied for their patent, and that book references exactly this," he said. The book was published in 2012, and Skyhigh applied for their patent in 2014.
The Skyhigh patent also appears to overlap with the Key Management Interoperatbility Protocol, said Rich Campagna, VP of products at Campbell, Calif.-based security firm Bitglass, Inc.
KMIP dates back to 2010, and is a standard protocol for the exchange of encryption keys, he said, that is widely adopted commercially.
It includes a function that "is used to derive a symmetric key or Secret Data object from a key or secret data that is already known to the key management system," he said, adding that this is "exactly the process described in claim number one of the patent."
Sign up for CIO Asia eNewsletters.