Security Start-Up CipherCloud Lands Central Government Contract

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Firm secures contract in UK government and thinks it can ease security concerns around cloud

CipherCloud, the US-based company that believes it has the answer for cloud security issues, has landed in the UK and is already working with a central government department.

The company, which launched its first product in May 2011, would not say which department it had scored a contract with, but told TechWeekEurope it was helping secure a deployment. Salesforce is one of CipherCloud’s key strategical partners.

There are concerns around the fact that still does not own a data centre in the UK or Europe, despite its plans to build one. CipherCloud appears to have eased such worries at the government department it is working with.

CipherCloud’s product is a gateway, which lets IT teams choose what cloud-destined data, on a per-word basis, is protected with AES 256-bit encryption. It’s an agnostic service, meaning it doesn’t matter what Software-as-a-Service (SaaS) application is being used, the encryption will work across all of them, according to CEO of the company Pravin Kothari.

CipherCloud breaks into London scene

But Kothari, who founded security firm ArcSight that was sold to HP for $1.5 billion in 2010, told TechWeekEurope the company is planning on expanding the product to include malware detection from a partner plug-in, whilst building up a SaaS version of its gateway. That way it will become a true cloud company.

“We can rebuild the entire security for the cloud… a lot can be done,” Kothari said. “We want to bring many more out-of-the-box solutions.”

As for its EU play, Kothari said that despite the fact that 80 percent of its employees are technicians, for now, the European team will focus on sales and marketing. It will have an office in Oxford, but most work will be carried out from the HQ in London.

The company believes that its services will ease governments’ and private firms’ fears around where their data resides. In the UK, it is believed companies such as Amazon and Google have not been able to get onto the government’s G-Cloud framework due to their data centre infrastructure.

If organisations can encrypt their data before it is shipped off to foreign lands, they shouldn’t have to worry about it so much, says Dev Ghoshal, senior vice president of field operations.

One of the key selling points for CipherCloud  is that the single key used in its deployments resides with the customer, he explains. “This allows organisations to have a say over their data,” explains Ghoshal.

But AES 256-bit encryption can, in theory, be cracked. The US government itself owns massive data centres used to break encryption. Given the US Patriot Act, which allows US law enforcement to access foreign data, fears may not be allayed by encryption as easily as CipherCloud hopes.

Nevertheless, the rise of the company has been little short of spectacular, indicating businesses are convinced by the CipherCloud model. The company claimed it had seen 500 percent year-on-year growth, and has gained some significant customers in its brief existence.

Of the 40+ contracts signed so far, two have been with two of the biggest banks in the world, Ghoshal notes, unable to offer names due to the sensitive nature of the deals. One of those is using the gateway for a mortgage application service being delivered via the cloud.

The company also announced yesterday it had secured $30 million in funding from Andreessen Horowitz. Deutsche Telekom is already an investor.

Are you a security expert? Find out with our quiz!