It can further encrypt and set policies on data within files, he says. So if a document contains historical sales data as well as projected sales, a policy could allow the document to be shared with and opened by the entire sales team, but with only sales executives able to read the projections.
The platform keeps logs on who uses what data and can generate reports. So it could be polled to find out which department generates the most data and who's reading it.
The encryption keys are stored in a server called a key grid on customer premises. The cloud service authenticates users trying to access documents and lets the key grid release the right key to them if they meet all the requirements set by user policy.
The system could be used to help thwart insider threats by tracking, for instance, who accesses documents containing the word "proprietary".
Customers can set policies on what is encrypted. So a rule could say that when users belonging to an Active Directory group, say Finance, write a document containing the words private or confidential or classified, it gets encrypted. The decryption policy for those documents could be that only people with a confidential rank can see them.
Further, users could highlight different segments of documents in different colors that indicate separate categories of users who would be able to read those sections. So a document about new hires including their salaries could be accessible to board members, and the same document could be accessible to the entire staff but with the salaries redacted because they would not be authorized to get the key for that section of the document.
Key requests come from agents on endpoints and are handled in Ionic's cloud, which is located in a variety of commercial clouds including Amazon Web Services. If a key is issued to the endpoint from the key server called the key grid the document is decrypted on the endpoint.
The service is sold with company-wide licenses to customers for three-year terms. The actual charge can be determined on a per-transaction basis or it can be a flat fee for unlimited transactions.
The company has been in stealth mode since 2011, and has already undergone a name change from Social Fortress to Ionic. Ionic was chosen because in chemistry it represents the strongest type of bond, and the company wanted to express that kind of strength, Abbott says.
Abbott says he was introduced to the company's founder and CTO Adam Ghetti by Phil Dunkleberger, cofounder of PGP Corp. Abbott says that within three or four minutes he decided to go in with Ghetti. The company has raised $78.1 million from the likes of Kleiner Perkins Caufield & Byers, Meritech Capital Partners and Google Ventures.
Sign up for CIO Asia eNewsletters.