Thought Leaders in Cyber Security: CipherCloud CEO Pravin Kothari (Part 4)

Pravin Kothari: We can actually do encryption of the data in such a way that every country’s compliance requirements can be met. The encryption keys are always in the country. It will never traverse the cloud provider side. The issue with cloud provider security is that even if they do encryption, encryption keys are always with them. Customers cannot keep it. That breaks all the requirements that we talked about. Data cannot go out of the country. Security concerns include insider threat. Even though the policies say they cannot look at the data, they can. They have the keys. They have the data. They can open it up. They can do that. The major concern right now is around public cloud. Even though network security is provided by cloud providers, they are not able to address the real pain point that customers have.

Sramana Mitra: In the scenarios that you’re painting like the password breach vis-à-vis Box, how can you handle that? Let’s say you have a client who’s a Box user and Box does something that exposes these vulnerabilities. How do you tackle that on behalf of your client?

Pravin Kothari: We can actually do encryption and decryption of the data in real time. We provide the cloud encryption gateway that sits in the enterprise side. Now, all data that goes to Dropbox gets encrypted in real time. Who has the encryption keys? Only the customer.

Sramana Mitra: The passwords cannot be exposed by the cloud vendor anymore.

Pravin Kothari: Even if credentials are stolen, if hackers can get into your account, they will see gibberish stuff because they don’t have access to the encryption keys.

Sramana Mitra: You’re encrypting all the data. Even if somebody accesses it, they cannot see it.

Pravin Kothari: Exactly.

Sramana Mitra: Excellent. That’s the same policy vis-à-vis all these use cases that you talked about whether it’s government and so forth. If the cloud provider decides to give access to the government to somebody’s data, they wouldn’t be able to read it.

Pravin Kothari: Yes. Now, the government has to go to the customer and request the key in the old-fashioned way. Now, the customers are aware of the inquiry. Today even cloud providers are not aware.

Sramana Mitra: Your customers are all large enterprise customers?

Pravin Kothari: We have large and medium enterprise customers. Especially for international companies, the concern is data going out of the country.

This segment is part 4 in the series : Thought Leaders in Cyber Security: CipherCloud CEO Pravin Kothari
1 2 3 4 5