Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Experts challenge Skyhigh's patent for cloud-based encryption gateway

Maria Korolov | Aug. 26, 2016
Skyhigh Networks, Inc., announced today that it has received a patent for using a hosted gateway to encrypt and decrypt data moving between users and cloud services such as Office 365, but some experts say that the technology is neither new nor unique

Is it secure?

Skyhigh's process for distributing encryption keys to gateways on external servers doesn't necessarily guarantee security, said David Cash, a computer science professor at Rutgers University.

"If someone were to compromise the server, they would need to do it while the key is there and in memory," he said. "But that is much more difficult and mitigates most threats."

There are no absolutes in security, he added.

One common security problem is when the encryption keys are stored too close to the data that they are meant to protect, said Kevin Curran, IEEE Senior member and senior lecturer of computer science at the University of Ulster.

"A third party encryption key proxy hosted in the cloud could add a protection layer by keeping the keys separate from the encrypted data," he said. "That separation, no matter how it is implemented, is what is crucial in this model.”

Plus, on-premises solutions may offer more control but can create significant management challenges for IT departments, he added.

An increase in position, but it isn't bullet proof

"Sadly, most enterprises play fast and loose with their keys and only the most security conscious businesses and teams think of end-to-end data security," said Richard Stiennon, chief strategy officer at London-based Blancco Technology Group.

Skyhigh's technology makes it possible for an enterprise to encrypt its data in the cloud using its internally controlled encryption keys without exposing them to the rest of the world, he said.

Patents are important to technology companies to help them establish market dominance and confirm the value of their products, he said. "And for Skyhigh, it will likely help them increase their competitive position in the cloud encryption market."

"But at the same time, I don’t think this method is bullet proof either," he added. "Encryption keys held in memory are not impervious to attack. They can even end up recorded in memory snapshots taken of virtual environments that haven’t been properly and permanently erased."

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.