Well-funded startup Ionic Security has launched a data-protection service that guards encrypted documents no matter where they go until access is authorized by its policy engine based in the cloud, making it possible to protect data even if the files that contain it fall into the wrong hands.
Ionic controls access to the keys needed to unlock encrypted documents so only those who are meant to access the data have the ability to decrypt it. In addition, the service sets policies on what can be done with the data once it's accessed.
The company's significant offering is that it takes on the entire burden of managing the keys, a huge undertaking that it has automated and that customers don't have to bother with, says Ionic's CEO Steve Abbott, who served a stretch as vice president of sales for public-key cryptography firm PGP Corp.
In addition, its policy engine allows controlling who gets the keys and under what circumstances. The keys are kept in the possession of customers, but Ionic's service takes charge of deciding whether a user's request for a key to decrypt a document is authorized. If so, the service signals the key server to release the key so the reader can access the plaintext data.
So if documents are stolen, they remain useless because the thief can't meet the policy requirements to get the key to decrypt them. The service makes it practicable to encrypt every important piece of data generated by a business, Abbott says.
This has been a problem not so much because it's hard to encrypt but because it's hard to make it possible for large numbers of authorized parties to decrypt, Abbott says.
The company's strength is that it makes PKI easy to use. A system to manage keys used for one-to-many communication is hard, and many-to-many is harder still, he says. Keys have to be distributed, kept up to date, revoked, redistributed and within a framework so partners trust them a gargantuan chore when large volumes of data are encrypted with separate keys.
Ionic's encryption scheme still calls for an enormous number of keys, managing them is automated and handled entirely by Ionic for its customers, he says.
The company has been pitching its service only to the largest corporations and tailoring it to their needs. Abbot says Ionic has half a dozen Fortune 100 companies signed to three-year contracts, which represents 1.5 million seats. He wouldn't name any. When the service is generally available it will be sold in one-year contracts, and pricing hasn't been set, he says.
The platform encrypts content at the time it is created and supports iOS, Android, Mac, Windows and Linux operating systems. Policies set on the encrypted files can control where and when data is accessed and by whom. So a policy could restrict access to a document only to C-level executives who are connected to the Wi-Fi in the executive board room, for example, and only after a certain time on a certain day.
Sign up for CIO Asia eNewsletters.